J'ai un spyware que je suis incapable d'enlever

[renejr902]

merci de votre aide !!

 

J'attend votre reponse

 

en passant mon probleme de fenetres n'est toujours pas réglé.

Modifié le 27 décembre 2008 par renejr902

[renejr902]

Bonjour Apollo. J'Ai signalé aux autres forums que je continuait de me faire aider seulement dans ce forum. car il y avait des gens qui m'Avait répondu dans les autres forums que javais deja posté il y a quelques jours de cela. Donc SVP continue de m'aider jai n'ai pas l'intention de me faire aider aillleurs. Dailleurs je n'ai suivi que tes instructions jusqua présent. J'ai tout fait ce que tu mas demandé, rien de plus rien de moins.

 

MERCI !

Modifié le 27 décembre 2008 par renejr902

[Falkra]

Bonsoir,

 

juste pour signaler qu'on ne va pas te laisser sur le carreau.

On étudie le truc, ta machine sera nettoyée.

[renejr902]

Merci !!

 

Prenez le temps necessaire !!

 

J'ai l'impression que ce virus est rare et tres recent, car avant de commencer a poster sur zebulon je navais pas réussi a trouver aucune information au sujet de mon probleme. De plus, j'en avais eu des virus depuis des années et j'avais toujours été capable de les enlever. D'apres moi il doit y avoir une ligne dans le registry qui fait ouvrir cette fenetre au 15 minutes, mais je suis loin detre un expert comme vous !!!

 

MERCI BEAUCOUP !!!

[Falkra]

Bon, on va voir ça. Apollo, il faut une pause ce soir, pour faire court (et pas besoin de s'étendre).

Rassure-toi, il n'a rien fait de problématique, de toute façon, et n'a pas fait courir de risque à ta machine, ou de trucs à problèmes.

 

Ne touche pas à RKU (rootkit unhooker) que je vois sur ta machine, lui ou ses restes, il faut faire gaffe, les résultats doivent être interprétés, tout ce que ces logiciels affichent n'est pas à virer.

 

On va faire le point déjà, je vais te demander quelques rapports de plus.

 

 

En voici deux à poster.

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• NB : Les rapports sont sauvegardés dans le dossier C:\rsit
  Ca fait deux rapports donc.
  

 

 

-----------

 

Et un autre, qui va prendre un peu de temps à faire.

 

Télécharge Gmer.

Dézippe le dans un dossier ou sur ton bureau.

 

Double-clique sur Gmer.exe.

 

NB : Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'exécuter.

 

Clique sur l'onglet rootkit/malware (déjà actif).

A droite, coche processes, Files , registry et Services uniquement.

Clique maintenant sur Scan.

 

Lorsque le scan est terminé, clique sur Copy.

 

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.

Le rapport doit alors apparaître.

Enregistre le fichier sur ton bureau et copie/colle son contenu dans ta prochaine réponse.

[renejr902]

Logfile of random's system information tool 1.05 (written by random/random)

Run by Rene at 2008-12-27 17:49:27

Microsoft Windows XP Professional Service Pack 3

System drive C: has 45 GB (19%) free of 236 GB

Total RAM: 3327 MB (84% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:49:35, on 2008-12-27

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20815)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\checksum.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\DAEMON Tools\daemon.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\qttask.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Logitech\Profiler\lwemon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Canon\BJCard\Bjmcmng.exe

C:\Program Files\diskkeeper\DkService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Rene\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Rene.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunOnce: [CheckSum] C:\WINDOWS\system32\cks.bat

O4 - HKCU\..\Run: [start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)

O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)

O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)

O13 - Gopher Prefix:

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O20 - AppInit_DLLs: dsafft.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\diskkeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

 

--

End of file - 6768 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\wakpqlji.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-23 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-23 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{CFB25594-4D5F-11D6-AB7B-00B0D094B576} - Systran40premi.IEPlugIn - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll [2002-04-12 65536]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"nwiz"=nwiz.exe /install []

"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2006-10-17 277352]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-08-02 86016]

"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2008-06-27 19456]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-08-02 13570048]

"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-14 1261336]

"QuickTime Task"=C:\WINDOWS\system32\qttask.exe [2008-08-03 98304]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-23 136600]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"CheckSum"=C:\WINDOWS\system32\cks.bat [2008-12-12 151]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"=C:\Program Files\Logitech\Profiler\lwemon.exe [2005-04-18 73728]

"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobeupdater]

C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-05-19 91432]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJLaunchEXE]

C:\Program Files\Canon\BJCard\BJLaunch.exe [2002-12-20 716800]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJPD HID Control]

C:\Program Files\Canon\BJPV\TVMon.exe [2003-01-21 45056]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]

C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe [2007-09-23 533944]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyperappelPL2003]

C:\Program Files\Larousse\Petit Larousse 2004\bin\HiPL2002popup.exe [2003-07-04 122880]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

C:\Program Files\Download Manager\DLM.exe [2007-03-05 1103480]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\WINDOWS\system32\qttask.exe [2008-08-03 98304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]

C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-12-04 1809648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

C:\Program Files\Winamp\winampa.exe [2008-03-27 36352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless PCI_CardBus utility V1.01.exe.lnk]

C:\PROGRA~1\Customer\WIRELE~1.01\WIRELE~1.EXE []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="dsafft.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-07-23 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2008-07-23 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"

"C:\jeux\Warcraft III\Warcraft III.exe"="C:\jeux\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\jeux\dirt\DiRT.exe"="C:\jeux\dirt\DiRT.exe:*:Enabled:DiRT Executable"

"C:\jeux\need3\nfs3.exe"="C:\jeux\need3\nfs3.exe:*:Enabled:Need For Speed III for Win32"

"C:\jeux\outrun 2006\OR2006C2C.EXE"="C:\jeux\outrun 2006\OR2006C2C.EXE:*:Enabled:OR2006C2C"

"C:\jeux\trackmania sunrise\TmSunrise.exe"="C:\jeux\trackmania sunrise\TmSunrise.exe:*:Enabled:TmSunrise"

"C:\jeux\TEST DRIVE UNLIMITED\TestDriveUnlimited.exe"="C:\jeux\TEST DRIVE UNLIMITED\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"

"C:\jeux\neverwinter 2\nwn2main.exe"="C:\jeux\neverwinter 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"

"C:\jeux\neverwinter 2\nwn2main_amdxp.exe"="C:\jeux\neverwinter 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"

"C:\jeux\neverwinter 2\nwupdate.exe"="C:\jeux\neverwinter 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"

"C:\jeux\neverwinter 2\nwn2server.exe"="C:\jeux\neverwinter 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\jeux\grid toca racer\Grid\GRID.exe"="C:\jeux\grid toca racer\Grid\GRID.exe:*:Enabled:GRID Executable"

"C:\jeux\Gears of War\Binaries\WarGame-G4WLive.exe"="C:\jeux\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears Of War"

"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe"="C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe:*:Disabled:removeit"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

======List of files/folders created in the last 1 months======

 

2008-12-27 17:49:27 ----D---- C:\rsit

2008-12-27 00:28:15 ----D---- C:\WINDOWS\Hidden Mysteries Buckingham Palace

2008-12-27 00:28:15 ----D---- C:\Program Files\Hidden Mysteries Buckingham Palace

2008-12-27 00:26:21 ----A---- C:\WINDOWS\Hidden Mysteries Buckingham Palace Setup Log.txt

2008-12-26 21:45:42 ----SHD---- C:\RECYCLER

2008-12-26 21:39:36 ----A---- C:\ComboFix.txt

2008-12-26 21:28:46 ----A---- C:\WINDOWS\VFIND.exe

2008-12-26 21:28:46 ----A---- C:\WINDOWS\SWXCACLS.exe

2008-12-26 21:28:46 ----A---- C:\WINDOWS\SWSC.exe

2008-12-26 21:28:46 ----A---- C:\WINDOWS\SWREG.exe

2008-12-26 21:28:46 ----A---- C:\WINDOWS\sed.exe

2008-12-26 21:28:46 ----A---- C:\WINDOWS\NIRCMD.exe

2008-12-26 21:28:46 ----A---- C:\WINDOWS\grep.exe

2008-12-26 21:16:30 ----D---- C:\_OTMoveIt

2008-12-26 21:11:14 ----A---- C:\WINDOWS\Adventure Chronicles The Search for Lost Treasure Setup Log.txt

2008-12-26 18:36:40 ----D---- C:\Program Files\M3 GAME Manager

2008-12-26 14:34:13 ----D---- C:\Program Files\Mystery Case Files - Madame Fate

2008-12-26 13:30:38 ----D---- C:\Program Files\Webtools

2008-12-26 13:25:11 ----A---- C:\WINDOWS\system32\rqRLeeFU.dll

2008-12-23 13:25:31 ----A---- C:\WINDOWS\system32\deploytk.dll

2008-12-23 01:07:26 ----A---- C:\WINDOWS\ntbtlog.txt

2008-12-23 00:26:30 ----D---- C:\VundoFix Backups

2008-12-23 00:26:30 ----A---- C:\VundoFix.txt

2008-12-21 01:49:48 ----D---- C:\cmdcons

2008-12-21 01:47:01 ----A---- C:\WINDOWS\{00000005-00000000-00000002-00001102-00000004-20021102}.BAK

2008-12-21 01:31:23 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-21 01:24:31 ----D---- C:\registry

2008-12-20 15:45:17 ----D---- C:\Program Files\xerox

2008-12-20 15:45:16 ----D---- C:\WINDOWS\system32\xircom

2008-12-20 15:45:16 ----D---- C:\Program Files\microsoft frontpage

2008-12-20 15:42:26 ----D---- C:\WINDOWS\temp

2008-12-20 15:39:09 ----A---- C:\WINDOWS\zip.exe

2008-12-20 15:39:09 ----A---- C:\WINDOWS\fdsv.exe

2008-12-20 15:39:03 ----D---- C:\WINDOWS\ERDNT

2008-12-20 15:39:03 ----D---- C:\Qoobox

2008-12-20 14:09:42 ----D---- C:\RkUnhooker

2008-12-20 13:46:19 ----A---- C:\WINDOWS\gmer.ini

2008-12-20 13:46:18 ----A---- C:\WINDOWS\gmer_uninstall.cmd

2008-12-20 13:46:18 ----A---- C:\WINDOWS\gmer.exe

2008-12-20 13:46:18 ----A---- C:\WINDOWS\gmer.dll

2008-12-20 01:06:18 ----D---- C:\Documents and Settings\Rene\Application Data\DivX

2008-12-20 01:05:44 ----A---- C:\WINDOWS\system32\pxinsi64.exe

2008-12-20 01:05:44 ----A---- C:\WINDOWS\system32\pxcpyi64.exe

2008-12-19 22:56:26 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

2008-12-19 22:56:19 ----D---- C:\Program Files\SUPERAntiSpyware

2008-12-19 22:56:19 ----D---- C:\Documents and Settings\Rene\Application Data\SUPERAntiSpyware.com

2008-12-19 22:50:17 ----D---- C:\Program Files\FileASSASSIN

2008-12-19 22:48:58 ----D---- C:\Program Files\RogueRemover FREE

2008-12-19 22:00:28 ----D---- C:\Program Files\InCode Solutions

2008-12-14 23:47:55 ----D---- C:\Program Files\Lavasoft

2008-12-14 23:47:54 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-12-14 23:39:46 ----A---- C:\WINDOWS\wdyxvmg.txt

2008-12-14 23:23:40 ----A---- C:\WINDOWS\system32\fifakl.txt

2008-12-14 23:21:47 ----A---- C:\WINDOWS\wmfndtw.txt

2008-12-14 22:28:01 ----HD---- C:\$AVG8.VAULT$

2008-12-14 22:21:33 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2008-12-14 22:09:51 ----A---- C:\WINDOWS\system32\svch?st.exe

2008-12-14 22:09:51 ----A---- C:\c.txt

2008-12-14 22:06:19 ----D---- C:\Program Files\DAEMON Tools

2008-12-14 20:58:09 ----D---- C:\Program Files\Creative

2008-12-14 20:37:30 ----D---- C:\WINDOWS\Prefetch

2008-12-14 20:34:16 ----D---- C:\WINDOWS\system32\dllcache

2008-12-14 20:33:25 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2008-12-14 20:20:53 ----D---- C:\WINDOWS\NV9201656.TMP

2008-12-14 20:17:29 ----A---- C:\WINDOWS\system32\irclass.dll

2008-12-14 20:17:28 ----A---- C:\WINDOWS\system32\spxcoins.dll

2008-12-14 20:17:08 ----RA---- C:\WINDOWS\SETAA.tmp

2008-12-14 20:17:05 ----RA---- C:\WINDOWS\SET9E.tmp

2008-12-14 20:17:03 ----RA---- C:\WINDOWS\SET9B.tmp

2008-12-14 19:06:37 ----D---- C:\Program Files\DAEMON Tools Lite

2008-12-14 18:56:15 ----D---- C:\WINDOWS\Downloaded Installations

2008-12-14 18:50:55 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro

2008-12-14 18:24:29 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8

2008-12-14 17:53:37 ----D---- C:\Program Files\Trend Micro

2008-12-14 17:09:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-12-14 17:04:14 ----D---- C:\Documents and Settings\Rene\Application Data\DAEMON Tools Pro

2008-12-14 16:03:02 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-12-14 04:53:51 ----D---- C:\Program Files\Spybot - Search & Destroy

2008-12-14 04:53:51 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-14 04:51:54 ----D---- C:\Program Files\RegCleaner

2008-12-14 04:13:20 ----D---- C:\Program Files\CCleaner

2008-12-14 03:55:58 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

2008-12-14 03:55:33 ----D---- C:\Documents and Settings\Rene\Application Data\DAEMON Tools Lite

2008-12-14 02:59:03 ----D---- C:\Documents and Settings\Rene\Application Data\vlc

2008-12-14 02:58:18 ----D---- C:\Program Files\VideoLAN

2008-12-14 02:52:47 ----A---- C:\vlc-0.9.8a-win32.exe

2008-12-14 02:33:19 ----D---- C:\Program Files\Uninstall

2008-12-14 02:33:19 ----A---- C:\WINDOWS\uninstall.exe

2008-12-14 02:33:19 ----A---- C:\WINDOWS\system32\eowero.vbs

2008-12-14 02:33:19 ----A---- C:\WINDOWS\system32\cks.bat

2008-12-14 02:33:19 ----A---- C:\WINDOWS\system32\checksum.exe

2008-12-14 02:33:11 ----D---- C:\WINDOWS\HDTVPlayer v3.5

2008-12-14 02:22:05 ----A---- C:\WINDOWS\sys.bat

2008-12-14 02:22:05 ----A---- C:\WINDOWS\eower.vbs

2008-12-14 02:22:04 ----D---- C:\WINDOWS\Setup

2008-12-14 02:22:04 ----D---- C:\Program Files\Setup

2008-12-14 02:22:03 ----D---- C:\WINDOWS\HDTVXviD Codec

2008-12-13 16:49:45 ----D---- C:\Documents and Settings\Rene\Application Data\Leadertech

2008-12-12 23:54:03 ----D---- C:\WINDOWS\system32\LogFiles

2008-12-12 21:42:31 ----SHD---- C:\WINDOWS\UmVuZSBNb3Jpbg

2008-12-12 21:42:17 ----D---- C:\WINDOWS\system32\foi

2008-12-12 16:10:39 ----A---- C:\WINDOWS\runner.exe

 

======List of files/folders modified in the last 1 months======

 

2008-12-27 17:46:16 ----HD---- C:\WINDOWS\PIF

2008-12-27 15:30:49 ----D---- C:\WINDOWS\system32

2008-12-27 15:30:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-12-27 02:41:11 ----A---- C:\WINDOWS\NeroDigital.ini

2008-12-27 00:28:15 ----RD---- C:\Program Files

2008-12-27 00:28:15 ----D---- C:\WINDOWS

2008-12-26 23:57:28 ----D---- C:\Documents and Settings\Rene\Application Data\Azureus

2008-12-26 21:39:40 ----D---- C:\WINDOWS\system32\drivers

2008-12-26 21:38:58 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-26 21:37:33 ----A---- C:\WINDOWS\system.ini

2008-12-26 21:35:22 ----D---- C:\WINDOWS\system32\config

2008-12-26 21:31:43 ----D---- C:\WINDOWS\AppPatch

2008-12-26 21:31:43 ----D---- C:\Program Files\Common Files

2008-12-26 21:28:14 ----D---- C:\jeux

2008-12-26 18:02:10 ----D---- C:\Documents and Settings\Rene\Application Data\LimeWire

2008-12-26 13:34:55 ----D---- C:\Program Files\Vuze

2008-12-26 13:30:39 ----A---- C:\WINDOWS\system32\c355f7f1-.txt

2008-12-26 13:25:13 ----SD---- C:\WINDOWS\Tasks

2008-12-23 13:25:34 ----SHD---- C:\WINDOWS\Installer

2008-12-23 13:25:21 ----A---- C:\WINDOWS\system32\javaws.exe

2008-12-23 13:25:21 ----A---- C:\WINDOWS\system32\javaw.exe

2008-12-23 13:25:21 ----A---- C:\WINDOWS\system32\java.exe

2008-12-23 13:25:19 ----D---- C:\Program Files\Java

2008-12-21 01:49:51 ----RASH---- C:\boot.ini

2008-12-21 01:47:03 ----SHD---- C:\System Volume Information

2008-12-21 01:47:03 ----D---- C:\WINDOWS\system32\Restore

2008-12-21 01:23:02 ----D---- C:\WINDOWS\Debug

2008-12-20 15:45:17 ----D---- C:\WINDOWS\system32\wbem

2008-12-20 15:45:17 ----D---- C:\WINDOWS\ime

2008-12-20 01:05:48 ----D---- C:\Program Files\DivX

2008-12-19 23:45:57 ----A---- C:\WINDOWS\win.ini

2008-12-19 23:45:57 ----A---- C:\Boot.bak

2008-12-19 22:54:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2008-12-18 19:07:59 ----A---- C:\WINDOWS\BlendSettings.ini

2008-12-14 23:58:28 ----A---- C:\WINDOWS\WININIT.INI

2008-12-14 23:14:26 ----D---- C:\Documents and Settings\Rene\Application Data\Microsoft Games

2008-12-14 23:09:57 ----SD---- C:\Documents and Settings\Rene\Application Data\Microsoft

2008-12-14 22:09:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2008-12-14 21:12:45 ----A---- C:\WINDOWS\Ascd_log.ini

2008-12-14 21:08:39 ----A---- C:\WINDOWS\Ascd_tmp.ini

2008-12-14 20:59:03 ----D---- C:\WINDOWS\system32\Defaults

2008-12-14 20:58:15 ----HD---- C:\WINDOWS\inf

2008-12-14 20:58:11 ----HD---- C:\Program Files\InstallShield Installation Information

2008-12-14 20:57:55 ----A---- C:\WINDOWS\system32\wrap_oal.dll

2008-12-14 20:57:55 ----A---- C:\WINDOWS\system32\OpenAL32.dll

2008-12-14 20:57:42 ----D---- C:\WINDOWS\system32\Data

2008-12-14 20:55:35 ----D---- C:\Program Files\Windows Media Player

2008-12-14 20:41:11 ----D---- C:\WINDOWS\Registration

2008-12-14 20:34:39 ----D---- C:\WINDOWS\security

2008-12-14 20:34:17 ----A---- C:\WINDOWS\ODBCINST.INI

2008-12-14 20:33:51 ----D---- C:\WINDOWS\system32\ias

2008-12-14 20:33:27 ----RD---- C:\WINDOWS\Web

2008-12-14 20:33:22 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest

2008-12-14 20:33:03 ----D---- C:\Program Files\Windows Media Connect 2

2008-12-14 20:32:54 ----D---- C:\WINDOWS\srchasst

2008-12-14 20:32:44 ----D---- C:\Program Files\Microsoft Silverlight

2008-12-14 20:32:35 ----D---- C:\WINDOWS\Help

2008-12-14 20:32:23 ----D---- C:\Program Files\NetMeeting

2008-12-14 20:32:22 ----D---- C:\Program Files\Common Files\Services

2008-12-14 20:32:19 ----D---- C:\Program Files\Outlook Express

2008-12-14 20:32:16 ----D---- C:\Program Files\Internet Explorer

2008-12-14 20:32:04 ----D---- C:\Program Files\Movie Maker

2008-12-14 20:31:48 ----D---- C:\WINDOWS\system32\oobe

2008-12-14 20:31:34 ----D---- C:\Program Files\Common Files\System

2008-12-14 20:30:47 ----D---- C:\WINDOWS\system32\Com

2008-12-14 20:30:10 ----D---- C:\WINDOWS\Cursors

2008-12-14 20:30:03 ----D---- C:\Program Files\Windows NT

2008-12-14 20:29:38 ----D---- C:\WINDOWS\system32\en-US

2008-12-14 20:18:50 ----D---- C:\WINDOWS\system32\CatRoot

2008-12-14 20:17:54 ----RSD---- C:\WINDOWS\Fonts

2008-12-14 20:17:28 ----D---- C:\WINDOWS\system

2008-12-14 20:17:17 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini

2008-12-14 18:01:01 ----D---- C:\Documents and Settings

2008-12-14 17:04:15 ----D---- C:\Documents and Settings\Rene\Application Data\DAEMON Tools

2008-12-14 15:14:35 ----D---- C:\WINDOWS\L2Schemas

2008-12-14 15:14:34 ----RD---- C:\WINDOWS\Offline Web Pages

2008-12-14 15:14:34 ----D---- C:\WINDOWS\system32\usmt

2008-12-14 15:14:31 ----D---- C:\WINDOWS\Media

2008-12-14 15:14:30 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-12-14 15:14:30 ----D---- C:\WINDOWS\system32\Setup

2008-12-14 15:14:27 ----D---- C:\WINDOWS\WBEM

2008-12-14 15:14:05 ----D---- C:\WINDOWS\Network Diagnostic

2008-12-14 15:14:04 ----D---- C:\WINDOWS\system32\scripting

2008-12-14 15:13:54 ----D---- C:\WINDOWS\PeerNet

2008-12-14 15:13:27 ----D---- C:\WINDOWS\system32\npp

2008-12-14 15:13:24 ----D---- C:\WINDOWS\mui

2008-12-14 15:13:21 ----D---- C:\WINDOWS\msagent

2008-12-14 15:13:16 ----D---- C:\WINDOWS\system32\en

2008-12-14 15:12:55 ----D---- C:\WINDOWS\ehome

2008-12-14 15:12:26 ----D---- C:\WINDOWS\twain_32

2008-12-14 15:12:15 ----D---- C:\WINDOWS\system32\icsxml

2008-12-14 15:11:54 ----D---- C:\WINDOWS\system32\1033

2008-12-14 15:11:18 ----D---- C:\WINDOWS\WinSxS

2008-12-14 15:11:18 ----D---- C:\WINDOWS\Driver Cache

2008-12-14 14:12:28 ----D---- C:\Temp

2008-12-14 14:05:48 ----D---- C:\Program Files\ASUS

2008-12-14 04:14:04 ----D---- C:\WINDOWS\Minidump

2008-12-13 16:40:21 ----D---- C:\WINDOWS\system32\DirectX

2008-12-13 16:40:11 ----RSD---- C:\WINDOWS\assembly

2008-12-13 16:21:23 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-14 97928]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-14 26824]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-08-02 278984]

R2 Devx;Devx; C:\WINDOWS\system32\drivers\Devx.sys [2001-09-06 4448]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-08-02 25416]

R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2008-07-23 62848]

R2 VtPr;VtPr; C:\WINDOWS\system32\drivers\VtPr.sys [2001-10-10 3328]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-07-23 60800]

R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2008-06-27 99352]

R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2008-07-07 511000]

R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2008-07-07 532376]

R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2008-06-27 555032]

R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2008-07-07 14360]

R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2008-06-27 566296]

R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2008-07-07 157208]

R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-12-14 223128]

R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2008-07-07 92696]

R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2008-07-07 797720]

R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2008-07-07 162840]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-02-02 36864]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-07-23 12160]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-07-23 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-08-02 6121856]

R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2008-07-07 127512]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-07-23 32384]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-07-23 30336]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200]

R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]

R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]

R3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 50048]

S1 83eba970;83eba970; C:\WINDOWS\System32\drivers\83eba970.sys []

S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-06-27 99352]

S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]

S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2008-07-07 347080]

S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2008-06-27 100888]

S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]

S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]

S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]

S3 FilterService;Canon BJ Hid Usb Filter Service; C:\WINDOWS\system32\DRIVERS\bjhid.sys [2002-11-10 6016]

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-20 85969]

S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2008-07-07 189464]

S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys []

S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 W8335XP;802.11g/b Driver for Windows XP ; C:\WINDOWS\system32\DRIVERS\Mrvw125.sys [2005-12-29 282624]

S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]

S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\WudfPf.sys []

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\wudfrd.sys []

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-14 231704]

R2 Bjmcmng;Canon BJ Memory Card Manager; C:\Program Files\Canon\BJCard\Bjmcmng.exe [2002-10-21 49152]

R2 Diskeeper;Diskeeper; C:\Program Files\diskkeeper\DkService.exe [2006-12-21 913408]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-23 152984]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-08-02 163908]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2008-07-23 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

 

-----------------EOF-----------------

 

 

 

 

 

 

 

 

 

 

 

 

 

 

info.txt logfile of random's system information tool 1.05 2008-12-27 17:49:37

 

======Uninstall list======

 

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->MsiExec /X{699BAC7F-DC10-4709-97D8-45379301BBE7}

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{225A137C-F371-4246-B6FF-20320297DB75}\setup.exe"

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x40c

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

4x4 Evo2-->C:\WINDOWS\IsUninst.exe -fc:\jeux\evo4x4\Uninst.isu

7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"

ACE Mega CoDecS Pack-->"C:\Program Files\ACE Mega CoDecS Pack\unins000.exe"

Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}

Antidote RX v2-->MsiExec.exe /X{A474EA56-5DBD-4181-8230-806A4762EA7F}

Aquadelic GT 1.0.0.0-->"c:\jeux\aquadelic\unins000.exe"

Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -l0x9 -removeonly

AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

Bejeweled Deluxe 1.6z-->C:\jeux\chantal\bejewed\UnGins.exe "C:\jeux\chantal\bejewed\install.log"

Big City Adventure San Francisco-->C:\PROGRA~1\GAMEHO~1\BIGCIT~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\BIGCIT~1\INSTALL.LOG

BSPlayer-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"

Canon i470D-->C:\WINDOWS\system32\CNMCP4y.exe "-PRINTERNAMECanon i470D" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i470D Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i470D Installer\Inst2\cnmi040c.dll"

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Cool Edit Pro 2.1-->C:\Program Files\coolpro2\cep2unin.exe

Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x40c /remove

Croc 2-->C:\WINDOWS\IsUninst.exe -fc:\jeux\croc2\Uninst.isu

CyberLink PowerDVD8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall

Daytona USA-->c:\jeux\daytona\Desinstalar.exe

DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}

DiRT-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}\setup.exe" -l0x40c -removeonly

Diskeeper 2007 Pro Premier-->MsiExec.exe /X{6461F54A-2927-4EE1-9B38-DB5AA0E7795A}

Divine Divinity-->C:\jeux\DIVINE~1\UNINST~1\UNWISE.EXE C:\jeux\DIVINE~1\UNINST~1\INSTALL.LOG

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

Download Manager 2.3.6-->C:\Program Files\Download Manager\uninst.exe

Drome Racers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}\Setup.exe" -l0x9

Dungeon Siege Demo-->"c:\jeux\dungeon siege demo\UNINSTAL.EXE" /runtemp /addremove

EA Network Play System-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\uninst.isu"

Electronic Arts Game Updater-->C:\WINDOWS\IsUninst.exe -f"c:\Program Files\EACom\Update\Uninst.isu"

Enclave-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AC01A0D-42B6-4A55-AD7A-A545A7AE5364}\Setup.exe" -l0x9

eRacer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61ECE122-6F83-11D4-850D-00A0C9B344A1}\setup.exe"

Fable - The Lost Chapters-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}

Far Cry-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}

ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"

FileASSASSIN-->C:\Program Files\FileASSASSIN\uninst.exe

Final Fantasy VII XP Patch-->C:\Program Files\Square Soft, Inc\Final Fantasy VII\Patch\Uninstall XP Patch.EXE /u:"Final Fantasy VII XP Patch"

Final Fantasy VII-->C:\WINDOWS\IsUninst.exe -fc:\jeux\ff7\Uninst.isu

FlatOut-->MsiExec.exe /I{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}

FlatOut2-->MsiExec.exe /I{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}

Fraps-->"C:\Program Files\fraps\uninstall.exe"

Gears of War-->".:\Gears of War\unins000.exe"

GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly

GTR 2 1.0.0.0-->"c:\jeux\gtr2\Support\unins000.exe"

Heroes of Might and Magic® IV-->C:\WINDOWS\IsUninst.exe -f"c:\jeux\heroes4\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll

Hidden Mysteries Buckingham Palace-->"C:\WINDOWS\Hidden Mysteries Buckingham Palace\uninstall.exe" "/U:C:\Program Files\Hidden Mysteries Buckingham Palace\Uninstall\uninstall.xml"

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

IsoBuster 2.3-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Jazz Jackrabbit 2-->C:\jeux\jazz2\UnInst.exe C:\jeux\jazz2\UnInst.j2

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"

Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly

M3 GAME Manager Uninstall-->C:\Program Files\M3 GAME Manager\Uninstall.exe

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"

Megaman X5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBDA3FF-9F8D-4B0C-9214-0F6224D43111}\SETUP.EXE"

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Application Compatibility Toolkit 5.0-->MsiExec.exe /X{BBB3F622-D848-4CDA-B282-CC53627432F0}

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft RalliSport Challenge-->"C:\jeux\rallysport\UNINSTAL.EXE" /runtemp /addremove

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Xbox 360 Accessories 1.0-->MsiExec.exe /X{9366F586-ED5E-4BED-B155-0D2919669A05}

mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe

Moto Racer 2-->C:\WINDOWS\uninst.exe -f"c:\jeux\moto racer 2\DeIsL1.isu"

Moto Racer-->C:\WINDOWS\uninst.exe -fC:\jeux\MotoRacer1\DeIsL1.isu

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /X{C523D256-313D-4866-B36A-F3DE528246EF}

MVP Baseball 2003-->c:\jeux\mvp2003\EAUninstall.exe

Mystery Case Files - Madame Fate Cracked by Cryptic-->"C:\Program Files\Mystery Case Files - Madame Fate\unins000.exe"

Need For Speed - Porsche Unleashed-->C:\WINDOWS\IsUninst.exe -fc:\jeux\need5\uninst.log

Need for speed 4 high stakes-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{5720ce01-0b05-4d62-a7ed-963b5fa648e3}.sdb"

Need For Speed High Stakes-->C:\WINDOWS\ISUNINST.EXE -f"c:\jeux\need 4\Uninst.isu" -c"c:\jeux\need 4\uninst.dll" E

Need For Speed Hot Pursuit 2-->C:\jeux\need6\EAUninstall.exe

Need For Speed II SE-->C:\WINDOWS\unin040c.exe -f"c:\jeux\need 2 se\DeIsL1.isu"

Need For Speed III-->C:\WINDOWS\UNINST.EXE -fc:\jeux\need3\DeIsL1.isu -c"c:\jeux\need3\eauninst.dll"

Need for Speed Underground 2-->C:\jeux\underground2\EAUninstall.exe

Need for Speed™ Carbon-->C:\jeux\CARBON\EAUninstall.exe

Need for Speed™ ProStreet-->MsiExec.exe /X{CC419DDC-E0F0-4013-B25A-6FA036516F0D}

Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}

Nero 8-->MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891036}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Neverwinter Nights 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

NVIDIA PhysX v8.08.01-->MsiExec.exe /X{699BAC7F-DC10-4709-97D8-45379301BBE7}

Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly

Ocean Express-->C:\PROGRA~1\GAMEHO~1\OCEANE~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\OCEANE~1\INSTALL.LOG

Off Road-->"C:\Program Files\InstallShield Installation Information\{9135BA5B-51B4-49BF-867A-D152B5CE67D4}\setup.exe" -runfromtemp -l0x040c -removeonly

OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U

OutRun2006 Coast 2 Coast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{839911F0-D9CB-400F-AE78-5D8264F38C42}\setup.exe" -l0x40c -removeonly

Paragon Partition Manager 9.0 Professional-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}\Setup.exe" -l0x9

Paraworld US SP Demo-->"c:\jeux\paraworld\unins000.exe"

Petit Larousse 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{495D3648-1D6B-4B71-B174-6A2452FFF8CD}\Setup.exe" -l0x40c

PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"

Prince of Persia Les Sables du Temps-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C453F13-6877-4D34-8816-009ABDE306DB}\setup.exe" -l0xc0c

PSP Video 9 2.24-->C:\Program Files\Red Kawa\Video Converter\uninstaller.exe

Puzzles Collection-->"C:\jeux\chantal\Puzzles Collection\uninstall.exe"

Quake 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20} /l1036

QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

R.C. Cars-->MsiExec.exe /X{FDACD776-2B0F-427F-95BD-FAF664D75308}

Rally Trophy-->MsiExec.exe /I{42A4EC40-09BC-427C-B657-67978B784058}

RAYKIT-->C:\WINDOWS\UbiSoft\UbiSetup.exe -uninstall RAYKIT

RemoveIT Pro v4 - SE-->C:\PROGRA~1\INCODE~1\REMOVE~1\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~1\INSTALL.LOG

Rootkit Unhooker Uninstall-->"C:\RkUnhooker\uninstall.exe"

SEGA Rally-->"C:\Program Files\InstallShield Installation Information\{4A05FF52-4AA8-4681-BC06-5EE7F812A441}\setup.exe" -runfromtemp -l0x040c -removeonly

SEGA Rally-->MsiExec.exe /I{4A05FF52-4AA8-4681-BC06-5EE7F812A441}

Setup-->"C:\WINDOWS\Setup\uninstall.exe" "/U:C:\Program Files\Setup\Uninstall\uninstall.xml"

Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Sid Meier's Pirates!-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1036

SimCity 4-->C:\jeux\Sim City 4\EAUninstall.exe

SolSuite-->C:\jeux\chantal\solsuite\UNWISE.EXE C:\jeux\chantal\solsuite\INSTALL.LOG

SONIC ADVENTURE DX-Director's Cut-->c:\jeux\sonic adventure 1\SONICADVENTUREDX\unsetup.exe

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Star Wars JK II Jedi Outcast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}\Setup.exe"

Stunt GP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB132F09-DCF1-46EA-AE92-F8B42AB7BAD4}\setup.exe"

SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

Supercar Street Challenge-->C:\jeux\SUPERC~1\Uninstall\Unwise.exe /u C:\jeux\SUPERC~1\Uninstall\Install.log

Systran Professional Premium 4.0-->C:\WINDOWS\unvise32.exe C:\Program Files\Systran\4_0\Premium\uninstal.log

Test Drive Unlimited-->MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}

Titan Quest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x40c -removeonly

Tomb Raider: Anniversary 1.0-->C:\jeux\Tomb Raider - Anniversary\uninsttra.exe

Topwords-->C:\WINDOWS\IsUn040c.exe -fc:\jeux\chantal\topwords\Uninst.isu

TrackMania Sunrise 1.4.6-->"c:\jeux\trackmania sunrise\unins000.exe"

Ultima IX-->C:\WINDOWS\IsUn040c.exe -f"c:\jeux\ultima 9\Uninst.isu"

Utilitaire de carte mémoire-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBD8FD34-8559-4028-922B-50797D151E04}\setup.exe"

VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe

VoptXP v7.22-->C:\PROGRA~1\VOPTXP~1\UNWISE.EXE C:\PROGRA~1\VOPTXP~1\INSTALL.LOG

Vuze-->C:\Program Files\Vuze\uninstall.exe

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}

Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}

Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}

Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Wipeout XL-->C:\WINDOWS\uninst.exe -fc:\jeux\wipeout-xl\DeIsL1.isu

 

=====HijackThis Backups=====

 

O20 - AppInit_DLLs: obfytk.dll,avgrsstx.dll lwxxku.dll owkucv.dll

 

======Security center information======

 

AV: AVG Anti-Virus Free

 

System event log

 

Computer Name: RENEMORIN

Event Code: 7036

Message: The Network Location Awareness (NLA) service entered the running state.

 

Record Number: 4811

Source Name: Service Control Manager

Time Written: 20081109222914.000000-300

Event Type: information

User:

 

Computer Name: RENEMORIN

Event Code: 7035

Message: The Network Location Awareness (NLA) service was successfully sent a start control.

 

Record Number: 4810

Source Name: Service Control Manager

Time Written: 20081109222914.000000-300

Event Type: information

User: NT AUTHORITY\SYSTEM

 

Computer Name: RENEMORIN

Event Code: 7036

Message: The Fast User Switching Compatibility service entered the running state.

 

Record Number: 4809

Source Name: Service Control Manager

Time Written: 20081109222914.000000-300

Event Type: information

User:

 

Computer Name: RENEMORIN

Event Code: 7035

Message: The Fast User Switching Compatibility service was successfully sent a start control.

 

Record Number: 4808

Source Name: Service Control Manager

Time Written: 20081109222914.000000-300

Event Type: information

User: NT AUTHORITY\SYSTEM

 

Computer Name: RENEMORIN

Event Code: 7036

Message: The Terminal Services service entered the running state.

 

Record Number: 4807

Source Name: Service Control Manager

Time Written: 20081109222914.000000-300

Event Type: information

User:

 

Application event log

 

Computer Name: RENEMORIN

Event Code: 0

Message:

Record Number: 705

Source Name: Nero BackItUp Scheduler 3

Time Written: 20080820184413.000000-240

Event Type: information

User:

 

Computer Name: RENEMORIN

Event Code: 2

Message: The Diskeeper Control Center has been started.

Diskeeper service started.

 

Record Number: 704

Source Name: Diskeeper

Time Written: 20080820184410.000000-240

Event Type: information

User:

 

Computer Name: RENEMORIN

Event Code: 1001

Message: Checking file system on E:

The type of the file system is NTFS.

Volume label is Backup.

 

 

One of your disks needs to be checked for consistency. You

may cancel the disk check, but it is strongly recommended

that you continue.

Windows will now check the disk.

CHKDSK is verifying Usn Journal...

Usn Journal verification completed.

Windows has checked the file system and found no problems.

 

141974405 KB total disk space.

90730584 KB in 57206 files.

18088 KB in 3799 indexes.

0 KB in bad sectors.

177833 KB in use by the system.

65536 KB occupied by the log file.

51047900 KB available on disk.

 

4096 bytes in each allocation unit.

35493601 total allocation units on disk.

12761975 allocation units available on disk.

 

Internal Info:

10 1a 01 00 59 ee 00 00 81 3b 01 00 00 00 00 00 ....Y....;......

7e 01 00 00 00 00 00 00 1f 00 00 00 00 00 00 00 ~...............

5a 16 c7 04 00 00 00 00 e4 32 0d 2c 00 00 00 00 Z........2.,....

cc 85 58 05 00 00 00 00 00 00 00 00 00 00 00 00 ..X.............

00 00 00 00 00 00 00 00 fc 0f af 3f 00 00 00 00 ...........?....

40 89 ce b2 00 00 00 00 80 36 07 00 76 df 00 00 @........6..v...

00 00 00 00 00 60 c1 a1 15 00 00 00 d7 0e 00 00 .....`..........

 

 

Record Number: 703

Source Name: Winlogon

Time Written: 20080820184354.000000-240

Event Type: information

User:

 

Computer Name: RENEMORIN

Event Code: 1001

Message: Checking file system on D:

The type of the file system is NTFS.

Volume label is Windows Vista 64 bit.

 

 

One of your disks needs to be checked for consistency. You

may cancel the disk check, but it is strongly recommended

that you continue.

Windows will now check the disk.

Cleaning up 2 unused index entries from index $SII of file 0x9.

Cleaning up 2 unused index entries from index $SDH of file 0x9.

Cleaning up 2 unused security descriptors.

CHKDSK is verifying Usn Journal...

Usn Journal verification completed.

 

105008840 KB total disk space.

31924700 KB in 72501 files.

44992 KB in 15481 indexes.

0 KB in bad sectors.

207512 KB in use by the system.

65536 KB occupied by the log file.

72831636 KB available on disk.

 

4096 bytes in each allocation unit.

26252210 total allocation units on disk.

18207909 allocation units available on disk.

 

Internal Info:

00 8e 01 00 b8 57 01 00 19 6d 02 00 00 00 00 00 .....W...m......

63 00 00 00 2c 00 00 00 70 01 00 00 00 00 00 00 c...,...p.......

72 50 87 06 00 00 00 00 b4 37 f9 24 00 00 00 00 rP.......7.$....

04 7c d7 07 00 00 00 00 00 00 00 00 00 00 00 00 .|..............

00 00 00 00 00 00 00 00 8c 50 e2 3b 00 00 00 00 .........P.;....

60 d7 ce b2 00 00 00 00 90 3a 07 00 35 1b 01 00 `........:..5...

00 00 00 00 00 70 87 9c 07 00 00 00 79 3c 00 00 .....p......y<..

 

 

Record Number: 702

Source Name: Winlogon

Time Written: 20080820184354.000000-240

Event Type: information

User:

 

Computer Name: RENEMORIN

Event Code: 1000

Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully.

The Record Data contains the new index values assigned

to this service.

 

Record Number: 701

Source Name: LoadPerf

Time Written: 20080820150724.000000-240

Event Type: information

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\diskkeeper

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=1707

"NUMBER_OF_PROCESSORS"=4

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

 

 

 

 

voila pour ceux-ci

je vais faire gmer maintenant

[renejr902]

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-27 18:13:02

Windows 5.1.2600 Service Pack 3

 

 

---- Files - GMER 1.0.14 ----

 

File C:\Documents and Settings\Rene\My Documents\Azureus Downloads\PC_Gears.of.War -ENG+FULL -.direct.play.-ToeD\G.o.W (ToeD) ...use 7zip ONLY (extract to...)\GoW\Gears of War\Wargame\CookedPC\COG\COG_Characters\COG_Grunt\COG_Grunt_Accessories\COG_Grunt_FragGrenade\COG_Grunt_FragGrenade.upk 411994 bytes

 

---- Registry - GMER 1.0.14 ----

 

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ...

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0xD5 0x76 0xEC ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0xD5 0x76 0xEC ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x8B 0xBB 0xBD ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x6D 0x32 0x53 ...

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x02 0xCE 0x07 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x8B 0xBB 0xBD ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x6D 0x32 0x53 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x02 0xCE 0x07 ...

 

---- EOF - GMER 1.0.14 ----

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Voila , j'attends votre réponse ou les prochaines instructions

 

MERCI BCP

[renejr902]

en passant quand je voie sptd ca me fait penser a daemon tools. et je suis dailleurs incapable d'installer la derniere version, car il dit toujours quil ne trouve pas le driver scsi. de plus, il semble il y avoir une note au sujet de gears of war, mais jai mon probleme de fenetre depuis bien plus longtemps que mon installation de gears of war pc.

 

J'ai une info important a vous dire que jaurais peut etre du dire. Il me semble d'Avoir commencé a avoir ce probleme en ayant downloader un fichier intitulé HDTVdivx.exe je lai installer car javais de la difficulté avec certains codecs. apres l'installation windows a planté avec écran bleue. et en lisant un peu plus sur le net jai appris que ce driver n'existait pas et que ce fichier était comme un genre de package de virus. meme on ma dit que le site etait un faux site pour tromper les utilisateurs. apres ca jai fait plusieurs scan avec anti-malware et dautres utilitaires semblables et jai effacé toutes les virus. anti-malware avait trouvé 81 tread, la premiere fois ainsi que des rootkit et autres. Mais jai bien suivi les instructions pour toutes enlever ce qui il y avait. des instructions lit sur le net. de plus javais le fameux virus qui cér un fhicier boot.inin dans chauqe disque dur et un dossier boot. mais je lai bien enlevé et il en reste aucune trace meme pas dans le registry. jai suivi les instructions. ainsi apres plusieurs heures , jai refait anti-malware, rookit, super anti-spyware, kaspersky , avg , ad-aware, remove it pro v4, rogue remover, ccleaner et il ny avait plus AUCUN tread. aucun virus selon ces programmes. mais mon probleme de fenetre qui souvrait tout seul persistait. jai donc réparer mon windows xp en recopiant par dessus l'installation en choissisant réparer l'installation. donc d'une certaine facon jai installer windows au complet mais je nai perdu aucune donné. et le plus drole cest que meme pendant la reinstallation de windows la fenetre de webthang.com... apparaissait. je devais la fermer. Ainsi apres ca, j'ai eu l'idée d'aller demander de l'aide sur un forum.

 

Bref ca ressemble a ca et mon probleme persiste.

 

(note: le fameux site ou jai downloader hdtvdivx.exe n'existe plus, non plus )

Modifié le 27 décembre 2008 par renejr902

[Falkra]

En effet, c'est lié à Daemon tools, pas de souci de ce côté là.

 

Si tu as toujours hdtvdivx.exe, n'efface pas tout de suit,e ça peut être intéressant.

PC_Gears.of.War -ENG+FULL -.direct.play.-ToeD lié à l'infection également si tu as encore le fichier, fais super gaffe avec.

Heu boot.ini, une erreur de manip et on ne redémarre plus hein. (celui de c:\ en tout cas) : pareil, gaaaaaffe.

 

Ca sent l'infection par des cracks tout ça, il ne faudrait pas réinfecter tout ça juste après hein.

Désinstalle RemoveIT Pro par ajout/suppression de programmes : ce n'est pas un programme de confiance.

Désinstalle aussi (même endroit) Rootkit Unhooker, tu n'en as pas besoin.

 

Il y a des choses qui restent dans tout ça.

 

/!\ Ce qui suit n'est que pour ta machine, et ta machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

• Ouvre le Bloc-notes. Vérifie que dans le menu "Format", le "retour automatique à la ligne" est désactivé. Copie colle ceci dedans :
  

Killall::

 

File::

C:\WINDOWS\system32\checksum.exe

C:\WINDOWS\system32\cks.bat

C:\WINDOWS\tasks\wakpqlji.job

C:\WINDOWS\system32\rqRLeeFU.dll

C:\WINDOWS\SETAA.tmp

C:\WINDOWS\SET9E.tmp

C:\WINDOWS\SET9B.tmp

C:\WINDOWS\system32\eowero.vbs

C:\WINDOWS\eower.vbs

 

Folder::

C:\WINDOWS\UmVuZSBNb3Jpbg

 

Registry::

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"CheckSum"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="avgrsstx.dll"

 

Dirlook::

C:\Program Files\Webtools

C:\WINDOWS\HDTVXviD Codec

 

Driver::

83eba970

• Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
   
  
• Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture
  

• Si combofix demande à se mettre à jour, dis oui. Si ton firewall demande des accès internet, dis oui. Valide tout. SI un antivirus bippe, fais ignorer.
  
• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

[renejr902]

WOW !!! MERCI !!! LA fenetre est disparu. elle n'apparait plus quand windows boot. J'ai rebooter deux fois pour etre sûr. Je suis vraiment content 1000 fois merci

 

MAis il y a quelque chose d'étrange, j'ai fait msconfig dans la boite ( run/executer) et il dit qu'il ne trouve pas la commande. Je voulais desactiver l'ouverture automatique de MSN a louverture de windows. Pouvez-vous m'aider a comprendre. Il me semble bien que MSCONFIG fonctionnait avant d'utiliser combofix. Mais ne vous inquieter pas trop, car je peux executer msconfig directement du dossier: C:\windows\pchealth\helpctr\binaries Est ce correct ?

 

Merci j'attends vos réponse. De plus jaimerais savoir si il y a une facon de faire pour remercier l'aide qu'on a recu ici ?

 

MERCI MERCI MERCI MERCI MERCI MERCI

 

 

 

ComboFix 08-12-20.03 - Rene 2008-12-28 14:17:16.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2830 [GMT -5:00]

Lancé depuis: c:\documents and settings\Rene\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Rene\Desktop\CFScript.txt

* Un nouveau point de restauration a été créé

 

FILE ::

c:\windows\eower.vbs

c:\windows\SET9B.tmp

c:\windows\SET9E.tmp

c:\windows\SETAA.tmp

c:\windows\system32\checksum.exe

c:\windows\system32\cks.bat

c:\windows\system32\eowero.vbs

c:\windows\system32\rqRLeeFU.dll

c:\windows\tasks\wakpqlji.job

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\windows\eower.vbs

c:\windows\SET9B.tmp

c:\windows\SET9E.tmp

c:\windows\SETAA.tmp

c:\windows\system32\checksum.exe

c:\windows\system32\cks.bat

c:\windows\system32\eowero.vbs

c:\windows\tasks\wakpqlji.job

c:\windows\UmVuZSBNb3Jpbg

 

----- BITS: Il y a peut-être des sites infectés -----

 

hxxp://childhe.com

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_83eba970

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-28 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-28 14:07 . 2008-12-28 14:07 2,560 --a------ c:\windows\_MSRSTRT.EXE

2008-12-28 06:04 . 2008-12-28 06:04 <DIR> d-------- C:\New Folder

2008-12-28 02:13 . 2008-12-28 02:36 <DIR> d-------- c:\program files\Download Direct

2008-12-27 17:49 . 2008-12-27 17:49 <DIR> d-------- C:\rsit

2008-12-27 00:28 . 2008-12-27 00:28 <DIR> d-------- c:\windows\Hidden Mysteries Buckingham Palace

2008-12-27 00:28 . 2008-12-27 00:28 <DIR> d-------- c:\program files\Hidden Mysteries Buckingham Palace

2008-12-26 21:37 . 2008-12-28 14:22 54,156 --ah----- c:\windows\QTFont.qfn

2008-12-26 21:37 . 2008-12-28 00:01 1,409 --a------ c:\windows\QTFont.for

2008-12-26 21:16 . 2008-12-26 21:16 <DIR> d-------- C:\_OTMoveIt

2008-12-26 18:36 . 2008-12-26 21:00 <DIR> d-------- c:\program files\M3 GAME Manager

2008-12-26 14:34 . 2008-12-27 00:32 <DIR> d-------- c:\program files\Mystery Case Files - Madame Fate

2008-12-23 13:25 . 2008-12-23 13:25 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-23 00:26 . 2008-12-23 00:26 <DIR> d-------- C:\VundoFix Backups

2008-12-21 02:21 . 2008-12-21 02:21 588 --a------ c:\windows\system32\settingsbkup.sfm

2008-12-21 02:21 . 2008-12-21 02:21 588 --a------ c:\windows\system32\settings.sfm

2008-12-21 01:47 . 2008-12-28 14:22 4,958,588 --a------ c:\windows\{00000005-00000000-00000002-00001102-00000004-20021102}.BAK

2008-12-21 01:24 . 2008-12-21 01:24 <DIR> d-------- C:\registry

2008-12-20 15:45 . 2008-12-20 15:45 <DIR> d-------- c:\windows\system32\xircom

2008-12-20 15:45 . 2008-12-20 15:45 <DIR> d-------- c:\program files\microsoft frontpage

2008-12-20 15:38 . 2008-12-20 15:38 <DIR> d-------- c:\documents and settings\Rene\DoctorWeb

2008-12-20 13:46 . 2008-12-27 17:53 250 --a------ c:\windows\gmer.ini

2008-12-20 01:06 . 2008-12-26 15:43 <DIR> d-------- c:\documents and settings\Rene\Application Data\DivX

2008-12-20 01:05 . 2008-11-21 16:47 120,056 --a------ c:\windows\system32\pxcpyi64.exe

2008-12-20 01:05 . 2008-11-21 16:47 118,520 --a------ c:\windows\system32\pxinsi64.exe

2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- c:\program files\SUPERAntiSpyware

2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- c:\documents and settings\Rene\Application Data\SUPERAntiSpyware.com

2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2008-12-19 22:50 . 2008-12-19 22:50 <DIR> d-------- c:\program files\FileASSASSIN

2008-12-19 22:48 . 2008-12-19 22:49 <DIR> d-------- c:\program files\RogueRemover FREE

2008-12-15 01:39 . 2008-04-14 19:51 171,136 -rahs---- C:\grldr

2008-12-14 23:47 . 2008-12-14 23:47 <DIR> d-------- c:\program files\Lavasoft

2008-12-14 23:47 . 2008-12-14 23:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2008-12-14 22:28 . 2008-12-28 14:14 <DIR> d--h----- C:\$AVG8.VAULT$

2008-12-14 22:21 . 2008-12-28 13:44 <DIR> d-------- c:\windows\system32\drivers\Avg

2008-12-14 22:21 . 2008-12-14 22:21 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys

2008-12-14 22:21 . 2008-12-14 22:21 10,520 --a------ c:\windows\system32\avgrsstx.dll

2008-12-14 22:09 . 2008-04-13 23:42 49,152 --a------ c:\windows\system32\svchost.exe

2008-12-14 22:06 . 2008-12-14 22:06 <DIR> d-------- c:\program files\DAEMON Tools

2008-12-14 22:06 . 2008-12-14 22:06 223,128 --a------ c:\windows\system32\drivers\dtscsi.sys

2008-12-14 22:03 . 2008-12-14 22:03 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2008-12-14 20:59 . 2008-12-28 14:21 30,528 --a------ c:\windows\system32\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx

2008-12-14 20:59 . 2008-12-28 14:21 11,564 --a------ c:\windows\system32\DVCState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx

2008-12-14 20:58 . 2008-12-14 20:58 <DIR> d-------- c:\program files\Creative

2008-12-14 20:34 . 2008-12-14 20:34 <DIR> d-------- c:\windows\system32\dllcache

2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\WindowsShell.Manifest

2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest

2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\sapi.cpl.manifest

2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\nwc.cpl.manifest

2008-12-14 20:33 . 2008-12-14 20:33 749 -rah----- c:\windows\system32\ncpa.cpl.manifest

2008-12-14 20:33 . 2008-12-14 20:33 488 -rah----- c:\windows\system32\logonui.exe.manifest

2008-12-14 20:20 . 2008-12-14 20:20 <DIR> d-------- c:\windows\NV9201656.TMP

2008-12-14 20:20 . 2008-08-02 11:20 198,941 --a------ c:\windows\system32\nvapps.nvb

2008-12-14 20:17 . 2001-08-23 07:00 24,661 --a------ c:\windows\system32\spxcoins.dll

2008-12-14 20:17 . 2001-08-23 07:00 13,312 --a------ c:\windows\system32\irclass.dll

2008-12-14 19:06 . 2008-12-14 21:40 <DIR> d-------- c:\program files\DAEMON Tools Lite

2008-12-14 18:56 . 2008-12-14 18:56 <DIR> d-------- c:\windows\Downloaded Installations

2008-12-14 18:50 . 2008-12-14 18:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro

2008-12-14 18:24 . 2008-12-14 22:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8

2008-12-14 18:13 . 2008-12-14 19:45 51,056 --a------ c:\windows\setupapi.old

2008-12-14 18:01 . 2008-12-14 18:01 <DIR> d-------- c:\documents and settings\Administrator.RENEMORIN\Application Data\Malwarebytes

2008-12-14 18:01 . 2008-12-14 22:21 <DIR> d-------- c:\documents and settings\Administrator.RENEMORIN

2008-12-14 17:53 . 2008-12-14 17:53 <DIR> d-------- c:\program files\Trend Micro

2008-12-14 17:29 . 2008-12-14 17:29 <DIR> d-------- c:\documents and settings\Administrator

2008-12-14 17:09 . 2008-12-14 17:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-14 17:09 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-14 17:09 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-14 17:04 . 2008-12-14 17:04 <DIR> d-------- c:\documents and settings\Rene\Application Data\DAEMON Tools Pro

2008-12-14 16:03 . 2008-12-14 16:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Grisoft

2008-12-14 04:53 . 2008-12-14 14:26 <DIR> d-------- c:\program files\Spybot - Search & Destroy

2008-12-14 04:53 . 2008-12-23 00:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-12-14 04:51 . 2008-12-14 20:55 <DIR> d-------- c:\program files\RegCleaner

2008-12-14 04:13 . 2008-12-14 04:13 <DIR> d-------- c:\program files\CCleaner

2008-12-14 03:55 . 2008-12-14 17:04 <DIR> d-------- c:\documents and settings\Rene\Application Data\DAEMON Tools Lite

2008-12-14 03:55 . 2008-12-14 03:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2008-12-14 02:59 . 2008-12-14 02:59 <DIR> d-------- c:\documents and settings\Rene\Application Data\vlc

2008-12-14 02:58 . 2008-12-14 02:58 <DIR> d-------- c:\program files\VideoLAN

2008-12-14 02:52 . 2008-12-14 02:53 16,320,472 --a------ C:\vlc-0.9.8a-win32.exe

2008-12-14 02:33 . 2008-12-14 02:33 <DIR> d-------- c:\windows\HDTVPlayer v3.5

2008-12-14 02:33 . 2008-12-14 02:37 <DIR> d-------- c:\program files\Uninstall

2008-12-14 02:33 . 2008-12-14 02:33 576,000 --a------ c:\windows\uninstall.exe

2008-12-14 02:33 . 2008-12-14 02:37 2 --a------ C:\-931777760

2008-12-14 02:33 . 2008-12-14 17:02 0 --a------ c:\windows\system32\drivers\83eba970.sys

2008-12-14 02:22 . 2008-12-14 02:22 <DIR> d-------- c:\windows\Setup

2008-12-14 02:22 . 2008-12-14 02:22 <DIR> d-------- c:\windows\HDTVXviD Codec

2008-12-14 02:22 . 2008-12-14 02:22 <DIR> d-------- c:\program files\Setup

2008-12-14 02:22 . 2008-12-09 03:18 45 --a------ c:\windows\sys.bat

2008-12-13 16:49 . 2008-12-13 16:49 <DIR> d-------- c:\documents and settings\Rene\Application Data\Leadertech

2008-12-12 23:54 . 2008-12-12 23:54 <DIR> d-------- c:\windows\system32\LogFiles

2008-12-12 21:42 . 2008-12-12 21:42 <DIR> d-------- c:\windows\system32\foi

2008-12-12 21:42 . 2008-12-12 21:42 <DIR> d-------- c:\temp\REX81

2008-12-12 16:10 . 2008-12-12 16:10 106,130 --a------ c:\windows\runner.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-28 08:06 --------- d-----w c:\documents and settings\Rene\Application Data\Azureus

2008-12-28 06:51 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-12-26 23:02 --------- d-----w c:\documents and settings\Rene\Application Data\LimeWire

2008-12-26 18:34 --------- d-----w c:\program files\Vuze

2008-12-23 18:25 --------- d-----w c:\program files\Java

2008-12-20 06:05 --------- d-----w c:\program files\DivX

2008-12-20 03:54 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2008-12-15 04:14 --------- d-----w c:\documents and settings\Rene\Application Data\Microsoft Games

2008-12-15 01:58 --------- d--h--w c:\program files\InstallShield Installation Information

2008-12-15 01:33 --------- d-----w c:\program files\Windows Media Connect 2

2008-12-15 01:32 --------- d-----w c:\program files\Microsoft Silverlight

2008-12-14 22:04 --------- d-----w c:\documents and settings\Rene\Application Data\DAEMON Tools

2008-12-14 19:05 --------- d-----w c:\program files\ASUS

2008-12-13 21:21 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink

2008-11-24 21:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-11-24 20:42 --------- d-----w c:\program files\7-Zip

2008-11-13 02:16 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf

2008-11-13 02:16 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb20_01001.Wdf

2008-11-13 02:14 --------- d-----w c:\program files\Microsoft Xbox 360 Accessories

2008-08-04 02:21 522 ----a-w c:\program files\Shortcut to dgVoodoo1.50Beta2.lnk

2008-08-01 20:05 1,569 ----a-w c:\program files\uninstal.log

2006-06-24 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe

2008-07-31 11:23 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008073120080801\index.dat

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of c:\program files\Webtools ----

 

c:\program files\Webtools\

 

---- Directory of c:\windows\HDTVXviD Codec ----

 

2008-12-14 02:22 576000 --a------ c:\windows\HDTVXviD Codec\uninstall.exe

 

 

------- Sigcheck -------

 

2008-07-23 13:59 361600 e88631e21a9caca06104802f9e915115 c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((( snapshot@2008-12-20_15.47.57.87 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-12-28 19:07:00 2,560 ----a-w c:\windows\_MSRSTRT.EXE

+ 2008-12-27 05:28:15 574,464 ----a-w c:\windows\Hidden Mysteries Buckingham Palace\uninstall.exe

- 2008-08-19 19:02:14 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe

+ 2008-12-28 06:51:47 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe

- 2008-08-19 19:02:15 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe

+ 2008-12-28 06:51:47 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe

- 2008-08-19 19:02:14 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe

+ 2008-12-28 06:51:47 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe

- 2008-08-19 19:02:15 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe

+ 2008-12-28 06:51:47 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe

- 2008-08-19 19:02:15 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe

+ 2008-12-28 06:51:47 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe

- 2008-08-19 19:02:15 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe

+ 2008-12-28 06:51:48 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe

- 2008-08-19 19:02:14 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe

+ 2008-12-28 06:51:47 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe

- 2008-08-19 19:02:15 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe

+ 2008-12-28 06:51:47 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe

- 2008-08-19 19:02:15 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe

+ 2008-12-28 06:51:47 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe

- 2008-08-19 19:02:15 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe

+ 2008-12-28 06:51:48 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe

- 2008-08-19 19:02:14 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe

+ 2008-12-28 06:51:47 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe

- 2008-12-20 02:35:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-12-28 04:00:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-12-20 02:35:49 65,536 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-12-28 04:00:31 65,536 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-12-28 04:00:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008121520081222\index.dat

+ 2008-12-28 04:00:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008122720081228\index.dat

- 2008-12-20 02:35:49 196,608 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-12-28 04:00:31 196,608 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2008-12-15 01:51:30 267,800 ----a-w c:\windows\system32\FNTCACHE.DAT

+ 2008-12-27 02:37:06 267,800 ----a-w c:\windows\system32\FNTCACHE.DAT

- 2008-06-10 05:21:01 135,168 ----a-w c:\windows\system32\java.exe

+ 2008-12-23 18:25:21 144,792 ----a-w c:\windows\system32\java.exe

- 2008-06-10 05:21:04 135,168 ----a-w c:\windows\system32\javaw.exe

+ 2008-12-23 18:25:21 144,792 ----a-w c:\windows\system32\javaw.exe

- 2008-06-10 06:32:34 139,264 ----a-w c:\windows\system32\javaws.exe

+ 2008-12-23 18:25:21 148,888 ----a-w c:\windows\system32\javaws.exe

- 2008-12-20 19:53:32 59,908 ----a-w c:\windows\system32\perfc009.dat

+ 2008-12-28 19:12:27 59,908 ----a-w c:\windows\system32\perfc009.dat

- 2008-12-20 19:53:32 396,770 ----a-w c:\windows\system32\perfh009.dat

+ 2008-12-28 19:12:27 396,770 ----a-w c:\windows\system32\perfh009.dat

+ 2008-12-28 19:22:36 16,384 ----atw c:\windows\temp\Perflib_Perfdata_7f0.dat

.

-- Instantané actualisé --

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Profiler\lwemon.exe" [2005-04-18 73728]

"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2006-10-17 277352]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-14 1261336]

"QuickTime Task"="c:\windows\system32\qttask.exe" [2008-08-03 98304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]

"nwiz"="nwiz.exe" [2008-08-02 c:\windows\system32\nwiz.exe]

"CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless PCI_CardBus utility V1.01.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless PCI_CardBus utility V1.01.exe.lnk

backup=c:\windows\pss\Wireless PCI_CardBus utility V1.01.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobeupdater]

-ra------ 2007-03-01 09:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

--a------ 2008-05-19 14:24 91432 c:\program files\CyberLink\Shared files\brs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJLaunchEXE]

--a------ 2002-12-20 13:26 716800 c:\program files\Canon\BJCard\BJLaunch.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJPD HID Control]

--a------ 2003-01-21 15:35 45056 c:\program files\Canon\BJPV\TVMon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]

--a------ 2007-09-23 21:55 533944 c:\program files\Druide\Antidote\Gestionnaire Antidote.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HyperappelPL2003]

--a------ 2003-07-04 12:08 122880 c:\program files\Larousse\Petit Larousse 2004\bin\HIPL2002Popup.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

--a------ 2007-03-05 16:57 1103480 c:\program files\Download Manager\DLM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2008-02-28 16:07 1828136 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2008-04-14 04:42 1695232 c:\program files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2008-02-18 15:29 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2008-02-28 08:59 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

--------- 2007-12-14 10:36 50472 c:\program files\CyberLink\PowerDVD8\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2008-07-07 02:34 167936 c:\program files\poweriso\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-08-03 19:32 98304 c:\windows\system32\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]

--------- 2008-03-20 19:23 83240 c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

--a------ 2008-12-04 13:50 1809648 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-03-27 01:35 36352 c:\program files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\jeux\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\jeux\\dirt\\DiRT.exe"=

"c:\\jeux\\need3\\nfs3.exe"=

"c:\\jeux\\outrun 2006\\OR2006C2C.EXE"=

"c:\\jeux\\trackmania sunrise\\TmSunrise.exe"=

"c:\\jeux\\TEST DRIVE UNLIMITED\\TestDriveUnlimited.exe"=

"c:\\jeux\\neverwinter 2\\nwn2main.exe"=

"c:\\jeux\\neverwinter 2\\nwn2main_amdxp.exe"=

"c:\\jeux\\neverwinter 2\\nwupdate.exe"=

"c:\\jeux\\neverwinter 2\\nwn2server.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\jeux\\grid toca racer\\Grid\\GRID.exe"=

"c:\\jeux\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

 

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-08-20 39472]

R0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2008-07-31 150568]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-14 97928]

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]

R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-05-15 11:07:00 61424]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-14 231704]

R2 Devx;Devx;c:\windows\system32\drivers\Devx.sys [2008-08-02 4448]

R2 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [2008-08-02 3328]

R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]

R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]

R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]

R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1e51x86.sys [2008-07-31 36864]

R3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\DRIVERS\xusb20.sys [2006-10-13 50048]

S0 chowgnve;chowgnve;c:\windows\system32\drivers\xrniqlb.sys []

S0 ojklva;ojklva;c:\windows\system32\drivers\cjukz.sys []

S0 wqzus;wqzus;c:\windows\system32\drivers\dxxpwrs.sys []

S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]

S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]

S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]

S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]

S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]

S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-DLD.EXE - c:\program files\Download Direct\DLD.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = about:blank

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-28 14:22:33

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTHelper = CTHELPER.EXE?

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(784)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\windows\system32\rundll32.exe

c:\program files\Canon\BJCard\Bjmcmng.exe

c:\program files\diskkeeper\DkService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\IoctlSvc.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Heure de fin: 2008-12-28 14:25:28 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-12-28 19:25:25

ComboFix2.txt 2008-12-27 02:39:36

ComboFix3.txt 2008-12-20 20:48:13

 

Avant-CF: 36 836 077 568 bytes free

Après-CF: 36,842,242,048 bytes free

 

379

Modifié le 28 décembre 2008 par renejr902