bonsoir a vous toutes et tous SOS !! SOS !!

[rital94]

bonsoir

je suis infecter depuis hier après midi

de ces deux virus j'ai avg 8.0 et et sumbelt personal firewal

 

j'ai une analyse

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:46:30, on 17/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AirDefense\Personal Agent\ADPService.exe

C:\Program Files\AirDefense\Personal Agent\ADPShell.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe

C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe

C:\Program Files\Malware Defender 2009\malwaredef.exe

C:\Program Files\Mozilla Firefox\firefox.exe

G:\Mes doc\logiciel christophe\HiJackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O1 - Hosts: 91.121.153.162 l2authd.lineage2.com #Semper Fidelis

O1 - Hosts: 91.121.153.162 l2testauthd.lineage2.com #Semper Fidelis

O1 - Hosts: 91.121.153.162 nprotect.lineage2.com #Semper Fidelis

O1 - Hosts: 91.121.153.162 update.nprotect.com #Semper Fidelis

O1 - Hosts: 91.121.153.162 update.nprotect.net #Semper Fidelis

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt

 

8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

 

7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

 

Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement

 

Pack\Search Helper\SearchHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft

 

Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

 

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows

 

Live\Toolbar\wltcore.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt

 

8\SnagItIEAddin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows

 

Live\Toolbar\wltcore.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [malwaredef] C:\Program Files\Malware Defender 2009\malwaredef.exe

O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE

 

LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

 

Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

 

Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

 

C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

 

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

 

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

 

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

 

Diagnostic\xpnetdiag.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -

 

http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

 

http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

 

http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft

 

Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O21 - SSODL: HardwareDrivers - {1F10599C-469E-4511-B6E8-603A0346E80B} - C:\Documents and Settings\All

 

Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll

O21 - SSODL: DriversLoad - {2310429E-B825-4D19-AE63-7299A51DB785} - C:\Documents and Settings\All Users\Application

 

Data\Microsoft\Media Index\Drivers\kliomjyqlo.dll

O23 - Service: AirDefense Personal Service (ADPService) - Unknown owner - C:\Program Files\AirDefense\Personal

 

Agent\ADPService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers

 

communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program

 

Files\WinPcap\rpcapd.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal

 

Firewall\kpf4ss.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol

 

Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH -

 

C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program

 

Files\Webroot\Spy Sweeper\SpySweeper.exe

 

--

End of file - 10719 bytes

Modifié le 17 mars 2009 par rital94

[pear]

Bonjour,

 

Téléchargez Malwarebytes' Anti-Malware (MBAM)

[branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

Si la mise à jour automatique échouait pour une raison quelconque,par exemple une installation de Mbam sur clé usb,

Téléchargez la mise à jour ici

double-cliquer sur le fichier mbam-rules.exe pour installer la mise à jour

 

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

 

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

 

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

[rital94]

merci de cette reponse que je vois malheureusement tardivement. Désolé d'avoir été sourd à votre aide mais mon pc ne m'en a pas laissé le temps, c'est simple il ne voulait plus démarrer . J'ai voulu le formater mais le xp choisi pour l'occasion ne devait pas etre le bon si bien qu'en guise de formatage je n'ai pu faire qu'unu installation . Je vais tenter de suivre vos conseil avec attention merci

[rital94]

voici le rapport d'analyse demandé (en reprecisant qu'entre temps mon pc a subi quelques changement)

Malwarebytes' Anti-Malware 1.34

Version de la base de données: 1885

Windows 5.1.2600 Service Pack 3

 

22/03/2009 20:11:18

mbam-log-2009-03-22 (20-11-18).txt

 

Type de recherche: Examen rapide

Eléments examinés: 103403

Temps écoulé: 5 minute(s), 26 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 3

Dossier(s) infecté(s): 3

Fichier(s) infecté(s): 3

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Documents and Settings\Christophe\Application Data\VirusRemover2009 (Rogue.VirusRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\Christophe\Application Data\VirusRemover2009\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Documents and Settings\Christophe\Local Settings\Temp\CLN_2009FreeInstall_Rezer.exe (Rogue.Cleaner2009) -> Quarantined and deleted successfully.

C:\Documents and Settings\Christophe\Application Data\VirusRemover2009\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\c.cgm (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.

[pear]

Bonjour,

 

Si j'ai bien compris , vous avez fait une "réinstallation de xp par dessus ".

Mbam vous a supprimé quelques néfastes.

 

Je vous demande une analyse plus approfondie:

Téléchargezrandom's system information tool (RSIT) par random/random et sauvegardez-le sur le Bureau.

 

Double-cliquez sur RSIT.exe afin de lancer RSIT.

* Cliquez Continue à l'écran Disclaimer.

* Si l'outil HIjackThis (version à jour) n'est pas présent ou détecté sur l'ordinateur, RSIT le télécharge et vous acceptez la licence.

* L'analyse terminée, deux fichiers texte s'ouvriront.:

Poster le contenu de log.txt (qui sera affiché)

ainsi que de info.txt (qui sera réduit dans la Barre des Tâches).

* Si ces deux rapports n'apparaissent pas, vous les trouverez dans le dossier C:\rsit

[rital94]

BONJOUR Pear et encore merci pour votre implication à mon problème, voici donc les rapports:

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by christophe at 2009-03-23 10:46:16

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 146 GB (77%) free of 191 GB

Total RAM: 1023 MB (47% free)

 

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2009-03-21 62728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-03-21 201992]

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []

"EoEngine"= []

"SoftwareHelper"=C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2008-05-02 679936]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-04 62976]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-02 15360]

"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-02-25 251264]

 

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage

RAID Manager.lnk - C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

 

C:\Documents and Settings\christophe.B7F020E3BF5F476\Menu Démarrer\Programmes\Démarrage

Xfire.lnk - C:\Program Files\Xfire\xfire.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2008-04-25 206088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-05-02 200064]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2009-03-23 10:46:16 ----D---- C:\rsit

2009-03-23 10:46:16 ----D---- C:\Program Files\trend micro

2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\muweb.dll

2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\mucltui.dll

2009-03-23 08:31:49 ----D---- C:\WINDOWS\LastGood

2009-03-22 22:43:16 ----D---- C:\Program Files\CCleaner

2009-03-22 20:00:28 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Malwarebytes

2009-03-22 20:00:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-03-22 20:00:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2009-03-22 17:46:24 ----D---- C:\Program Files\Fichiers communs\logishrd

2009-03-22 17:46:24 ----A---- C:\WINDOWS\system32\vfwwdm32.dll

2009-03-22 16:50:34 ----A---- C:\WINDOWS\system32\d3dx9_32.dll

2009-03-22 16:39:18 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo

2009-03-22 16:00:19 ----RA---- C:\WINDOWS\system32\Audio3D.dll

2009-03-22 16:00:06 ----RA---- C:\WINDOWS\system32\cmudax.dll

2009-03-22 16:00:06 ----RA---- C:\WINDOWS\system32\cmirmdrv.exe

2009-03-22 13:50:47 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Media Player Classic

2009-03-22 13:49:27 ----D---- C:\Program Files\ffdshow

2009-03-22 01:42:00 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Thunderbird

2009-03-22 01:33:35 ----A---- C:\WINDOWS\system32\BASSMOD.dll

2009-03-22 01:17:34 ----D---- C:\WINDOWS\pss

2009-03-22 01:06:17 ----D---- C:\Program Files\GSpot221

2009-03-22 00:55:34 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\TuneUp Software

2009-03-22 00:46:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\IM

2009-03-22 00:45:14 ----D---- C:\Program Files\IncrediMail

2009-03-22 00:45:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail

2009-03-22 00:38:12 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Xfire

2009-03-21 23:42:54 ----D---- C:\Program Files\Marvell

2009-03-21 23:25:30 ----D---- C:\Program Files\Intel

2009-03-21 23:19:10 ----A---- C:\WINDOWS\system32\ntport.dll

2009-03-21 23:11:12 ----RA---- C:\WINDOWS\system32\cmirmdrv.dll

2009-03-21 23:11:11 ----RA---- C:\WINDOWS\system32\udaprop.dll

2009-03-21 23:00:00 ----RA---- C:\WINDOWS\system32\a3d.dll

2009-03-21 22:29:41 ----A---- C:\WINDOWS\Ascd_tmp.ini

2009-03-21 22:22:12 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Mozilla

2009-03-21 22:10:52 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Macromedia

2009-03-21 22:10:52 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Adobe

2009-03-21 21:47:31 ----D---- C:\Program Files\Kaspersky Lab

2009-03-21 21:47:31 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab

2009-03-21 21:42:47 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\teamspeak2

2009-03-21 21:41:02 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Xentient

2009-03-21 21:40:43 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\HLSW

2009-03-21 21:31:21 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Identities

2009-03-21 21:30:19 ----ASH---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\desktop.ini

2009-03-21 21:30:17 ----SD---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Microsoft

2009-03-21 20:20:31 ----A---- C:\WINDOWS\system32\h323log.txt

2009-03-21 20:19:23 ----A---- C:\WINDOWS\system32\ksuser.dll

2009-03-21 20:17:15 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$

2009-03-21 20:17:03 ----A---- C:\WINDOWS\system32\usbui.dll

2009-03-21 20:16:28 ----A---- C:\WINDOWS\system32\spupdsvc.exe

2009-03-21 20:15:14 ----N---- C:\WINDOWS\system32\spmsg.dll

2009-03-21 20:13:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-03-21 20:13:24 ----A---- C:\WINDOWS\ODBCINST.INI

2009-03-21 20:13:14 ----A---- C:\WINDOWS\system32\irclass.dll

2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\spxcoins.dll

2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll

2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\dgsetup.dll

2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll

2009-03-21 20:13:10 ----A---- C:\WINDOWS\TASKMAN.EXE

2009-03-21 20:13:09 ----A---- C:\WINDOWS\system32\batt.dll

2009-03-21 20:13:08 ----A---- C:\WINDOWS\NOTEPAD.EXE

2009-03-21 20:13:07 ----A---- C:\WINDOWS\system32\storprop.dll

2009-03-21 20:12:50 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini

2009-03-21 20:10:45 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft

2009-03-21 19:46:30 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-03-21 19:36:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero

2009-03-21 19:35:32 ----D---- C:\Program Files\TaskSwitchXP

2009-03-21 19:34:05 ----A---- C:\WINDOWS\system32\jit.dll

2009-03-21 19:34:05 ----A---- C:\WINDOWS\setdebug.exe

2009-03-21 19:34:04 ----A---- C:\WINDOWS\system32\javaee.dll

2009-03-21 19:34:04 ----A---- C:\WINDOWS\system32\dx3j.dll

2009-03-21 19:33:58 ----A---- C:\WINDOWS\system32\wjview.exe

2009-03-21 19:33:58 ----A---- C:\WINDOWS\system32\vmhelper.dll

2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msjdbc10.dll

2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msjava.dll

2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msawt.dll

2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\jview.exe

2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\jdbgmgr.exe

2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\javart.dll

2009-03-21 19:33:55 ----A---- C:\WINDOWS\system32\javaprxy.dll

2009-03-21 19:33:55 ----A---- C:\WINDOWS\system32\javacypt.dll

2009-03-21 19:33:54 ----A---- C:\WINDOWS\system32\clspack.exe

2009-03-21 19:29:09 ----A---- C:\WINDOWS\control.ini

2009-03-21 19:28:29 ----D---- C:\WINDOWS\system32\dllcache

2009-03-21 19:28:29 ----A---- C:\WINDOWS\system32\mapi32.dll

2009-03-21 19:27:24 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2009-03-21 19:27:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest

2009-03-21 19:26:31 ----A---- C:\WINDOWS\system32\acctres.dll

2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wuweb.dll

2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wucltui.dll

2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wuauserv.dll

2009-03-21 19:26:11 ----A---- C:\WINDOWS\system32\wuaueng1.dll

2009-03-21 19:26:11 ----A---- C:\WINDOWS\system32\wuaueng.dll

2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wups.dll

2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wuauclt1.exe

2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wuauclt.exe

2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\wuapi.dll

2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\qmgrprxy.dll

2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx4.dll

2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx3.dll

2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx2.dll

2009-03-21 19:26:08 ----A---- C:\WINDOWS\system32\qmgr.dll

2009-03-21 19:26:07 ----A---- C:\WINDOWS\system32\fltMc.exe

2009-03-21 19:26:07 ----A---- C:\WINDOWS\system32\fltlib.dll

2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srsvc.dll

2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srrstr.dll

2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srclient.dll

2009-03-21 19:26:05 ----A---- C:\WINDOWS\system32\msoert2.dll

2009-03-21 19:26:05 ----A---- C:\WINDOWS\system32\msoeacct.dll

2009-03-21 19:26:03 ----A---- C:\WINDOWS\system32\inetres.dll

2009-03-21 19:26:03 ----A---- C:\WINDOWS\system32\inetcomm.dll

2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\schedsvc.dll

2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\mstinit.exe

2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\mstask.dll

2009-03-21 19:24:14 ----A---- C:\WINDOWS\vbaddin.ini

2009-03-21 19:24:14 ----A---- C:\WINDOWS\vb.ini

2009-03-21 19:23:20 ----A---- C:\WINDOWS\system32\sndvol32.exe

2009-03-21 19:23:13 ----A---- C:\WINDOWS\system32\getuname.dll

2009-03-21 19:23:13 ----A---- C:\WINDOWS\system32\charmap.exe

2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\winmine.exe

2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\sol.exe

2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\calc.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\usrlogon.cmd

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tsshutdn.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tslabels.ini

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tskill.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tsdiscon.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tscon.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\reset.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\mshearts.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\freecell.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\shadow.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\rwinsta.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\regini.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\rdpcfgex.dll

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\qwinsta.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\qappsrv.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\msg.exe

2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\msdtcprf.ini

2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\logoff.exe

2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\cdmodem.dll

2009-03-21 19:23:01 ----A---- C:\WINDOWS\system32\wmimgmt.msc

2009-03-21 19:23:01 ----A---- C:\WINDOWS\system32\mplay32.exe

2009-03-21 19:23:00 ----A---- C:\WINDOWS\system32\spider.exe

2009-03-21 19:22:59 ----A---- C:\WINDOWS\system32\tsgqec.dll

2009-03-21 19:22:59 ----A---- C:\WINDOWS\system32\tscfgwmi.dll

2009-03-21 19:22:58 ----A---- C:\WINDOWS\system32\rhttpaa.dll

2009-03-21 19:22:58 ----A---- C:\WINDOWS\system32\aaclient.dll

2009-03-21 19:22:57 ----A---- C:\WINDOWS\system32\mstscax.dll

2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\sessmgr.exe

2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\remotepg.dll

2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\rdshost.exe

2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\rdsaddin.exe

2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\mstsc.exe

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\termsrv.dll

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpwsx.dll

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpsnd.dll

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpclip.exe

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdchost.dll

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\qprocess.exe

2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\mtxoci.dll

2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\msdtcuiu.dll

2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\icaapi.dll

2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\cfgbkend.dll

2009-03-21 19:22:53 ----A---- C:\WINDOWS\system32\msdtctm.dll

2009-03-21 19:22:53 ----A---- C:\WINDOWS\system32\msdtcprx.dll

2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\xolehlp.dll

2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\msdtclog.dll

2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\msdtc.exe

2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\dcomcnfg.exe

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\stclient.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxlegih.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxex.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxdm.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\comrepl.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\comaddin.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\colbact.dll

2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\clbcatex.dll

2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\catsrvut.dll

2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\catsrvps.dll

2009-03-21 19:22:49 ----A---- C:\WINDOWS\system32\comsvcs.dll

2009-03-21 19:22:49 ----A---- C:\WINDOWS\system32\catsrv.dll

2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\comuid.dll

2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\comsnap.dll

2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\clbcatq.dll

2009-03-21 19:22:39 ----A---- C:\WINDOWS\system32\servdeps.dll

2009-03-21 19:22:38 ----A---- C:\WINDOWS\system32\mmfutil.dll

2009-03-21 19:22:38 ----A---- C:\WINDOWS\system32\licwmi.dll

2009-03-21 19:22:37 ----A---- C:\WINDOWS\system32\cmprops.dll

2009-03-21 18:10:28 ----AD---- C:\WINDOWS\i386

2009-03-21 18:09:08 ----D---- C:\Program Files\Mozilla Thunderbird

2009-03-21 18:08:03 ----D---- C:\Program Files\Recuva

2009-03-21 18:08:02 ----D---- C:\Program Files\Paint.NET

2009-03-21 18:08:00 ----D---- C:\Program Files\Occtpt

2009-03-21 18:07:43 ----D---- C:\Program Files\Cpu-z

2009-03-15 19:47:17 ----D---- C:\Program Files\MSBuild

2009-03-15 19:44:54 ----D---- C:\Program Files\Microsoft Visual Studio 8

2009-03-11 20:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2009-03-11 20:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$

2009-03-11 20:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$

2009-03-09 20:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

2009-03-09 20:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

2009-02-26 19:46:50 ----A---- C:\WINDOWS\system32\xfcodec.dll

 

======List of files/folders modified in the last 1 months======

 

2009-03-23 10:46:16 ----RD---- C:\Program Files

2009-03-23 08:33:04 ----D---- C:\Program Files\Mozilla Firefox

2009-03-23 08:32:21 ----D---- C:\WINDOWS\Temp

2009-03-23 08:31:50 ----D---- C:\WINDOWS\system32

2009-03-23 08:31:49 ----HD---- C:\WINDOWS\inf

2009-03-23 08:31:49 ----D---- C:\WINDOWS

2009-03-23 08:31:47 ----D---- C:\WINDOWS\system32\CatRoot2

2009-03-22 23:33:09 ----D---- C:\WINDOWS\system

2009-03-22 23:28:45 ----HD---- C:\Config.Msi

2009-03-22 23:26:15 ----D---- C:\WINDOWS\system32\drivers

2009-03-22 23:24:12 ----D---- C:\WINDOWS\system32\CatRoot

2009-03-22 23:24:08 ----SHD---- C:\WINDOWS\Installer

2009-03-22 22:44:20 ----D---- C:\Program Files\Teamspeak2_RC2

2009-03-22 22:12:35 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2009-03-22 21:00:18 ----SH---- C:\boot.ini

2009-03-22 21:00:18 ----A---- C:\WINDOWS\win.ini

2009-03-22 21:00:18 ----A---- C:\WINDOWS\system.ini

2009-03-22 17:57:49 ----RSD---- C:\WINDOWS\assembly

2009-03-22 17:56:45 ----D---- C:\WINDOWS\Microsoft.NET

2009-03-22 17:46:24 ----D---- C:\Program Files\Fichiers communs

2009-03-22 16:51:56 ----D---- C:\Program Files\Microsoft Silverlight

2009-03-22 16:50:31 ----D---- C:\WINDOWS\system32\DirectX

2009-03-22 16:49:53 ----D---- C:\WINDOWS\WinSxS

2009-03-22 16:48:33 ----RSD---- C:\WINDOWS\Fonts

2009-03-22 03:24:01 ----D---- C:\WINDOWS\Prefetch

2009-03-22 01:11:40 ----D---- C:\Program Files\Xfire

2009-03-22 01:07:35 ----D---- C:\WINDOWS\Help

2009-03-22 00:57:54 ----D---- C:\Program Files\TuneUp Utilities 2008

2009-03-21 23:35:26 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-03-21 21:33:28 ----SHD---- C:\RECYCLER

2009-03-21 21:30:14 ----D---- C:\Documents and Settings

2009-03-21 20:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

2009-03-21 20:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2009-03-21 20:16:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2009-03-21 20:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2009-03-21 20:16:07 ----D---- C:\Program Files\Internet Explorer

2009-03-21 20:09:57 ----D---- C:\WINDOWS\WBEM

2009-03-21 20:09:57 ----D---- C:\WINDOWS\system32\fr

2009-03-21 20:09:57 ----D---- C:\WINDOWS\Network Diagnostic

2009-03-21 20:09:57 ----D---- C:\WINDOWS\L2Schemas

2009-03-21 20:07:40 ----D---- C:\WINDOWS\AppPatch

2009-03-21 20:07:22 ----RD---- C:\WINDOWS\Web

2009-03-21 20:07:22 ----D---- C:\WINDOWS\system32\Setup

2009-03-21 20:06:12 ----D---- C:\WINDOWS\Offline Web Pages

2009-03-21 20:06:03 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-03-21 20:05:53 ----D---- C:\WINDOWS\twain_32

2009-03-21 20:05:49 ----D---- C:\WINDOWS\system32\ras

2009-03-21 20:05:45 ----D---- C:\WINDOWS\system32\icsxml

2009-03-21 20:05:25 ----D---- C:\WINDOWS\system32\1036

2009-03-21 19:47:37 ----D---- C:\WINDOWS\SoftwareDistribution

2009-03-21 19:47:32 ----D---- C:\WINDOWS\system32\MsDtc

2009-03-21 19:47:26 ----D---- C:\WINDOWS\security

2009-03-21 19:47:26 ----D---- C:\WINDOWS\repair

2009-03-21 19:47:17 ----D---- C:\WINDOWS\Debug

2009-03-21 19:46:43 ----SHD---- C:\System Volume Information

2009-03-21 19:46:43 ----D---- C:\WINDOWS\system32\Restore

2009-03-21 19:46:32 ----SD---- C:\WINDOWS\Tasks

2009-03-21 19:45:57 ----D---- C:\WINDOWS\system32\config

2009-03-21 19:37:11 ----D---- C:\Program Files\WinRAR

2009-03-21 19:37:01 ----D---- C:\Program Files\Nero

2009-03-21 19:35:21 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-03-21 19:30:55 ----D---- C:\WINDOWS\Registration

2009-03-21 19:30:14 ----D---- C:\WINDOWS\system32\URTTemp

2009-03-21 19:28:06 ----D---- C:\WINDOWS\system32\ias

2009-03-21 19:26:41 ----D---- C:\WINDOWS\srchasst

2009-03-21 19:26:32 ----D---- C:\Program Files\Windows Media Player

2009-03-21 19:26:27 ----D---- C:\Program Files\Outlook Express

2009-03-21 19:24:38 ----D---- C:\WINDOWS\system32\Com

2009-03-21 19:23:31 ----D---- C:\Program Files\Windows Media Connect 2

2009-03-21 19:23:08 ----D---- C:\WINDOWS\system32\wbem

2009-03-21 19:23:00 ----D---- C:\WINDOWS\system32\fr-fr

2009-03-21 18:38:01 ----D---- C:\WINDOWS\system32\usmt

2009-03-21 18:38:01 ----D---- C:\WINDOWS\system32\oodag

2009-03-21 18:37:59 ----HD---- C:\WINDOWS\system32\GroupPolicy

2009-03-21 18:37:53 ----D---- C:\WINDOWS\system32\1033

2009-03-21 18:37:52 ----D---- C:\WINDOWS\SHELLNEW

2009-03-21 18:37:51 ----D---- C:\WINDOWS\PeerNet

2009-03-21 18:37:38 ----D---- C:\WINDOWS\ime

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$

2009-03-17 18:11:17 ----HD---- C:\Program Files\InstallShield Installation Information

2009-03-17 13:42:48 ----D---- C:\temp

2009-03-17 02:09:13 ----HD---- C:\$AVG8.VAULT$

2009-03-15 19:46:43 ----D---- C:\Program Files\Microsoft Office

2009-03-11 10:59:07 ----HD---- C:\WINDOWS\$hf_mig$

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]

R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-03-22 213520]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-02 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]

R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]

R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 1275584]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-02 144384]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-05-02 10368]

R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-02-03 41504]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2008-05-02 5810]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-02 61824]

R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-05-02 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-05-02 259712]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-02 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-02 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-05-02 73600]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]

R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-03-21 201992]

R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-02-15 707344]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-07-16 33632]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-07-16 68952]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-05-02 14336]

 

-----------------EOF-----------------

 

 

 

info.txt logfile of random's system information tool 1.06 2009-03-23 10:46:35

 

======Uninstall list======

 

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}

GSpot 2.21 Fr-->"C:\Program Files\GSpot221\unins000.exe"

IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

ITE IT8212 ATA RAID Controller-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC6AAE10-A081-42C7-9CD3-ED1D80C30941}\Setup.exe" -l0x9

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}

Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe

Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (2.0.0.14)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

Nero 8 Lite 8.3.2.1-->"C:\Program Files\Nero\unins000.exe"

O&O Defrag Professional Edition-->MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

SoftwareUpdate 1.0-->"C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\unins000.exe"

TaskSwitchXP-->C:\Program Files\TaskSwitchXP\uninst.exe

TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"

Virtual Cable Tester-->MsiExec.exe /X{3D654496-9C3D-4565-858C-3E551ECDA4E2}

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}

Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

 

======Hosts File======

 

127.0.0.1 localhost

127.0.0.1 ad.a8.net

127.0.0.1 asy.a8ww.net

127.0.0.1 www.abx4.com #[Adware.ABXToolbar]

127.0.0.1 acezip.net #[siteAdvisor.acezip.net]

127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]

127.0.0.1 phpadsnew.abac.com

127.0.0.1 a.abnad.net

127.0.0.1 b.abnad.net

127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]

 

======Security center information======

 

AV: Kaspersky Internet Security

FW: Kaspersky Internet Security

 

======System event log======

 

Computer Name: B7F020E3BF5F476

Event Code: 6011

Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers B7F020E3BF5F476.

 

Record Number: 5

Source Name: EventLog

Time Written: 20090321192037.000000+060

Event Type: Informations

User:

 

Computer Name: MACHINENAME

Event Code: 121

Message: Port A is up with 100 Mbps

 

Record Number: 4

Source Name: yukonwxp

Time Written: 20090321201745.000000+060

Event Type: Informations

User:

 

Computer Name: MACHINENAME

Event Code: 2

Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée.

 

Record Number: 3

Source Name: Serial

Time Written: 20090321201026.000000+060

Event Type: Informations

User:

 

Computer Name: MACHINENAME

Event Code: 6005

Message: Le service d'Enregistrement d'événement a démarré.

 

Record Number: 2

Source Name: EventLog

Time Written: 20090321201020.000000+060

Event Type: Informations

User:

 

Computer Name: MACHINENAME

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.

 

Record Number: 1

Source Name: EventLog

Time Written: 20090321201020.000000+060

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: B7F020E3BF5F476

Event Code: 1000

Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés.

Les données d'enregistrement contiennent les nouvelles valeurs d'index

assignées à ce service.

 

Record Number: 5

Source Name: LoadPerf

Time Written: 20090321192356.000000+060

Event Type: Informations

User:

 

Computer Name: B7F020E3BF5F476

Event Code: 1000

Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.

Les données d'enregistrement contiennent les nouvelles valeurs d'index

assignées à ce service.

 

Record Number: 4

Source Name: LoadPerf

Time Written: 20090321192349.000000+060

Event Type: Informations

User:

 

Computer Name: B7F020E3BF5F476

Event Code: 1000

Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.

Les données d'enregistrement contiennent les nouvelles valeurs d'index

assignées à ce service.

 

Record Number: 3

Source Name: LoadPerf

Time Written: 20090321192218.000000+060

Event Type: Informations

User:

 

Computer Name: B7F020E3BF5F476

Event Code: 1000

Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.

Les données d'enregistrement contiennent les nouvelles valeurs d'index

assignées à ce service.

 

Record Number: 2

Source Name: LoadPerf

Time Written: 20090321192127.000000+060

Event Type: Informations

User:

 

Computer Name: B7F020E3BF5F476

Event Code: 1000

Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.

Les données d'enregistrement contiennent les nouvelles valeurs d'index

assignées à ce service.

 

Record Number: 1

Source Name: LoadPerf

Time Written: 20090321192056.000000+060

Event Type: Informations

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel

"PROCESSOR_REVISION"=0403

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

 

Je recommence l'analyse ,j'ai mal lu l'anglais (eh oui beaucoup de lacunes !), voivi le nouveau rapport :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by christophe at 2009-03-23 10:52:28

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 146 GB (77%) free of 191 GB

Total RAM: 1023 MB (47% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:55:16, on 23/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\WINDOWS\system32\oodag.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IncrediMail\bin\ImApp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\christophe.B7F020E3BF5F476\Bureau\RSIT.exe

C:\Program Files\trend micro\christophe.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://lo.st#first

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O1 - Hosts: ;Tag&rename

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [softwareHelper] C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe

O4 - Global Startup: RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

 

--

End of file - 5804 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2009-03-21 62728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-03-21 201992]

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []

"EoEngine"= []

"SoftwareHelper"=C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2008-05-02 679936]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-04 62976]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-02 15360]

"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-02-25 251264]

 

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage

RAID Manager.lnk - C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

 

C:\Documents and Settings\christophe.B7F020E3BF5F476\Menu Démarrer\Programmes\Démarrage

Xfire.lnk - C:\Program Files\Xfire\xfire.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2008-04-25 206088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-05-02 200064]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2009-03-23 10:46:16 ----D---- C:\rsit

2009-03-23 10:46:16 ----D---- C:\Program Files\trend micro

2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\muweb.dll

2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\mucltui.dll

2009-03-23 08:31:49 ----D---- C:\WINDOWS\LastGood

2009-03-22 22:43:16 ----D---- C:\Program Files\CCleaner

2009-03-22 20:00:28 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Malwarebytes

2009-03-22 20:00:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-03-22 20:00:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2009-03-22 17:46:24 ----D---- C:\Program Files\Fichiers communs\logishrd

2009-03-22 17:46:24 ----A---- C:\WINDOWS\system32\vfwwdm32.dll

2009-03-22 16:50:34 ----A---- C:\WINDOWS\system32\d3dx9_32.dll

2009-03-22 16:39:18 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo

2009-03-22 16:00:19 ----RA---- C:\WINDOWS\system32\Audio3D.dll

2009-03-22 16:00:06 ----RA---- C:\WINDOWS\system32\cmudax.dll

2009-03-22 16:00:06 ----RA---- C:\WINDOWS\system32\cmirmdrv.exe

2009-03-22 13:50:47 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Media Player Classic

2009-03-22 13:49:27 ----D---- C:\Program Files\ffdshow

2009-03-22 01:42:00 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Thunderbird

2009-03-22 01:33:35 ----A---- C:\WINDOWS\system32\BASSMOD.dll

2009-03-22 01:17:34 ----D---- C:\WINDOWS\pss

2009-03-22 01:06:17 ----D---- C:\Program Files\GSpot221

2009-03-22 00:55:34 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\TuneUp Software

2009-03-22 00:46:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\IM

2009-03-22 00:45:14 ----D---- C:\Program Files\IncrediMail

2009-03-22 00:45:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail

2009-03-22 00:38:12 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Xfire

2009-03-21 23:42:54 ----D---- C:\Program Files\Marvell

2009-03-21 23:25:30 ----D---- C:\Program Files\Intel

2009-03-21 23:19:10 ----A---- C:\WINDOWS\system32\ntport.dll

2009-03-21 23:11:12 ----RA---- C:\WINDOWS\system32\cmirmdrv.dll

2009-03-21 23:11:11 ----RA---- C:\WINDOWS\system32\udaprop.dll

2009-03-21 23:00:00 ----RA---- C:\WINDOWS\system32\a3d.dll

2009-03-21 22:29:41 ----A---- C:\WINDOWS\Ascd_tmp.ini

2009-03-21 22:22:12 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Mozilla

2009-03-21 22:10:52 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Macromedia

2009-03-21 22:10:52 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Adobe

2009-03-21 21:47:31 ----D---- C:\Program Files\Kaspersky Lab

2009-03-21 21:47:31 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab

2009-03-21 21:42:47 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\teamspeak2

2009-03-21 21:41:02 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Xentient

2009-03-21 21:40:43 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\HLSW

2009-03-21 21:31:21 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Identities

2009-03-21 21:30:19 ----ASH---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\desktop.ini

2009-03-21 21:30:17 ----SD---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Microsoft

2009-03-21 20:20:31 ----A---- C:\WINDOWS\system32\h323log.txt

2009-03-21 20:19:23 ----A---- C:\WINDOWS\system32\ksuser.dll

2009-03-21 20:17:15 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$

2009-03-21 20:17:03 ----A---- C:\WINDOWS\system32\usbui.dll

2009-03-21 20:16:28 ----A---- C:\WINDOWS\system32\spupdsvc.exe

2009-03-21 20:15:14 ----N---- C:\WINDOWS\system32\spmsg.dll

2009-03-21 20:13:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-03-21 20:13:24 ----A---- C:\WINDOWS\ODBCINST.INI

2009-03-21 20:13:14 ----A---- C:\WINDOWS\system32\irclass.dll

2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\spxcoins.dll

2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll

2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\dgsetup.dll

2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll

2009-03-21 20:13:10 ----A---- C:\WINDOWS\TASKMAN.EXE

2009-03-21 20:13:09 ----A---- C:\WINDOWS\system32\batt.dll

2009-03-21 20:13:08 ----A---- C:\WINDOWS\NOTEPAD.EXE

2009-03-21 20:13:07 ----A---- C:\WINDOWS\system32\storprop.dll

2009-03-21 20:12:50 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini

2009-03-21 20:10:45 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft

2009-03-21 19:46:30 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-03-21 19:36:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero

2009-03-21 19:35:32 ----D---- C:\Program Files\TaskSwitchXP

2009-03-21 19:34:05 ----A---- C:\WINDOWS\system32\jit.dll

2009-03-21 19:34:05 ----A---- C:\WINDOWS\setdebug.exe

2009-03-21 19:34:04 ----A---- C:\WINDOWS\system32\javaee.dll

2009-03-21 19:34:04 ----A---- C:\WINDOWS\system32\dx3j.dll

2009-03-21 19:33:58 ----A---- C:\WINDOWS\system32\wjview.exe

2009-03-21 19:33:58 ----A---- C:\WINDOWS\system32\vmhelper.dll

2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msjdbc10.dll

2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msjava.dll

2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msawt.dll

2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\jview.exe

2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\jdbgmgr.exe

2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\javart.dll

2009-03-21 19:33:55 ----A---- C:\WINDOWS\system32\javaprxy.dll

2009-03-21 19:33:55 ----A---- C:\WINDOWS\system32\javacypt.dll

2009-03-21 19:33:54 ----A---- C:\WINDOWS\system32\clspack.exe

2009-03-21 19:29:09 ----A---- C:\WINDOWS\control.ini

2009-03-21 19:28:29 ----D---- C:\WINDOWS\system32\dllcache

2009-03-21 19:28:29 ----A---- C:\WINDOWS\system32\mapi32.dll

2009-03-21 19:27:24 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2009-03-21 19:27:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest

2009-03-21 19:26:31 ----A---- C:\WINDOWS\system32\acctres.dll

2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wuweb.dll

2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wucltui.dll

2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wuauserv.dll

2009-03-21 19:26:11 ----A---- C:\WINDOWS\system32\wuaueng1.dll

2009-03-21 19:26:11 ----A---- C:\WINDOWS\system32\wuaueng.dll

2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wups.dll

2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wuauclt1.exe

2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wuauclt.exe

2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\wuapi.dll

2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\qmgrprxy.dll

2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx4.dll

2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx3.dll

2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx2.dll

2009-03-21 19:26:08 ----A---- C:\WINDOWS\system32\qmgr.dll

2009-03-21 19:26:07 ----A---- C:\WINDOWS\system32\fltMc.exe

2009-03-21 19:26:07 ----A---- C:\WINDOWS\system32\fltlib.dll

2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srsvc.dll

2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srrstr.dll

2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srclient.dll

2009-03-21 19:26:05 ----A---- C:\WINDOWS\system32\msoert2.dll

2009-03-21 19:26:05 ----A---- C:\WINDOWS\system32\msoeacct.dll

2009-03-21 19:26:03 ----A---- C:\WINDOWS\system32\inetres.dll

2009-03-21 19:26:03 ----A---- C:\WINDOWS\system32\inetcomm.dll

2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\schedsvc.dll

2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\mstinit.exe

2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\mstask.dll

2009-03-21 19:24:14 ----A---- C:\WINDOWS\vbaddin.ini

2009-03-21 19:24:14 ----A---- C:\WINDOWS\vb.ini

2009-03-21 19:23:20 ----A---- C:\WINDOWS\system32\sndvol32.exe

2009-03-21 19:23:13 ----A---- C:\WINDOWS\system32\getuname.dll

2009-03-21 19:23:13 ----A---- C:\WINDOWS\system32\charmap.exe

2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\winmine.exe

2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\sol.exe

2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\calc.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\usrlogon.cmd

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tsshutdn.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tslabels.ini

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tskill.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tsdiscon.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tscon.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\reset.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\mshearts.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\freecell.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\shadow.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\rwinsta.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\regini.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\rdpcfgex.dll

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\qwinsta.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\qappsrv.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\msg.exe

2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\msdtcprf.ini

2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\logoff.exe

2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\cdmodem.dll

2009-03-21 19:23:01 ----A---- C:\WINDOWS\system32\wmimgmt.msc

2009-03-21 19:23:01 ----A---- C:\WINDOWS\system32\mplay32.exe

2009-03-21 19:23:00 ----A---- C:\WINDOWS\system32\spider.exe

2009-03-21 19:22:59 ----A---- C:\WINDOWS\system32\tsgqec.dll

2009-03-21 19:22:59 ----A---- C:\WINDOWS\system32\tscfgwmi.dll

2009-03-21 19:22:58 ----A---- C:\WINDOWS\system32\rhttpaa.dll

2009-03-21 19:22:58 ----A---- C:\WINDOWS\system32\aaclient.dll

2009-03-21 19:22:57 ----A---- C:\WINDOWS\system32\mstscax.dll

2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\sessmgr.exe

2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\remotepg.dll

2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\rdshost.exe

2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\rdsaddin.exe

2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\mstsc.exe

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\termsrv.dll

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpwsx.dll

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpsnd.dll

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpclip.exe

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdchost.dll

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\qprocess.exe

2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\mtxoci.dll

2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\msdtcuiu.dll

2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\icaapi.dll

2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\cfgbkend.dll

2009-03-21 19:22:53 ----A---- C:\WINDOWS\system32\msdtctm.dll

2009-03-21 19:22:53 ----A---- C:\WINDOWS\system32\msdtcprx.dll

2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\xolehlp.dll

2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\msdtclog.dll

2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\msdtc.exe

2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\dcomcnfg.exe

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\stclient.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxlegih.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxex.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxdm.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\comrepl.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\comaddin.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\colbact.dll

2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\clbcatex.dll

2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\catsrvut.dll

2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\catsrvps.dll

2009-03-21 19:22:49 ----A---- C:\WINDOWS\system32\comsvcs.dll

2009-03-21 19:22:49 ----A---- C:\WINDOWS\system32\catsrv.dll

2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\comuid.dll

2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\comsnap.dll

2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\clbcatq.dll

2009-03-21 19:22:39 ----A---- C:\WINDOWS\system32\servdeps.dll

2009-03-21 19:22:38 ----A---- C:\WINDOWS\system32\mmfutil.dll

2009-03-21 19:22:38 ----A---- C:\WINDOWS\system32\licwmi.dll

2009-03-21 19:22:37 ----A---- C:\WINDOWS\system32\cmprops.dll

2009-03-21 18:10:28 ----AD---- C:\WINDOWS\i386

2009-03-21 18:09:08 ----D---- C:\Program Files\Mozilla Thunderbird

2009-03-21 18:08:03 ----D---- C:\Program Files\Recuva

2009-03-21 18:08:02 ----D---- C:\Program Files\Paint.NET

2009-03-21 18:08:00 ----D---- C:\Program Files\Occtpt

2009-03-21 18:07:43 ----D---- C:\Program Files\Cpu-z

2009-03-15 19:47:17 ----D---- C:\Program Files\MSBuild

2009-03-15 19:44:54 ----D---- C:\Program Files\Microsoft Visual Studio 8

2009-03-11 20:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2009-03-11 20:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$

2009-03-11 20:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$

2009-03-09 20:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

2009-03-09 20:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

2009-02-26 19:46:50 ----A---- C:\WINDOWS\system32\xfcodec.dll

 

======List of files/folders modified in the last 1 months======

 

2009-03-23 10:51:59 ----D---- C:\WINDOWS\Temp

2009-03-23 10:46:16 ----RD---- C:\Program Files

2009-03-23 08:33:04 ----D---- C:\Program Files\Mozilla Firefox

2009-03-23 08:31:50 ----D---- C:\WINDOWS\system32

2009-03-23 08:31:49 ----HD---- C:\WINDOWS\inf

2009-03-23 08:31:49 ----D---- C:\WINDOWS

2009-03-23 08:31:47 ----D---- C:\WINDOWS\system32\CatRoot2

2009-03-22 23:33:09 ----D---- C:\WINDOWS\system

2009-03-22 23:28:45 ----HD---- C:\Config.Msi

2009-03-22 23:26:15 ----D---- C:\WINDOWS\system32\drivers

2009-03-22 23:24:12 ----D---- C:\WINDOWS\system32\CatRoot

2009-03-22 23:24:08 ----SHD---- C:\WINDOWS\Installer

2009-03-22 22:44:20 ----D---- C:\Program Files\Teamspeak2_RC2

2009-03-22 22:12:35 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2009-03-22 21:00:18 ----SH---- C:\boot.ini

2009-03-22 21:00:18 ----A---- C:\WINDOWS\win.ini

2009-03-22 21:00:18 ----A---- C:\WINDOWS\system.ini

2009-03-22 17:57:49 ----RSD---- C:\WINDOWS\assembly

2009-03-22 17:56:45 ----D---- C:\WINDOWS\Microsoft.NET

2009-03-22 17:46:24 ----D---- C:\Program Files\Fichiers communs

2009-03-22 16:51:56 ----D---- C:\Program Files\Microsoft Silverlight

2009-03-22 16:50:34 ----D---- C:\WINDOWS\system32\DirectX

2009-03-22 16:49:53 ----D---- C:\WINDOWS\WinSxS

2009-03-22 16:48:33 ----RSD---- C:\WINDOWS\Fonts

2009-03-22 03:24:01 ----D---- C:\WINDOWS\Prefetch

2009-03-22 01:11:40 ----D---- C:\Program Files\Xfire

2009-03-22 01:07:35 ----D---- C:\WINDOWS\Help

2009-03-22 00:57:54 ----D---- C:\Program Files\TuneUp Utilities 2008

2009-03-21 23:35:26 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-03-21 21:33:28 ----SHD---- C:\RECYCLER

2009-03-21 21:30:14 ----D---- C:\Documents and Settings

2009-03-21 20:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

2009-03-21 20:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2009-03-21 20:16:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2009-03-21 20:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2009-03-21 20:16:07 ----D---- C:\Program Files\Internet Explorer

2009-03-21 20:09:57 ----D---- C:\WINDOWS\WBEM

2009-03-21 20:09:57 ----D---- C:\WINDOWS\system32\fr

2009-03-21 20:09:57 ----D---- C:\WINDOWS\Network Diagnostic

2009-03-21 20:09:57 ----D---- C:\WINDOWS\L2Schemas

2009-03-21 20:07:40 ----D---- C:\WINDOWS\AppPatch

2009-03-21 20:07:22 ----RD---- C:\WINDOWS\Web

2009-03-21 20:07:22 ----D---- C:\WINDOWS\system32\Setup

2009-03-21 20:06:12 ----D---- C:\WINDOWS\Offline Web Pages

2009-03-21 20:06:03 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-03-21 20:05:53 ----D---- C:\WINDOWS\twain_32

2009-03-21 20:05:49 ----D---- C:\WINDOWS\system32\ras

2009-03-21 20:05:45 ----D---- C:\WINDOWS\system32\icsxml

2009-03-21 20:05:25 ----D---- C:\WINDOWS\system32\1036

2009-03-21 19:47:37 ----D---- C:\WINDOWS\SoftwareDistribution

2009-03-21 19:47:32 ----D---- C:\WINDOWS\system32\MsDtc

2009-03-21 19:47:26 ----D---- C:\WINDOWS\security

2009-03-21 19:47:26 ----D---- C:\WINDOWS\repair

2009-03-21 19:47:17 ----D---- C:\WINDOWS\Debug

2009-03-21 19:46:43 ----SHD---- C:\System Volume Information

2009-03-21 19:46:43 ----D---- C:\WINDOWS\system32\Restore

2009-03-21 19:46:32 ----SD---- C:\WINDOWS\Tasks

2009-03-21 19:45:57 ----D---- C:\WINDOWS\system32\config

2009-03-21 19:37:11 ----D---- C:\Program Files\WinRAR

2009-03-21 19:37:01 ----D---- C:\Program Files\Nero

2009-03-21 19:35:21 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-03-21 19:30:55 ----D---- C:\WINDOWS\Registration

2009-03-21 19:30:14 ----D---- C:\WINDOWS\system32\URTTemp

2009-03-21 19:28:06 ----D---- C:\WINDOWS\system32\ias

2009-03-21 19:26:41 ----D---- C:\WINDOWS\srchasst

2009-03-21 19:26:32 ----D---- C:\Program Files\Windows Media Player

2009-03-21 19:26:27 ----D---- C:\Program Files\Outlook Express

2009-03-21 19:24:38 ----D---- C:\WINDOWS\system32\Com

2009-03-21 19:23:31 ----D---- C:\Program Files\Windows Media Connect 2

2009-03-21 19:23:08 ----D---- C:\WINDOWS\system32\wbem

2009-03-21 19:23:00 ----D---- C:\WINDOWS\system32\fr-fr

2009-03-21 18:38:01 ----D---- C:\WINDOWS\system32\usmt

2009-03-21 18:38:01 ----D---- C:\WINDOWS\system32\oodag

2009-03-21 18:37:59 ----HD---- C:\WINDOWS\system32\GroupPolicy

2009-03-21 18:37:53 ----D---- C:\WINDOWS\system32\1033

2009-03-21 18:37:52 ----D---- C:\WINDOWS\SHELLNEW

2009-03-21 18:37:51 ----D---- C:\WINDOWS\PeerNet

2009-03-21 18:37:38 ----D---- C:\WINDOWS\ime

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$

2009-03-17 18:11:17 ----HD---- C:\Program Files\InstallShield Installation Information

2009-03-17 13:42:48 ----D---- C:\temp

2009-03-17 02:09:13 ----HD---- C:\$AVG8.VAULT$

2009-03-15 19:46:43 ----D---- C:\Program Files\Microsoft Office

2009-03-11 10:59:07 ----HD---- C:\WINDOWS\$hf_mig$

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]

R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-03-22 213520]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-02 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]

R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]

R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 1275584]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-02 144384]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-05-02 10368]

R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-02-03 41504]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2008-05-02 5810]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-02 61824]

R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-05-02 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-05-02 259712]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-02 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-02 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-05-02 73600]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]

R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-03-21 201992]

R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-02-15 707344]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-07-16 33632]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-07-16 68952]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-05-02 14336]

 

-----------------EOF-----------------

Modifié le 23 mars 2009 par rital94

[pear]

Bonjour,

 

EoRezo apparait sur votre ordinateur,. Ce logiciel vous espionne .

Il a ,entre autres désavantages, la particularité de bloquer la page d'accueil de votre navigateur sur lo.st ,moteur de recherche pour qui le respect de la vie privée n'est pas une priorité

Il faut le désinstaller :

Télécharger sur le bureauOTMoveIt3 by OldTimer .

Double-clic sur OTMoveIt3.exe pour le lancer.

Sous Vista,Clic droit sur le fichier ->Choisir Exécuter en tant qu' Administrateur

Vérifier que Unregister Dll's and Ocx's soit coché.

* Copiez /Collez les lignes ci dessous):

 

:Processes

explorer.exe

 

:Files

C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe

c:\program files\eorezo

C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo

:Reg

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"EoEngine"=-

"SoftwareHelper"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

 

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

Revenez dans OTMoveIt3,

Clic droit sur la fenêtre "Paste Instructions for Items to be Moved" sous la barre jaune et choisir Coller(Paste).

* Click le bouton rouge Moveit!

* Fermez OTMoveIt3

Votre Pc va redémarrer.

Rendez vous dans le dossier C:\_OTMoveIt\MovedFiles ,

ouvrez le dernier fichier .log

Copiez/collez en le contenu dans votre prochaine réponse

 

 

et un nouvel hijackthis, svp.

[rital94]

voila comme demandé les rapport :

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe moved successfully.

File/Folder c:\program files\eorezo not found.

C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo\SoftwareUpdate\Software\eoengine\9.1.0.0 moved successfully.

C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo\SoftwareUpdate\Software\eoengine moved successfully.

C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo\SoftwareUpdate\Software moved successfully.

C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo\SoftwareUpdate\Download moved successfully.

C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo\SoftwareUpdate moved successfully.

C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo\eoDesktop moved successfully.

C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo\db moved successfully.

C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SoftwareHelper deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine\\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}}\\ not found.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

File delete failed. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03232009_141025

 

Files moved on Reboot...

C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\christophe.B7F020E3BF5F476\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\XUL.mfl moved successfully.

 

 

puis hijathis :

 

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by christophe at 2009-03-23 14:15:57

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 146 GB (77%) free of 191 GB

Total RAM: 1023 MB (53% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:18:27, on 23/03/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\WINDOWS\system32\oodag.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\notepad.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Xfire\xfire.exe

C:\Program Files\IncrediMail\bin\ImApp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\christophe.B7F020E3BF5F476\Bureau\RSIT.exe

C:\Program Files\trend micro\christophe.exe

C:\WINDOWS\system32\notepad.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://lo.st#first

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O1 - Hosts: ;Tag&rename

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [softwareHelper] C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe

O4 - Global Startup: RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

 

--

End of file - 5702 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2009-03-21 62728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-03-21 201992]

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []

"SoftwareHelper"=C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe []

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2008-05-02 679936]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-04 62976]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-02 15360]

"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-02-25 251264]

 

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage

RAID Manager.lnk - C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

 

C:\Documents and Settings\christophe.B7F020E3BF5F476\Menu Démarrer\Programmes\Démarrage

Xfire.lnk - C:\Program Files\Xfire\xfire.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2008-04-25 206088]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-05-02 200064]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2009-03-23 14:10:25 ----D---- C:\_OTMoveIt

2009-03-23 10:46:16 ----D---- C:\rsit

2009-03-23 10:46:16 ----D---- C:\Program Files\trend micro

2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\muweb.dll

2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\mucltui.dll

2009-03-22 22:43:16 ----D---- C:\Program Files\CCleaner

2009-03-22 20:00:28 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Malwarebytes

2009-03-22 20:00:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-03-22 20:00:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2009-03-22 17:46:24 ----D---- C:\Program Files\Fichiers communs\logishrd

2009-03-22 17:46:24 ----A---- C:\WINDOWS\system32\vfwwdm32.dll

2009-03-22 16:50:34 ----A---- C:\WINDOWS\system32\d3dx9_32.dll

2009-03-22 16:00:19 ----RA---- C:\WINDOWS\system32\Audio3D.dll

2009-03-22 16:00:06 ----RA---- C:\WINDOWS\system32\cmudax.dll

2009-03-22 16:00:06 ----RA---- C:\WINDOWS\system32\cmirmdrv.exe

2009-03-22 13:50:47 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Media Player Classic

2009-03-22 13:49:27 ----D---- C:\Program Files\ffdshow

2009-03-22 01:42:00 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Thunderbird

2009-03-22 01:33:35 ----A---- C:\WINDOWS\system32\BASSMOD.dll

2009-03-22 01:17:34 ----D---- C:\WINDOWS\pss

2009-03-22 01:06:17 ----D---- C:\Program Files\GSpot221

2009-03-22 00:55:34 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\TuneUp Software

2009-03-22 00:46:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\IM

2009-03-22 00:45:14 ----D---- C:\Program Files\IncrediMail

2009-03-22 00:45:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail

2009-03-22 00:38:12 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Xfire

2009-03-21 23:42:54 ----D---- C:\Program Files\Marvell

2009-03-21 23:25:30 ----D---- C:\Program Files\Intel

2009-03-21 23:19:10 ----A---- C:\WINDOWS\system32\ntport.dll

2009-03-21 23:11:12 ----RA---- C:\WINDOWS\system32\cmirmdrv.dll

2009-03-21 23:11:11 ----RA---- C:\WINDOWS\system32\udaprop.dll

2009-03-21 23:00:00 ----RA---- C:\WINDOWS\system32\a3d.dll

2009-03-21 22:29:41 ----A---- C:\WINDOWS\Ascd_tmp.ini

2009-03-21 22:22:12 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Mozilla

2009-03-21 22:10:52 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Macromedia

2009-03-21 22:10:52 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Adobe

2009-03-21 21:47:31 ----D---- C:\Program Files\Kaspersky Lab

2009-03-21 21:47:31 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab

2009-03-21 21:42:47 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\teamspeak2

2009-03-21 21:41:02 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Xentient

2009-03-21 21:40:43 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\HLSW

2009-03-21 21:31:21 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Identities

2009-03-21 21:30:19 ----ASH---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\desktop.ini

2009-03-21 21:30:17 ----SD---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Microsoft

2009-03-21 20:20:31 ----A---- C:\WINDOWS\system32\h323log.txt

2009-03-21 20:19:23 ----A---- C:\WINDOWS\system32\ksuser.dll

2009-03-21 20:17:15 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$

2009-03-21 20:17:03 ----A---- C:\WINDOWS\system32\usbui.dll

2009-03-21 20:16:28 ----A---- C:\WINDOWS\system32\spupdsvc.exe

2009-03-21 20:15:14 ----N---- C:\WINDOWS\system32\spmsg.dll

2009-03-21 20:13:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-03-21 20:13:24 ----A---- C:\WINDOWS\ODBCINST.INI

2009-03-21 20:13:14 ----A---- C:\WINDOWS\system32\irclass.dll

2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\spxcoins.dll

2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll

2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\dgsetup.dll

2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll

2009-03-21 20:13:10 ----A---- C:\WINDOWS\TASKMAN.EXE

2009-03-21 20:13:09 ----A---- C:\WINDOWS\system32\batt.dll

2009-03-21 20:13:08 ----A---- C:\WINDOWS\NOTEPAD.EXE

2009-03-21 20:13:07 ----A---- C:\WINDOWS\system32\storprop.dll

2009-03-21 20:12:50 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini

2009-03-21 20:10:45 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft

2009-03-21 19:46:30 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-03-21 19:36:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero

2009-03-21 19:35:32 ----D---- C:\Program Files\TaskSwitchXP

2009-03-21 19:34:05 ----A---- C:\WINDOWS\system32\jit.dll

2009-03-21 19:34:05 ----A---- C:\WINDOWS\setdebug.exe

2009-03-21 19:34:04 ----A---- C:\WINDOWS\system32\javaee.dll

2009-03-21 19:34:04 ----A---- C:\WINDOWS\system32\dx3j.dll

2009-03-21 19:33:58 ----A---- C:\WINDOWS\system32\wjview.exe

2009-03-21 19:33:58 ----A---- C:\WINDOWS\system32\vmhelper.dll

2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msjdbc10.dll

2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msjava.dll

2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msawt.dll

2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\jview.exe

2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\jdbgmgr.exe

2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\javart.dll

2009-03-21 19:33:55 ----A---- C:\WINDOWS\system32\javaprxy.dll

2009-03-21 19:33:55 ----A---- C:\WINDOWS\system32\javacypt.dll

2009-03-21 19:33:54 ----A---- C:\WINDOWS\system32\clspack.exe

2009-03-21 19:29:09 ----A---- C:\WINDOWS\control.ini

2009-03-21 19:28:29 ----D---- C:\WINDOWS\system32\dllcache

2009-03-21 19:28:29 ----A---- C:\WINDOWS\system32\mapi32.dll

2009-03-21 19:27:24 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2009-03-21 19:27:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest

2009-03-21 19:26:31 ----A---- C:\WINDOWS\system32\acctres.dll

2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wuweb.dll

2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wucltui.dll

2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wuauserv.dll

2009-03-21 19:26:11 ----A---- C:\WINDOWS\system32\wuaueng1.dll

2009-03-21 19:26:11 ----A---- C:\WINDOWS\system32\wuaueng.dll

2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wups.dll

2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wuauclt1.exe

2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wuauclt.exe

2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\wuapi.dll

2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\qmgrprxy.dll

2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx4.dll

2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx3.dll

2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx2.dll

2009-03-21 19:26:08 ----A---- C:\WINDOWS\system32\qmgr.dll

2009-03-21 19:26:07 ----A---- C:\WINDOWS\system32\fltMc.exe

2009-03-21 19:26:07 ----A---- C:\WINDOWS\system32\fltlib.dll

2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srsvc.dll

2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srrstr.dll

2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srclient.dll

2009-03-21 19:26:05 ----A---- C:\WINDOWS\system32\msoert2.dll

2009-03-21 19:26:05 ----A---- C:\WINDOWS\system32\msoeacct.dll

2009-03-21 19:26:03 ----A---- C:\WINDOWS\system32\inetres.dll

2009-03-21 19:26:03 ----A---- C:\WINDOWS\system32\inetcomm.dll

2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\schedsvc.dll

2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\mstinit.exe

2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\mstask.dll

2009-03-21 19:24:14 ----A---- C:\WINDOWS\vbaddin.ini

2009-03-21 19:24:14 ----A---- C:\WINDOWS\vb.ini

2009-03-21 19:23:20 ----A---- C:\WINDOWS\system32\sndvol32.exe

2009-03-21 19:23:13 ----A---- C:\WINDOWS\system32\getuname.dll

2009-03-21 19:23:13 ----A---- C:\WINDOWS\system32\charmap.exe

2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\winmine.exe

2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\sol.exe

2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\calc.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\usrlogon.cmd

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tsshutdn.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tslabels.ini

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tskill.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tsdiscon.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tscon.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\reset.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\mshearts.exe

2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\freecell.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\shadow.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\rwinsta.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\regini.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\rdpcfgex.dll

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\qwinsta.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\qappsrv.exe

2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\msg.exe

2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\msdtcprf.ini

2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\logoff.exe

2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\cdmodem.dll

2009-03-21 19:23:01 ----A---- C:\WINDOWS\system32\wmimgmt.msc

2009-03-21 19:23:01 ----A---- C:\WINDOWS\system32\mplay32.exe

2009-03-21 19:23:00 ----A---- C:\WINDOWS\system32\spider.exe

2009-03-21 19:22:59 ----A---- C:\WINDOWS\system32\tsgqec.dll

2009-03-21 19:22:59 ----A---- C:\WINDOWS\system32\tscfgwmi.dll

2009-03-21 19:22:58 ----A---- C:\WINDOWS\system32\rhttpaa.dll

2009-03-21 19:22:58 ----A---- C:\WINDOWS\system32\aaclient.dll

2009-03-21 19:22:57 ----A---- C:\WINDOWS\system32\mstscax.dll

2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\sessmgr.exe

2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\remotepg.dll

2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\rdshost.exe

2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\rdsaddin.exe

2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\mstsc.exe

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\termsrv.dll

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpwsx.dll

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpsnd.dll

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpclip.exe

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdchost.dll

2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\qprocess.exe

2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\mtxoci.dll

2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\msdtcuiu.dll

2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\icaapi.dll

2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\cfgbkend.dll

2009-03-21 19:22:53 ----A---- C:\WINDOWS\system32\msdtctm.dll

2009-03-21 19:22:53 ----A---- C:\WINDOWS\system32\msdtcprx.dll

2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\xolehlp.dll

2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\msdtclog.dll

2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\msdtc.exe

2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\dcomcnfg.exe

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\stclient.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxlegih.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxex.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxdm.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\comrepl.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\comaddin.dll

2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\colbact.dll

2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\clbcatex.dll

2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\catsrvut.dll

2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\catsrvps.dll

2009-03-21 19:22:49 ----A---- C:\WINDOWS\system32\comsvcs.dll

2009-03-21 19:22:49 ----A---- C:\WINDOWS\system32\catsrv.dll

2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\comuid.dll

2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\comsnap.dll

2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\clbcatq.dll

2009-03-21 19:22:39 ----A---- C:\WINDOWS\system32\servdeps.dll

2009-03-21 19:22:38 ----A---- C:\WINDOWS\system32\mmfutil.dll

2009-03-21 19:22:38 ----A---- C:\WINDOWS\system32\licwmi.dll

2009-03-21 19:22:37 ----A---- C:\WINDOWS\system32\cmprops.dll

2009-03-21 18:10:28 ----AD---- C:\WINDOWS\i386

2009-03-21 18:09:08 ----D---- C:\Program Files\Mozilla Thunderbird

2009-03-21 18:08:03 ----D---- C:\Program Files\Recuva

2009-03-21 18:08:02 ----D---- C:\Program Files\Paint.NET

2009-03-21 18:08:00 ----D---- C:\Program Files\Occtpt

2009-03-21 18:07:43 ----D---- C:\Program Files\Cpu-z

2009-03-15 19:47:17 ----D---- C:\Program Files\MSBuild

2009-03-15 19:44:54 ----D---- C:\Program Files\Microsoft Visual Studio 8

2009-03-11 20:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2009-03-11 20:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$

2009-03-11 20:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$

2009-03-09 20:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

2009-03-09 20:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

2009-02-26 19:46:50 ----A---- C:\WINDOWS\system32\xfcodec.dll

 

======List of files/folders modified in the last 1 months======

 

2009-03-23 14:14:44 ----D---- C:\Program Files\Mozilla Firefox

2009-03-23 14:12:46 ----D---- C:\WINDOWS

2009-03-23 14:12:40 ----D---- C:\WINDOWS\Temp

2009-03-23 10:46:16 ----RD---- C:\Program Files

2009-03-23 08:31:50 ----D---- C:\WINDOWS\system32

2009-03-23 08:31:49 ----HD---- C:\WINDOWS\inf

2009-03-23 08:31:47 ----D---- C:\WINDOWS\system32\CatRoot2

2009-03-22 23:33:09 ----D---- C:\WINDOWS\system

2009-03-22 23:28:45 ----HD---- C:\Config.Msi

2009-03-22 23:26:15 ----D---- C:\WINDOWS\system32\drivers

2009-03-22 23:24:12 ----D---- C:\WINDOWS\system32\CatRoot

2009-03-22 23:24:08 ----SHD---- C:\WINDOWS\Installer

2009-03-22 22:44:20 ----D---- C:\Program Files\Teamspeak2_RC2

2009-03-22 22:12:35 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2009-03-22 21:00:18 ----SH---- C:\boot.ini

2009-03-22 21:00:18 ----A---- C:\WINDOWS\win.ini

2009-03-22 21:00:18 ----A---- C:\WINDOWS\system.ini

2009-03-22 17:57:49 ----RSD---- C:\WINDOWS\assembly

2009-03-22 17:56:45 ----D---- C:\WINDOWS\Microsoft.NET

2009-03-22 17:46:24 ----D---- C:\Program Files\Fichiers communs

2009-03-22 16:51:56 ----D---- C:\Program Files\Microsoft Silverlight

2009-03-22 16:50:34 ----D---- C:\WINDOWS\system32\DirectX

2009-03-22 16:49:53 ----D---- C:\WINDOWS\WinSxS

2009-03-22 16:48:33 ----RSD---- C:\WINDOWS\Fonts

2009-03-22 03:24:01 ----D---- C:\WINDOWS\Prefetch

2009-03-22 01:11:40 ----D---- C:\Program Files\Xfire

2009-03-22 01:07:35 ----D---- C:\WINDOWS\Help

2009-03-22 00:57:54 ----D---- C:\Program Files\TuneUp Utilities 2008

2009-03-21 23:35:26 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-03-21 21:33:28 ----SHD---- C:\RECYCLER

2009-03-21 21:30:14 ----D---- C:\Documents and Settings

2009-03-21 20:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

2009-03-21 20:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2009-03-21 20:16:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2009-03-21 20:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2009-03-21 20:16:07 ----D---- C:\Program Files\Internet Explorer

2009-03-21 20:09:57 ----D---- C:\WINDOWS\WBEM

2009-03-21 20:09:57 ----D---- C:\WINDOWS\system32\fr

2009-03-21 20:09:57 ----D---- C:\WINDOWS\Network Diagnostic

2009-03-21 20:09:57 ----D---- C:\WINDOWS\L2Schemas

2009-03-21 20:07:40 ----D---- C:\WINDOWS\AppPatch

2009-03-21 20:07:22 ----RD---- C:\WINDOWS\Web

2009-03-21 20:07:22 ----D---- C:\WINDOWS\system32\Setup

2009-03-21 20:06:12 ----D---- C:\WINDOWS\Offline Web Pages

2009-03-21 20:06:03 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-03-21 20:05:53 ----D---- C:\WINDOWS\twain_32

2009-03-21 20:05:49 ----D---- C:\WINDOWS\system32\ras

2009-03-21 20:05:45 ----D---- C:\WINDOWS\system32\icsxml

2009-03-21 20:05:25 ----D---- C:\WINDOWS\system32\1036

2009-03-21 19:47:37 ----D---- C:\WINDOWS\SoftwareDistribution

2009-03-21 19:47:32 ----D---- C:\WINDOWS\system32\MsDtc

2009-03-21 19:47:26 ----D---- C:\WINDOWS\security

2009-03-21 19:47:26 ----D---- C:\WINDOWS\repair

2009-03-21 19:47:17 ----D---- C:\WINDOWS\Debug

2009-03-21 19:46:43 ----SHD---- C:\System Volume Information

2009-03-21 19:46:43 ----D---- C:\WINDOWS\system32\Restore

2009-03-21 19:46:32 ----SD---- C:\WINDOWS\Tasks

2009-03-21 19:45:57 ----D---- C:\WINDOWS\system32\config

2009-03-21 19:37:11 ----D---- C:\Program Files\WinRAR

2009-03-21 19:37:01 ----D---- C:\Program Files\Nero

2009-03-21 19:35:21 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-03-21 19:30:55 ----D---- C:\WINDOWS\Registration

2009-03-21 19:30:14 ----D---- C:\WINDOWS\system32\URTTemp

2009-03-21 19:28:06 ----D---- C:\WINDOWS\system32\ias

2009-03-21 19:26:41 ----D---- C:\WINDOWS\srchasst

2009-03-21 19:26:32 ----D---- C:\Program Files\Windows Media Player

2009-03-21 19:26:27 ----D---- C:\Program Files\Outlook Express

2009-03-21 19:24:38 ----D---- C:\WINDOWS\system32\Com

2009-03-21 19:23:31 ----D---- C:\Program Files\Windows Media Connect 2

2009-03-21 19:23:08 ----D---- C:\WINDOWS\system32\wbem

2009-03-21 19:23:00 ----D---- C:\WINDOWS\system32\fr-fr

2009-03-21 18:38:01 ----D---- C:\WINDOWS\system32\usmt

2009-03-21 18:38:01 ----D---- C:\WINDOWS\system32\oodag

2009-03-21 18:37:59 ----HD---- C:\WINDOWS\system32\GroupPolicy

2009-03-21 18:37:53 ----D---- C:\WINDOWS\system32\1033

2009-03-21 18:37:52 ----D---- C:\WINDOWS\SHELLNEW

2009-03-21 18:37:51 ----D---- C:\WINDOWS\PeerNet

2009-03-21 18:37:38 ----D---- C:\WINDOWS\ime

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$

2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$

2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$

2009-03-17 18:11:17 ----HD---- C:\Program Files\InstallShield Installation Information

2009-03-17 13:42:48 ----D---- C:\temp

2009-03-17 02:09:13 ----HD---- C:\$AVG8.VAULT$

2009-03-15 19:46:43 ----D---- C:\Program Files\Microsoft Office

2009-03-11 10:59:07 ----HD---- C:\WINDOWS\$hf_mig$

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]

R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-03-22 213520]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-02 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]

R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]

R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 1275584]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-02 144384]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-05-02 10368]

R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-02-03 41504]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2008-05-02 5810]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-02 61824]

R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-05-02 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-05-02 259712]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-02 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-02 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-05-02 73600]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]

R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-03-21 201992]

R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-02-15 707344]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-07-16 33632]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-07-16 68952]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-05-02 14336]

 

-----------------EOF-----------------

[pear]

Il y a une infection y.lo.st qui n'apparaissait pas sur vos premiers Hijackthis.

 

Tout d'abord, Combofix vérifie si la Console de récupération est installée et vous propose de le faire dans le cas contraire.

La Console de récupération Windows vous permettra de démarrer dans un mode spécial de récupération (réparation).

Elle peut être nécessaire si votre ordinateur rencontre un problème après une tentative de nettoyage.

C'est une procédure simple, qui ne vous prendra que peu de temps et pourra peut-être un jour vous sauver la mise.

Après installation,vous devriez voir ce message:

The Recovery Console was successfully installed.

La console de Récupération

Certaines infections (Rootkit en Mbr)ne peuvent être traitées qu'en utilisant la Console de Récupération,

D'importantes procédures que Combofix est susceptible de lancer ne fonctionneront qu'à la condition que la console de récupération(Sous Xp) soit installée

C'est pourquoiil vous est instament conseillé d' installer d'abord la Console de Récupération sur le pc .

Les utilisateurs de Windows Vista peuvent utiliser leur CD Windows pour démarrer en mode Vista Recovery Environment (Environnement de réparation Vista)

Cela permettra de réparer le système au cas ou le pc ne redémarrerait plus suite à la désinfection.

Si c'est déjà fait, passez au point 2).

* Après avoir cliqué sur le lien correspondant à votre version de Windows, vous serez dirigé sur une page:

cliquez sur le bouton Télécharger afin de récupérer le package d'installation sur leBureau:

Ne modifiez pas le nom du fichier

Windows XP Service Pack 2 (SP2) > Microsoft Windows XP Professionnel SP2

* Faites un glisser/déposer de ce fichier sur le fichier ComboFix.exe

 

* Suivre les indications à l'écran pour lancer ComboFix et lorsqu'on le demande, accepter le Contrat de Licence d'Utilisateur Final pour installer la Console de Récupération Microsoft.

* Lorsque ce sera terminé, un message vous dira que la Console a bien été installée puis un rapport nommé CF_RC.txt va s'afficher:

postez en le contenu .

 

Vous allez télécharger Combofix.

Ce logiciel est très puissant et ne doit pas être utilisé sans une aide compétente sous peine de risquer des dommages irréversibles.

Veuillez noter que ce logiciel est régulièrement mis à jour et que la version que vous allez charger sera obsolète dans quelques jours.

Avant de l'installer,vous pourriez lire ce Mode opératoire:

 

Télécharger combofix.exe de sUBs

et sauvegardez le sur le bureau

Fermez ou désactivez tous les programmes Antivirus, Antispyware, Pare-feu actifs ,Teatimer de Spybot car ils pourraient perturber le fonctionnement de cet outil

Pour éviter leur réactivation après un redémarrage, décochez les dans les options de démarrage ->Msconfig

Cela est absolument nécessaire au succès de la procédure.

Bien évidemment, vous les rétablirez ensuite.

Connecter tous les disques amovibles (disque dur externe, clé USB…).

*Double cliquer sur combofix.exe pour le lancer.

 

Ne pas fermer la fenêtre qui vient de s'ouvrir , le bureau serait vide et cela pourrait entraîner un plantage du programme!

Pour lancer le scan

 

* Taper sur la touche 1 pour démarrer le scan.

Si pour une raison quelconque, Vista par exemple, combofix ne se lançait pas,

Démarrez en mode sans échec, choisissez le compte Administrateur, lancez Combofix

Lorsque ComboFix tourne, ne touchez plus du tout à votre ordinateur, vous risqueriez de planter le programme.

 

* Le scan pourrait prendre un certain temps:Soyez patient!

A la fin,,un rapport sera généré : postez en le contenu dans un prochain message.

* Si le rapport est trop long, postez le en deux fois.

Il se trouve à c:\combofix.txt

[rital94]

merci de votre dévouement a mon égard

 

ComboFix 09-03-22.01 - christophe 2009-03-23 17:08:02.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.507 [GMT 1:00]

Lancé depuis: c:\documents and settings\christophe.B7F020E3BF5F476\Bureau\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)

FW: Kaspersky Internet Security *disabled*

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Christophe\Application Data\inst.exe

I:\autorun.inf

i:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213

i:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe

i:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213\Desktop.ini

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-23 au 2009-03-23 ))))))))))))))))))))))))))))))))))))

.

 

2009-03-23 17:11 . 2009-03-23 17:11 <REP> d-------- c:\windows\system32\oobe

2009-03-23 17:11 . 2009-03-23 17:11 <REP> d-------- c:\windows\system32\npp

2009-03-23 17:11 . 2009-03-23 17:11 <REP> d-------- c:\windows\msagent

2009-03-23 16:19 . 2009-03-23 16:19 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\HP

2009-03-23 16:17 . 2009-03-23 16:17 <REP> d-------- c:\program files\Fichiers communs\HP

2009-03-23 16:14 . 2009-03-23 16:14 <REP> d-------- c:\program files\Hewlett-Packard

2009-03-23 16:13 . 2009-03-23 16:13 <REP> d-------- c:\program files\Fichiers communs\Hewlett-Packard

2009-03-23 16:09 . 2008-04-13 09:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2009-03-23 16:08 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

2009-03-23 16:08 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll

2009-03-23 16:08 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll

2009-03-23 16:08 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll

2009-03-23 16:08 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe

2009-03-23 16:08 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe

2009-03-23 16:08 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll

2009-03-23 16:05 . 2009-03-23 16:15 <REP> d-------- c:\program files\HP

2009-03-23 16:03 . 2004-12-14 17:06 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys

2009-03-23 16:03 . 2004-12-14 17:06 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys

2009-03-23 16:02 . 2009-03-23 16:20 70,569 --a------ c:\windows\hpoins05.dat

2009-03-23 16:02 . 2004-12-14 17:06 19,696 --------- c:\windows\hpomdl05.dat

2009-03-23 16:00 . 2008-04-13 09:47 25,856 --a------ c:\windows\system32\drivers\usbprint.sys

2009-03-23 14:10 . 2009-03-23 14:10 <REP> d-------- C:\_OTMoveIt

2009-03-23 10:46 . 2009-03-23 10:56 <REP> d-------- C:\rsit

2009-03-23 10:46 . 2009-03-23 14:16 <REP> d-------- c:\program files\trend micro

2009-03-23 08:31 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll

2009-03-23 08:31 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll

2009-03-23 08:31 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

2009-03-22 23:33 . 2009-03-23 01:04 328 --a------ c:\windows\system\cmicnfg.ini

2009-03-22 22:43 . 2009-03-22 22:43 <REP> d-------- c:\program files\CCleaner

2009-03-22 20:00 . 2009-03-22 20:00 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-22 20:00 . 2009-03-22 20:00 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Malwarebytes

2009-03-22 20:00 . 2009-03-22 20:00 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2009-03-22 20:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-22 20:00 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-03-22 17:48 . 2008-04-13 09:39 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys

2009-03-22 17:47 . 2008-04-13 09:46 19,200 --a------ c:\windows\system32\drivers\WSTCODEC.SYS

2009-03-22 17:47 . 2008-04-13 17:34 16,384 --a------ c:\windows\system32\ipsink.ax

2009-03-22 17:47 . 2008-04-13 09:46 15,232 --a------ c:\windows\system32\drivers\StreamIP.sys

2009-03-22 17:47 . 2008-04-13 09:46 11,136 --a------ c:\windows\system32\drivers\SLIP.sys

2009-03-22 17:47 . 2008-04-13 09:46 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys

2009-03-22 17:46 . 2009-03-22 17:46 <REP> d-------- c:\program files\Fichiers communs\logishrd

2009-03-22 17:46 . 2008-04-13 17:34 92,160 --a------ c:\windows\system32\kswdmcap.ax

2009-03-22 17:46 . 2008-04-13 09:46 85,248 --a------ c:\windows\system32\drivers\NABTSFEC.sys

2009-03-22 17:46 . 2008-04-13 17:34 61,952 --a------ c:\windows\system32\kstvtune.ax

2009-03-22 17:46 . 2008-04-13 17:33 54,784 --a------ c:\windows\system32\vfwwdm32.dll

2009-03-22 17:46 . 2008-04-13 17:34 43,008 --a------ c:\windows\system32\ksxbar.ax

2009-03-22 17:46 . 2008-04-13 17:34 28,672 --a------ c:\windows\system32\vidcap.ax

2009-03-22 17:46 . 2008-04-13 09:46 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys

2009-03-22 16:58 . 2009-03-22 21:04 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Tracing

2009-03-22 16:50 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll

2009-03-22 16:00 . 2002-04-29 16:04 917,504 -ra------ c:\windows\system\cmids3d.dll

2009-03-22 16:00 . 2001-11-23 13:08 712,704 -ra------ c:\windows\system32\Audio3D.dll

2009-03-22 16:00 . 2004-04-14 12:28 315,392 -ra------ c:\windows\system\cmifltr.dll

2009-03-22 16:00 . 2004-08-16 16:04 237,568 -ra------ c:\windows\system32\cmirmdrv.exe

2009-03-22 16:00 . 2004-10-21 16:46 69,632 -ra------ c:\windows\system32\cmudax.dll

2009-03-22 13:50 . 2009-03-22 13:50 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Media Player Classic

2009-03-22 13:49 . 2009-03-22 13:49 <REP> d-------- c:\program files\ffdshow

2009-03-22 01:42 . 2009-03-22 01:42 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Thunderbird

2009-03-22 01:11 . 2009-03-23 17:11 5,529 --a------ c:\windows\system32\OODBS.lor

2009-03-22 01:06 . 2009-03-22 01:06 <REP> d-------- c:\program files\GSpot221

2009-03-22 00:59 . 2009-03-22 00:59 34,064 --a------ c:\windows\system32\lhacm.acm

2009-03-22 00:55 . 2009-03-22 00:55 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\TuneUp Software

2009-03-22 00:52 . 2009-03-22 00:52 <REP> d-------- c:\documents and settings\NetworkService.AUTORITE NT.000\Application Data\Xfire

2009-03-22 00:46 . 2009-03-22 00:46 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\IM

2009-03-22 00:45 . 2009-03-22 00:46 <REP> d-------- c:\program files\IncrediMail

2009-03-22 00:45 . 2009-03-22 00:45 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\IncrediMail

2009-03-22 00:38 . 2009-03-23 17:14 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Xfire

2009-03-22 00:38 . 2009-03-22 18:06 1,100 --a------ c:\windows\system32\d3d8caps.dat

2009-03-22 00:38 . 2009-03-22 17:25 664 --a------ c:\windows\system32\d3d9caps.dat

2009-03-21 23:53 . 2009-03-22 13:02 1,188 --a------ c:\windows\ImpTableL.bin

2009-03-21 23:42 . 2009-03-21 23:42 <REP> d-------- c:\program files\Marvell

2009-03-21 23:25 . 2009-03-21 23:25 <REP> d-------- c:\program files\Intel

2009-03-21 23:19 . 2000-01-24 05:01 2,023,424 --a------ c:\windows\system32\vcl50.bpl

2009-03-21 23:19 . 2002-02-01 22:00 1,326,080 --a------ c:\windows\system32\vcl60.bpl

2009-03-21 23:19 . 2002-07-11 06:02 676,352 --a------ c:\windows\system32\RTL60.BPL

2009-03-21 23:19 . 2002-03-30 10:06 65,536 --a------ c:\windows\system32\ntport.dll

2009-03-21 23:19 . 2001-01-22 14:23 6,080 --a------ c:\windows\system32\zntport.sys

2009-03-21 23:11 . 2004-10-21 18:54 4,001,792 -ra------ c:\windows\system\cmicnfg.cpl

2009-03-21 23:11 . 2004-10-21 19:56 1,275,584 -ra------ c:\windows\system32\drivers\cmudax.sys

2009-03-21 23:11 . 2003-02-18 19:26 28,672 -ra------ c:\windows\system32\cmirmdrv.dll

2009-03-21 23:11 . 2004-02-18 15:19 16,384 -ra------ c:\windows\system32\udaprop.dll

2009-03-21 23:00 . 2001-11-23 13:08 712,704 -ra------ c:\windows\system32\a3d.dll

2009-03-21 23:00 . 2004-07-27 18:18 1,176 -ra------ c:\windows\ImpTable.bin

2009-03-21 22:29 . 2004-04-27 08:26 5,824 --a------ c:\windows\system32\drivers\ASUSHWIO.SYS

2009-03-21 22:29 . 2009-03-22 15:56 5,760 --a------ c:\windows\Ascd_tmp.ini

2009-03-21 22:22 . 2009-03-21 22:22 0 --a------ c:\windows\nsreg.dat

2009-03-21 21:50 . 2009-03-21 22:02 101,287 --a------ c:\windows\system32\drivers\klin.dat

2009-03-21 21:50 . 2009-03-21 22:02 89,601 --a------ c:\windows\system32\drivers\klick.dat

2009-03-21 21:47 . 2009-03-21 21:47 <REP> d-------- c:\program files\Kaspersky Lab

2009-03-21 21:47 . 2009-03-23 17:13 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Kaspersky Lab

2009-03-21 21:47 . 2009-03-23 17:10 351,264 --ahs---- c:\windows\system32\drivers\fidbox.dat

2009-03-21 21:47 . 2009-03-23 17:10 24,608 --ahs---- c:\windows\system32\drivers\fidbox2.dat

2009-03-21 21:47 . 2009-03-23 17:10 4,872 --ahs---- c:\windows\system32\drivers\fidbox.idx

2009-03-21 21:47 . 2009-03-23 17:10 1,164 --ahs---- c:\windows\system32\drivers\fidbox2.idx

2009-03-21 21:42 . 2009-03-22 23:01 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\teamspeak2

2009-03-21 21:41 . 2009-03-21 21:41 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Xentient

2009-03-21 21:40 . 2009-03-21 21:40 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\HLSW

2009-03-21 21:30 . 2009-03-21 20:12 <REP> d--h----- c:\documents and settings\christophe.B7F020E3BF5F476\Voisinage réseau

2009-03-21 21:30 . 2009-03-21 20:12 <REP> d--h----- c:\documents and settings\christophe.B7F020E3BF5F476\Voisinage d'impression

2009-03-21 21:30 . 2009-03-21 19:36 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\nro.log

2009-03-21 21:30 . 2009-03-21 20:12 <REP> d--h----- c:\documents and settings\christophe.B7F020E3BF5F476\Modèles

2009-03-21 21:30 . 2009-03-22 23:41 <REP> dr------- c:\documents and settings\christophe.B7F020E3BF5F476\Mes documents

2009-03-21 21:30 . 2009-03-21 20:12 <REP> dr------- c:\documents and settings\christophe.B7F020E3BF5F476\Menu Démarrer

2009-03-21 21:30 . 2009-03-21 19:33 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\IXP000.TMP

2009-03-21 21:30 . 2009-03-21 21:31 <REP> dr------- c:\documents and settings\christophe.B7F020E3BF5F476\Favoris

2009-03-21 21:30 . 2009-03-23 16:56 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476\Bureau

2009-03-21 21:30 . 2009-03-23 16:25 <REP> d-------- c:\documents and settings\christophe.B7F020E3BF5F476

2009-03-21 20:20 . 2008-04-13 10:45 172,416 --a------ c:\windows\system32\drivers\kmixer.sys

2009-03-21 20:20 . 2008-04-13 08:39 142,592 --a------ c:\windows\system32\drivers\aec.sys

2009-03-21 20:20 . 2008-04-13 11:17 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys

2009-03-21 20:20 . 2008-04-13 11:15 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys

2009-03-21 20:20 . 2008-04-13 10:45 56,576 --a------ c:\windows\system32\drivers\swmidi.sys

2009-03-21 20:20 . 2008-04-13 10:45 52,864 --a------ c:\windows\system32\drivers\DMusic.sys

2009-03-21 20:20 . 2008-04-13 10:39 7,552 --a------ c:\windows\system32\drivers\MSKSSRV.sys

2009-03-21 20:20 . 2008-04-13 10:45 6,272 --a------ c:\windows\system32\drivers\splitter.sys

2009-03-21 20:20 . 2008-04-13 10:39 5,376 --a------ c:\windows\system32\drivers\MSPCLOCK.sys

2009-03-21 20:20 . 2008-04-13 10:39 4,992 --a------ c:\windows\system32\drivers\MSPQM.sys

2009-03-21 20:20 . 2008-04-13 10:45 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys

2009-03-21 20:19 . 2008-04-13 10:19 146,048 --a------ c:\windows\system32\drivers\portcls.sys

2009-03-21 20:19 . 2008-04-13 17:34 129,536 --a------ c:\windows\system32\ksproxy.ax

2009-03-21 20:19 . 2008-04-13 09:45 60,160 --a------ c:\windows\system32\drivers\drmk.sys

2009-03-21 20:19 . 2008-04-13 10:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys

2009-03-21 20:19 . 2008-04-13 17:33 4,096 --a------ c:\windows\system32\ksuser.dll

2009-03-21 20:19 . 2001-08-17 20:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys

2009-03-21 20:18 . 2008-04-13 17:57 58,752 --a------ c:\windows\system32\drivers\redbook.sys

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-22 22:26 33,808 ----a-w c:\windows\system32\drivers\klbg.sys

2009-03-22 21:44 --------- d-----w c:\program files\Teamspeak2_RC2

2009-03-22 15:51 --------- d-----w c:\program files\Microsoft Silverlight

2009-03-22 00:11 --------- d-----w c:\program files\Xfire

2009-03-21 23:57 --------- d-----w c:\program files\TuneUp Utilities 2008

2009-03-21 18:37 --------- d-----w c:\program files\Nero

2009-03-21 18:23 --------- d-----w c:\program files\Windows Media Connect 2

2009-03-17 20:54 --------- d-----w c:\documents and settings\Christophe\Application Data\Lavasoft

2009-03-17 17:11 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-15 20:35 --------- d-----w c:\documents and settings\Christophe\Application Data\teamspeak2

2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys

2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll

2009-01-29 23:19 --------- d-----w c:\documents and settings\Christophe\Application Data\Xfire

2009-01-29 15:55 --------- d-----w c:\program files\Windows Live Safety Center

2009-01-16 16:20 3,596,288 ------w c:\windows\system32\dllcache\mshtml.dll

2008-06-06 17:02 47,360 ----a-w c:\documents and settings\Christophe\Application Data\pcouffin.sys

.

 

------- Sigcheck -------

 

2008-05-02 23:57 2011136 22f702a6dcbdb4f7282c4b73b95ee4e4 c:\windows\explorer.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-05-02 15360]

"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-25 251264]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-03-21 201992]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2008-12-21 c:\windows\system32\advpack.dll]

 

c:\documents and settings\christophe.B7F020E3BF5F476\Menu D‚marrer\Programmes\D‚marrage\

Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-02-26 3017040]

 

c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\

D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]

RAID Manager.lnk - c:\program files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2008-06-07 724992]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2008-06-07 25423]

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]

R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2008-05-02 76208]

R0 Si3132r5;Si3132r5;c:\windows\system32\drivers\Si3132r5.sys [2008-05-02 208688]

R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2008-05-02 210224]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2009-03-21 1275584]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-03-25 24592]

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - HELPSVC

.

- - - - ORPHELINS SUPPRIMES - - - -

 

Toolbar-ITBar7Layout - (no file)

Toolbar-ITBar7Position - (no file)

HKLM-Run-SoftwareHelper - c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe

HKLM-Run-Cmaudio - cmicnfg.cpl

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://y.lo.st

IE: Ajouter à Kaspersky Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

FF - ProfilePath - c:\documents and settings\christophe.B7F020E3BF5F476\Application Data\Mozilla\Firefox\Profiles\x1nzwt50.default\

FF - prefs.js: browser.startup.homepage - hxxp://y.lo.st

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-23 17:12:25

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG08.00.00.01WORKSTATION"="0EF3071BE27F119EE8AE4711B9939B58A7EEF126B416EA6CE25ACA6DED29AEF7486303C86BC

3F01A4A4635690DD897E5D25F73A8164B03991447E927B6BCAD3062C20AC736A1E3399809466B9E2C

8F899D4E67128782073661A5E6AFDF4A77DF85325B70D6FDDB4FF9AA7DAF4B9803E444A3B1D54E0A2

6504033257837858DA280E400D0C4924926B473A47ED17DF68BA85DF91B920897E94AC4CDA5ED7777

0847A1C0AB5BED237835BEC457570C7008CE8BAD3F637191F83DBFCF0F9C7DBC126FC42BF45B70657

60B7E2D6CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E12

7BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98089DB7CE019D40AA5CA6171C11E

C38DE3D2D90D57838CAF38E9E271D24C980AC1DEAE7C559CE75683CD5AB54DE667B209BE695BD449F

A4663B88AA18C1E4809FAEBAC2E1E1762E54AD5734DCFEF23C0E8163E86E1177D845AF72AC1BC7C05

2E105975C07F97169C866E85C17DD516F76FA91E089192EB93897F504B81EC6DC5C8A6334D9554143

8CADD4E7D69A3909A54C4425B40BD72F28D48D600921809CB8DD611D001E0BEBAB0047ECF54D098C2

46FAFB4198A2B35C3FD18C2269E20A267533A3EA67116A9780A525A50004415C610EFDDE52E035A7D

5B59012E5D77139B6F7A127C60D0560432EBECC6B00F52A18E04C6CA01DCC00BEBF8C5C41400254BE

D12E6366F4C5EA98FEBB9BED0B3050D004CE7FE81DDA1E5DF810D8F6F55A6B1BC555F0B97BCC2836B

91A820C6A00527AC110EBA244C47CE1D63A9B98E3776CEFD7DF236C57B19F1C77C7457ECE7BA51907

CD9BC4F131245BDF1C1F106080A6688266CF6DB848B1958B32F5590BEA4AE5D1BC0465EBFF3100EE3

CEEA5ED1E7FDE7506A12AE7A566282203A0F73FED62BF6618A1D9F8674B911D41F5B1240AEE159DFD

E4F07A0CB78630FCE7C4CA676F1F425548AD5BDAE8F7B45527D93220D20D09E92F821DF504CC931F7

1BC5583D75A5A00F5CB8605325B7176190446CC70DF1B61E602FC55C11B99C166A7CD8F9E98772006

5738EA3D061139356FD3737BF1ABA7157D604FE40EACADB7004138FC8D19C3EF9A40978AACBE28796

0CBCC792D79C4F37AF6DD895C719D2356114734F6A8538F35F393C927B97AE9A2E5EF9A46B374E5BC

67D9E117048D4458E8F2F7E6F78AEB02B27EEA9AA23CFB2992060DA4D4658221D4F1B7539FE13B179

D8E29BB0A2B5138284A257C65E83AFF42826592768ADF0A7A3294D29458F0E05EBC0B0B218B6FE54A

28044F00438E95DC3050F58A461AD5160BCE37B09A47486E48D88AECCECDF0478425FFEB330BB6263

4EA772E1D7C4F50ED8C81F1D7C80C78723B6909C6BA2E720B7DB7A708003089A65973CEC4E2765D91

8D039B4175387B7728FF84795B8CC"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1576)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\klogon.dll

c:\windows\system32\COMRes.dll

 

- - - - - - - > 'lsass.exe'(1896)

c:\windows\system32\setupapi.dll

 

- - - - - - - > 'explorer.exe'(2704)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\COMRes.dll

c:\program files\IncrediMail\bin\B4ImApp.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\windows\system32\oodag.exe

c:\windows\system32\rundll32.exe

c:\program files\IncrediMail\bin\ImApp.exe

c:\program files\HP\Digital Imaging\bin\hpqgalry.exe

c:\windows\system32\msiexec.exe

.

**************************************************************************

.

Heure de fin: 2009-03-23 17:18:47 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-03-23 16:18:25

 

Avant-CF: 152 994 447 360 octets libres

Après-CF: 152,865,550,336 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

 

295 --- E O F --- 2009-03-21 19:17:54