[RESOLU] PC Infecté, du jour au lendemain !

NotPerfect · le 1 avril 2009

Ca fait plus d'1 heure qui tourne là ...

Je ne sais pas quoi faire, c'est pas normal que ce soit aussi long :s

Falkra · le 1 avril 2009

Ce n'est pas censé être long comme ça.

Ferme le programme, et poste deux rapports RSIT, on va faire le point avec.

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Ca fait deux rapports donc.

NotPerfect · le 1 avril 2009

Bon je suis désolé d'avoir fais ça mais toute cette lenteur était exaspérante alors j'ai restauré le système à un autre point c'est à dire Mardi.

Voici le rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:53, on 01/04/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

H:\Program Files\Alwil Software\Avast4\ashDisp.exe

H:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\ASUS\AI Booster\OverClk.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

H:\Program Files\MagicTune Premium\GammaTray.exe

H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

H:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\System32\perfmon.exe

C:\Users\GuiGui\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\GuiGui\AppData\Local\Google\Chrome\Application\chrome.exe

C:\program files\avira\antivir personaledition classic\avcenter.exe

C:\Users\GuiGui\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Users\GuiGui\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - H:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [avast!] H:\PROGRA~4\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TrayServer] H:\Program Files\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "H:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe" /S

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LaCie Backup] H:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: GammaTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\pnrpnsp.dll' missing

O13 - Gopher Prefix:

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O20 - AppInit_DLLs: acaptuser32.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe

O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - H:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: RealtekUSB - Realtek - C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

O23 - Service: wampapache - Apache Software Foundation - H:\wamp\bin\apache\apache2.2.10\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - H:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

--

End of file - 11951 bytes

J'ai donc relancé S&D toolbar et voici le rapport :

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Intégrale ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Core2 CPU 6700 @ 2.66GHz )

BIOS : BIOS Date: 03/20/08 21:37:53 Ver: 08.00.12

USER : GuiGui ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1229 [VPS 081203-0] 4.8.1229 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:69 Go (Free:13 Go)

D:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)

E:\ (Local Disk) - NTFS - Total:298 Go (Free:17 Go)

F:\ (CD or DVD)

H:\ (Local Disk) - NTFS - Total:233 Go (Free:51 Go)

L:\ (USB) - FAT32 - Total:3815 Mo (Free:1 Go)

Z:\ (Network Disk)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [1] ( 01/04/2009|16:00 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Search Settings

C:\Program Files\Search Settings\kb127

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\Search Settings\kb127\SearchSettings.dll

C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"

"Url"="http://go.microsoft.com/fwlink/?LinkID=68928"

"Url"="http://go.microsoft.com/fwlink/?LinkID=44406"

"Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\GuiGui\Desktop\Iphone\Photoshop.CS3.-.WaWa-MaNia.-.By.CoolTy\Photoshop.CS3.-.WaWa-MaNia.-.By.CoolTy\Crack FR {Photoshop CS3 Extended}.rar

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7

C:\Users\GuiGui\Downloads\4D083.M45T3R.C54.UP.BY.BXNXG\Keygen + Crack

C:\Users\GuiGui\Downloads\4D083.M45T3R.C54.UP.BY.BXNXG\Keygen + Crack\Fichier … Patcher

C:\Users\GuiGui\Downloads\4D083.M45T3R.C54.UP.BY.BXNXG\Keygen + Crack\keygen.exe

C:\Users\GuiGui\Downloads\4D083.M45T3R.C54.UP.BY.BXNXG\Keygen + Crack\Fichier … Patcher\32 Bits

C:\Users\GuiGui\Downloads\4D083.M45T3R.C54.UP.BY.BXNXG\Keygen + Crack\Fichier … Patcher\64 bits

C:\Users\GuiGui\Downloads\4D083.M45T3R.C54.UP.BY.BXNXG\Keygen + Crack\Fichier … Patcher\32 Bits\amtlib.dll

C:\Users\GuiGui\Downloads\4D083.M45T3R.C54.UP.BY.BXNXG\Keygen + Crack\Fichier … Patcher\64 bits\amtlib.dll

C:\Users\GuiGui\Downloads\avstpr.By.StreetCat\Avast.Pro.v4.8.1282.Incl.Keymaker-CORE\keygen.exe

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7\Adobe CS3

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7\Adobe CS3\Photoshop

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7\Adobe CS3\Photoshop\Adobe CS3

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7\Adobe CS3\Photoshop\Adobe CS3\resources

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7\Adobe CS3\Photoshop\Adobe CS3\resources\media

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7\Adobe CS3\Photoshop\Adobe CS3\resources\media\img

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7\Adobe CS3\Photoshop\Adobe CS3\resources\media\img\Thumbs.db

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 01/04/2009|16:01 - Option : [1]

-----------\\ Fin du rapport a 16:01:19,23

Merci encore Flakra je vais faire les deux rapports RSIT !

Modifié le 1 avril 2009 par NotPerfect

NotPerfect · le 1 avril 2009

voici log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by GuiGui at 2009-04-01 16:06:18

Microsoft® Windows Vista™ Édition Intégrale Service Pack 1

System drive C: has 14 GB (20%) free of 71 GB

Total RAM: 3198 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:06:23, on 01/04/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

H:\Program Files\Alwil Software\Avast4\ashDisp.exe

H:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\ASUS\AI Booster\OverClk.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

H:\Program Files\MagicTune Premium\GammaTray.exe

H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

H:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

H:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\Windows\System32\perfmon.exe

C:\Users\GuiGui\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\GuiGui\AppData\Local\Google\Chrome\Application\chrome.exe

C:\program files\avira\antivir personaledition classic\avcenter.exe

C:\Users\GuiGui\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Apple Software Update\SoftwareUpdate.exe

C:\Users\GuiGui\Desktop\RSIT.exe

C:\Users\GuiGui\Desktop\GuiGui.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - H:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [avast!] H:\PROGRA~4\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [HP Software Update] H:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TrayServer] H:\Program Files\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "H:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe" /S

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LaCie Backup] H:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: GammaTray.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\pnrpnsp.dll' missing

O13 - Gopher Prefix:

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O20 - AppInit_DLLs: acaptuser32.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: ATK Fast User Switch Service (ATKFUSService) - ASUSTeK COMPUTER INC. - C:\Windows\system32\ATKFUSService.exe

O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - H:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: MagicTuneEngine - Unknown owner - H:\Program Files\MagicTune Premium\MagicTuneEngine.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: RealtekUSB - Realtek - C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

O23 - Service: wampapache - Apache Software Foundation - H:\wamp\bin\apache\apache2.2.10\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - H:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

--

End of file - 12011 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Defraggler Volume H Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]

IeMonitorBho Class - H:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

SearchSettings Class - C:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]

SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-20 4018176]

"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 1406024]

"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2008-06-10 1442888]

"avast!"=H:\PROGRA~4\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]

"HP Software Update"=H:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

"TrayServer"=H:\Program Files\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe [2007-07-17 90112]

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-02-06 177472]

"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

"Adobe_ID0ENQBO"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE []

"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]

""= []

"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]

"QuickTime Task"=H:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-11 342312]

"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-02-18 13683232]

"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-02-18 92704]

"Launch Ai Booster"=C:\Program Files\ASUS\AI Booster\OverClk.exe [2006-12-08 3714048]

"RivaTunerStartupDaemon"=H:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe [2009-02-25 24576]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]

"AdobeBridge"= []

"LaCie Backup"=H:\Program Files\LaCie\Backup Software\\LaCieBackup.exe [2006-07-06 2596864]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1&1 EasyLogin]

H:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

H:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

H:\Program Files\Eraser\Eraser.exe [2007-12-23 916240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

H:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-10 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

H:\Program Files\TomTom HOME 2\HOMERunner.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

GammaTray.lnk - H:\Program Files\MagicTune Premium\GammaTray.exe

HP Digital Imaging Monitor.lnk - H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="acaptuser32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]

Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2007-07-20 233888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorUser"=0

"EnableInstallerDetection"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"FilterAdministratorToken"=1

"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55eb3dae-a048-11dd-b545-001a92ba9256}]

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e

shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60652f6a-bcaf-11dd-b5b0-001a92ba9256}]

shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd0016c3-0bc9-11de-9980-001a92ba9256}]

shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff4fd897-9954-11dd-b535-001a92ba9256}]

shell\AutoRun\command - L:\a2h2.com

shell\open\command - L:\a2h2.com

======File associations======

.js - edit -

.js - open -

.txt - open -

======List of files/folders created in the last 1 months======

2009-04-01 16:06:18 ----D---- C:\rsit

2009-04-01 13:10:11 ----A---- C:\TB.txt

2009-04-01 13:09:47 ----D---- C:\ToolBar SD

2009-04-01 00:49:45 ----D---- C:\Windows\ERDNT

2009-04-01 00:49:45 ----D---- C:\ComboFix

2009-04-01 00:49:39 ----D---- C:\Qoobox

2009-03-31 18:14:23 ----D---- C:\ProgramData\Avira

2009-03-31 18:14:23 ----D---- C:\Program Files\Avira

2009-03-31 17:47:39 ----D---- C:\Users\GuiGui\AppData\Roaming\Malwarebytes

2009-03-31 17:47:34 ----D---- C:\ProgramData\Malwarebytes

2009-03-31 17:47:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-03-31 15:51:21 ----SHD---- C:\found.000

2009-03-28 21:13:28 ----D---- C:\Program Files\Intel Corporation

2009-03-28 20:14:50 ----A---- C:\Windows\system32\exception.txt

2009-03-27 11:05:10 ----D---- C:\ProgramData\Futuremark

2009-03-27 11:01:01 ----D---- C:\Program Files\Common Files\Futuremark Shared

2009-03-27 10:59:48 ----D---- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP

2009-03-26 15:02:56 ----D---- C:\Program Files\Marvell

2009-03-26 14:59:28 ----D---- C:\Users\GuiGui\AppData\Roaming\GetRightToGo

2009-03-23 16:22:32 ----D---- C:\Windows\V7.14.01

2009-03-23 16:07:34 ----A---- C:\Windows\system32\NVUNINST.EXE

2009-03-17 02:54:26 ----A---- C:\muxmp4.bat

2009-03-12 15:43:28 ----A---- C:\Windows\system32\GEARAspi.dll

2009-03-12 15:43:20 ----D---- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-12 15:43:20 ----D---- C:\Program Files\iTunes

2009-03-11 19:04:19 ----D---- C:\N++RECOV

2009-03-11 05:21:11 ----A---- C:\Windows\system32\schannel.dll

2009-03-08 16:59:52 ----RA---- C:\Windows\system32\AdobePDFUI.dll

2009-03-08 16:22:09 ----D---- C:\Users\GuiGui\AppData\Roaming\Download Manager

2009-03-08 15:21:53 ----D---- C:\Windows\system32\Adobe

2009-03-06 22:25:27 ----D---- C:\ProgramData\ALM

2009-03-06 22:17:21 ----D---- C:\Program Files\Common Files\Macrovision Shared

2009-03-06 00:59:00 ----A---- C:\Windows\system32\usbaaplrc.dll

======List of files/folders modified in the last 1 months======

2009-04-02 01:29:06 ----D---- C:\Windows\system32\config

2009-04-02 01:28:58 ----D---- C:\Windows\Tasks

2009-04-02 01:28:58 ----D---- C:\Windows\system32\spool

2009-04-02 01:28:58 ----D---- C:\Windows\system32\Msdtc

2009-04-02 01:28:58 ----D---- C:\Windows\system32\fr-FR

2009-04-02 01:28:58 ----D---- C:\Windows\system32\CodeIntegrity

2009-04-02 01:28:58 ----D---- C:\Windows\Minidump

2009-04-02 01:28:58 ----D---- C:\Windows

2009-04-02 01:28:56 ----D---- C:\ProgramData\HP Product Assistant

2009-04-02 01:28:56 ----D---- C:\Program Files\Search Settings

2009-04-02 01:28:55 ----D---- C:\Windows\system32\wbem

2009-04-02 01:28:55 ----D---- C:\Windows\registration

2009-04-01 16:03:11 ----D---- C:\Windows\Temp

2009-04-01 16:02:11 ----D---- C:\Windows\System32

2009-04-01 16:02:11 ----D---- C:\Windows\inf

2009-04-01 16:02:11 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-04-01 16:02:05 ----A---- C:\Windows\win.ini

2009-04-01 16:02:04 ----SHD---- C:\Windows\Installer

2009-04-01 15:53:39 ----RD---- C:\Program Files

2009-04-01 15:47:20 ----D---- C:\Windows\system32\drivers

2009-04-01 15:46:50 ----SHD---- C:\System Volume Information

2009-04-01 15:43:01 ----D---- C:\Windows\system32\Tasks

2009-04-01 15:38:38 ----D---- C:\Windows\system32\catroot2

2009-04-01 15:35:53 ----D---- C:\Windows\system32\LogFiles

2009-04-01 13:04:00 ----D---- C:\Windows\Prefetch

2009-03-31 18:14:23 ----HD---- C:\ProgramData

2009-03-31 18:07:56 ----D---- C:\Users\GuiGui\AppData\Roaming\MAGIX

2009-03-31 01:09:18 ----D---- C:\Users\GuiGui\AppData\Roaming\FileZilla

2009-03-28 21:13:27 ----HD---- C:\Program Files\InstallShield Installation Information

2009-03-27 14:16:06 ----D---- C:\ProgramData\HPSSUPPLY

2009-03-27 13:26:38 ----D---- C:\Users\GuiGui\AppData\Roaming\Azureus

2009-03-27 12:51:33 ----RSD---- C:\Windows\assembly

2009-03-27 12:03:35 ----D---- C:\Windows\system32\catroot

2009-03-27 11:01:01 ----D---- C:\Program Files\Common Files

2009-03-27 10:59:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2009-03-27 10:25:09 ----A---- C:\Windows\system32\wrap_oal.dll

2009-03-27 10:25:09 ----A---- C:\Windows\system32\OpenAL32.dll

2009-03-26 15:07:27 ----D---- C:\Windows\system

2009-03-26 15:07:17 ----D---- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver

2009-03-26 01:42:45 ----D---- C:\Program Files\Vuze

2009-03-25 09:59:10 ----D---- C:\ProgramData\ma-config.com

2009-03-25 09:59:10 ----D---- C:\Program Files\ma-config.com

2009-03-23 18:11:40 ----D---- C:\Windows\Debug

2009-03-23 18:06:44 ----D---- C:\ProgramData\Spybot - Search & Destroy

2009-03-23 18:06:44 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-03-23 18:06:30 ----D---- C:\Program Files\Image-Line

2009-03-23 18:01:10 ----D---- C:\Program Files\eToro

2009-03-23 17:50:39 ----A---- C:\Windows\system32\schedlog.txt

2009-03-23 17:28:16 ----D---- C:\Program Files\ASUS

2009-03-23 16:55:11 ----D---- C:\ProgramData\NVIDIA

2009-03-23 16:11:21 ----D---- C:\Program Files\AGEIA Technologies

2009-03-20 12:33:42 ----A---- C:\Windows\avisplitter.ini

2009-03-17 03:11:52 ----A---- C:\ffmpeg_debug.bat

2009-03-17 03:11:52 ----A---- C:\ffmpeg.bat

2009-03-17 03:11:18 ----A---- C:\mpeg.txt

2009-03-12 16:14:20 ----D---- C:\Users\GuiGui\AppData\Roaming\VSO

2009-03-12 15:43:27 ----DC---- C:\Windows\system32\DRVSTORE

2009-03-12 15:43:21 ----D---- C:\Program Files\iPod

2009-03-12 15:43:20 ----D---- C:\Program Files\Common Files\Apple

2009-03-12 04:15:17 ----D---- C:\Windows\winsxs

2009-03-12 04:01:57 ----D---- C:\Program Files\Windows Mail

2009-03-12 04:00:59 ----D---- C:\ProgramData\Microsoft Help

2009-03-09 20:00:44 ----SD---- C:\Users\GuiGui\AppData\Roaming\Microsoft

2009-03-08 16:52:08 ----RSD---- C:\Windows\Fonts

2009-03-08 16:22:09 ----SD---- C:\Windows\Downloaded Program Files

2009-03-08 15:47:22 ----D---- C:\Users\GuiGui\AppData\Roaming\Adobe

2009-03-07 15:36:56 ----D---- C:\Program Files\Adobe

2009-03-06 22:37:17 ----D---- C:\Program Files\Common Files\Adobe

2009-03-06 22:24:21 ----D---- C:\ProgramData\Adobe

2009-03-06 21:25:14 ----D---- C:\AdobeTemp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2006-10-18 12664]

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]

R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]

R1 atkdisplf;ATK Kernel Mode Enhanced Driver; C:\Windows\System32\Drivers\atkdisplowfilter.sys [2007-04-02 28800]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072]

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-21 350720]

R1 EIO;EIO; C:\Windows\System32\Drivers\eio.sys [2006-06-14 12288]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver; C:\Windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]

R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]

R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]

R2 nvport;NVIDIA PORT IO Control Driver; \??\C:\Windows\system32\Drivers\nvport.sys [2006-05-05 4608]

R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys [2007-02-01 13184]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-23 1652968]

R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-07-26 41752]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]

R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-02-18 7765504]

R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2007-05-09 14112]

R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2006-03-29 9856]

R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]

R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2008-06-10 33352]

R3 RivaTuner32;RivaTuner32; \??\H:\Program Files\RivaTuner v2.24\RivaTuner32.sys [2009-02-25 9088]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]

R3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]

R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-12-09 311808]

S1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2007-08-08 28968]

S3 aoj5yzsb;aoj5yzsb; C:\Windows\system32\drivers\aoj5yzsb.sys []

S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]

S3 driverhardwarev2;driverhardwarev2; \??\H:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-04-22 27672]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]

S3 GPU-Z;GPU-Z; \??\C:\Users\GuiGui\AppData\Local\Temp\GPU-Z.sys []

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 MagicTune;MagicTune; C:\Windows\system32\drivers\MTiCtwl.sys [2006-08-28 13312]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-02 17536]

S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-02 20864]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver; C:\Windows\system32\DRIVERS\sis163u.sys [2007-01-25 218112]

S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2008-11-12 23600]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-06 36864]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]

R2 aswUpdSv;avast! iAVS4 Control Service; H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]

R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]

R2 MagicTuneEngine;MagicTuneEngine; H:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-02-18 207392]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]

R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-10-05 66872]

R2 RealtekUSB;RealtekUSB; C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [2007-07-27 36864]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-03-11 656168]

S2 ATKFUSService;ATK Fast User Switch Service; C:\Windows\system32\ATKFUSService.exe [2007-04-02 67072]

S2 avast! Antivirus;avast! Antivirus; H:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]

S3 avast! Mail Scanner;avast! Mail Scanner; H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

S3 avast! Web Scanner;avast! Web Scanner; H:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-21 523776]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; H:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-06 655624]

S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-01-25 316664]

S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]

S3 wampapache;wampapache; H:\wamp\bin\apache\apache2.2.10\bin\httpd.exe [2008-10-10 24636]

S3 wampmysqld;wampmysqld; H:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe [2008-11-15 6447744]

S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-21 917504]

-----------------EOF-----------------

Voici info.txt :

info.txt logfile of random's system information tool 1.06 2009-04-01 16:06:26

======Uninstall list======

-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

-->H:\Program Files\MAGIX\Goya_burnR_mxcdr\instslct.exe

-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

3DMark Vantage-->C:\Program Files\InstallShield Installation Information\{C40C3C3D-97CF-44B5-836C-766E374464B3}\setup.exe -runfromtemp -l0x0009 -removeonly

3DMark06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1AE27FE6-05DB-40CB-A29E-2945980ACE27}\setup.exe" -l0x9 -removeonly

802.11 USB Wireless LAN Adapter-->C:\Windows\system32\unwlsdrv.exe SiS163u

AC3Filter (remove only)-->H:\Program Files\AC3Filter\uninstall.exe

Acrobat.com-->msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}

Acrobat.com-->MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}

Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}

Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}

Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}

Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}

Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}

Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}

Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}

Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}

Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}

Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}

Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}

Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}

Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}

Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}

Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}

Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}

Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}

Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}

Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}

Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}

Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}

Adobe Illustrator CS4-->C:\Program Files\Common Files\Adobe\Installers\2a31ae7a5c43ff52d8577782dd34e04\Setup.exe --uninstall=1

Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}

Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}

Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}

Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}

Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}

Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}

Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}

Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1

Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}

Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}

Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}

Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}

Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}

Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}

Adobe Setup-->MsiExec.exe /I{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}

Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log

Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}

Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}

Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}

AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}

AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}

AeroSnap 0.61-->"H:\Program Files\AeroSnap\unins000.exe"

AI Booster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\Setup.exe" -l0x40c

Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->H:\Program Files\WinRAR\uninstall.exe

ASIO4ALL-->H:\Program Files\ASIO4ALL v2\uninstall.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

ASUS DH Remote-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34A0AF85-C323-4867-8AA3-00A3E5A7A12B}\setup.exe" -l0x40c

ASUS Gamer OSD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}\setup.exe" -l0x9 -removeonly

ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x40c

Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly

avast! Antivirus-->H:\Program Files\Alwil Software\Avast4\aswRunDll.exe "H:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

AviSynth 2.5-->"H:\Program Files\AviSynth 2.5\Uninstall.exe"

Battlefield 2142-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x40c -removeonly

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Call of Duty® - World at War-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c

CamStudio-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EB371786-9449-4ED8-B47A-032467A58CAD} anything\anything

CCleaner (remove only)-->"H:\Program Files\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Coffret de pilotes Logitech Legacy USB Camera-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.51.2023\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"legacyqcam_10.51" /clone_wait /hide_progress

Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress

Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe

Command & Conquer™ Alerte Rouge 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}

Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}

CoreAAC Audio Decoder (remove only)-->"C:\Windows\system32\CoreAAC-uninstall.exe"

Counter-Strike-->"H:\Program Files\Steam\steam.exe" steam://uninstall/10

Deckadance-->H:\Program Files\VstPlugins\Deckadance\uninstall.exe

Defraggler (remove only)-->"H:\Program Files\Defraggler\uninst.exe"

Direct Show Ogg Vorbis Filter (remove only)-->"C:\Windows\system32\OggDSuninst.exe"

DivX Codec 3.1alpha release-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\Windows\INF\DivX.inf

DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove

eMule-->"H:\Program Files\eMule\Uninstall.exe"

encodeur Real Video Producer-->H:\Program Files\Producer\PRODUCER_Uninstal.exe

Eraser-->"C:\ProgramData\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE

Eraser-->C:\ProgramData\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe

EVEREST Home Edition v2.20-->"H:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"

ffdshow [rev 1008] [2007-03-08]-->"H:\Program Files\ffdshow\unins000.exe"

FileZilla Client 3.1.6-->H:\Program Files\FileZilla FTP Client\uninstall.exe

Firebird SQL Server - MAGIX Edition-->H:\Program Files\MAGIX\Common\Database\instslct.exe /p

Free FLV Converter V 5.9-->"H:\Program Files\Free FLV Converter\unins000.exe"

Futuremark SystemInfo-->C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly

Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}

Haali Media Splitter-->"H:\Program Files\Haali\MatroskaSplitter\uninstall.exe"

HijackThis 2.0.2-->"C:\Users\GuiGui\Desktop\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Customer Participation Program 8.0-->H:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP Imaging Device Functions 8.0-->H:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OCR Software 8.0-->H:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}

HP Photosmart.All-In-One Driver Software 8.0 .A-->H:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot

HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}

HP Solution Center 8.0-->H:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}

HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

iTunes-->MsiExec.exe /I{E5145D2D-793B-4A16-BA42-3F13EEAA7D5E}

JMicron JMB36X Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c -removeonly

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

K-Lite Mega Codec Pack 4.3.1-->"H:\Program Files\K-Lite Codec Pack\unins000.exe"

kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}

La boite a couleurs version 1.6.15-->"H:\Program Files\LaBoiteACouleurs\unins000.exe"

LaCie Backup Software v1.5.2378-->MsiExec.exe /I{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}

Lame ACM MP3 Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\Windows\INF\LameACM.inf

Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}

Logitech Updater-->MsiExec.exe /I{53735ECE-E461-4FD0-B742-23A352436D3A}

Ma-Config.com-->MsiExec.exe /X{560BD6E0-0BA6-43AF-B423-E1DF4D2EB3C3}

MagicTune Premium-->C:\Program Files\InstallShield Installation Information\{D6044256-A309-43B5-9833-D3FAFE2AD24D}\setup.exe -runfromtemp -l0x040c -removeonly

MAGIX Music Manager 2007 8.1.1.102 (F)-->H:\Program Files\MAGIX\Music_Manager_2007\instslct.exe

MAGIX Photo Manager 2007 4.2.0.85 (F)-->H:\Program Files\MAGIX\Photo_Manager_2007\instslct.exe

MAGIX Video deluxe 2008 PLUS 7.0.2.3 (F)-->H:\Program Files\MAGIX\Video_deluxe_2008_PLUS\instslct.exe

MAGIX Xtreme Photo Designer 6 6.0.20.0 (F)-->H:\Program Files\MAGIX\Xtreme_Foto_Designer_6\instslct.exe

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe

Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}

Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

MKVtoolnix 2.4.0-->H:\Program Files\MKVtoolnix\uninst.exe

MobileMe Control Panel-->MsiExec.exe /I{A14C24F6-615B-415E-84B0-610FDAD19B68}

Modèles de sons Windows-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall

Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe

Movies2iPhone .74b-->H:\Program Files\Movies2iPhone\uninst.exe

Mozilla Firefox (3.0.7)-->H:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Nokia Connectivity Cable Driver-->RUNDLL32.EXE nsesetup.dll,DoNTUninst

Notepad++-->H:\Program Files\Notepad++\uninstall.exe

NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI

NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}

NVIDIA PureVideo Decoder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}\setup.exe" -l0x40c -uninstall

On2 VP7 Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Pack PSP - Ri4m - v1.0a-->C:\Ripp-it_AM\dlls\Uninstal.exe

PCMark Vantage-->C:\Program Files\InstallShield Installation Information\{F241EC95-C81A-466E-8006-6B0B364B07A0}\setup.exe -runfromtemp -l0x0009 -removeonly

PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}

Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}

PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe

PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u

Quick Zip 4.60.019-->"C:\Program Files\QuickZip4\unins000.exe"

QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}

Real Alternative 1.51 Lite-->"H:\Program Files\Real Alternative\unins000.exe"

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly

REALTEK RTL8187 Wireless LAN Driver and Utility-->C:\Program Files\InstallShield Installation Information\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}\Install.exe -uninst -l0x40C

REALTEK RTL8187B Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{7095FD27-37F0-4750-9DE8-D37DC0043706}\Install.exe -uninst -l0x40C

Ri4m v5.0.1d-->C:\Ripp-it_AM\Ri4m_Uninstal.exe

Ripp-It Codec Pack v 4.2.6-->H:\Program Files\Ripp-It Codec Pack\uninst.exe

RivaTuner v2.24-->"H:\Program Files\RivaTuner v2.24\uninstall.exe"

Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}

Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}

Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}

Sony Ericsson PC Suite 4.006.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x040c -removeonly

Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}

Thermal Analysis Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B2C675E-8040-431B-99C4-137DF4FBF75A}\setup.exe" -l0x9 -removeonly

ThiWeb Live 2.2-->C:\Program Files\ThiWeb Live 2\uninst.exe

TmNationsForever-->"H:\Program Files\TmNationsForever\unins000.exe"

Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe

TreeSize Free V2.1-->"H:\Program Files\JAM Software\TreeSize Free\unins000.exe"

Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall

Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}

Update Service-->H:\Program Files\Sony Ericsson\Update Service\uninst.exe

VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}

VideoLAN VLC media player 0.8.6b-->H:\Program Files\VideoLAN\VLC\uninstall.exe

Virtual DJ - Atomix Productions-->H:\PROGRA~4\VIRTUA~1\UNWISE.EXE H:\PROGRA~4\VIRTUA~1\INSTALL.LOG

Vista Anti-Lag 1.1.1-->C:\Program Files\Vista Anti-Lag\uninst.exe

VistaGlazz 1.1-->"H:\Program Files\CodeGazer\VistaGlazz\unins000.exe"

VSO Image Resizer 2.1.7.4-->"H:\Program Files\VSO\Image Resizer\unins000.exe"

Vuze-->C:\Program Files\Vuze\uninstall.exe

WampServer 2.0-->"H:\wamp\unins000.exe"

Windows Driver Package - Silicon Integrated Systems Corp.(1.09b.01) (SIS163u) Net (11/20/2006 6.0.1039.1092)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\sis163u.inf_8dd1a441\sis163u.inf

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}

Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}

Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}

Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinSCP 4.1.7-->"C:\Program Files\WinSCP\unins000.exe"

x264 Revision 573 x264.nl (remove only)-->"H:\Program Files\x264\x264-uninstall.exe"

Xvid 1.1.2 final uninstall-->"H:\Program Files\Xvid\unins000.exe"

=====HijackThis Backups=====

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe [2009-04-01]

O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file) [2009-04-01]

======Hosts File======

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081203-0]

AS: Windows Defender

AS: avast! antivirus 4.8.1229 [VPS 081203-0]

======System event log======

Computer Name: PC-de-GuiGui

Event Code: 7034

Message: Le service ATK Fast User Switch Service s'est terminé de façon inattendue pour la 1ème fois.

Record Number: 8765094

Source Name: Service Control Manager

Time Written: 20090401135628.000000-000

Event Type: Erreur

User:

Computer Name: PC-de-GuiGui

Event Code: 7034

Message: Le service avast! Antivirus s'est terminé de façon inattendue pour la 1ème fois.

Record Number: 8765095

Source Name: Service Control Manager

Time Written: 20090401135628.000000-000

Event Type: Erreur

User:

Computer Name: PC-de-GuiGui

Event Code: 7026

Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :

ATITool

Record Number: 8765097

Source Name: Service Control Manager

Time Written: 20090401135628.000000-000

Event Type: Erreur

User:

Computer Name: PC-de-GuiGui

Event Code: 31004

Message: L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire de mémoire a rencontré une erreur interne.

Record Number: 8765106

Source Name: Microsoft-Windows-SharedAccess_NAT

Time Written: 20090401135659.000000-000

Event Type: Erreur

User:

Computer Name: PC-de-GuiGui

Event Code: 1050

Message: L’inscription auprès du Gestionnaire de contrôle des services pour qu’il surveille l’état du service Terminal Server a échoué avec Le service spécifié n'existe pas en tant que service installé.

; nouvelle tentative dans dix minutes.

Record Number: 8765115

Source Name: Microsoft-Windows-TerminalServices-LocalSessionManager

Time Written: 20090401140548.000000-000

Event Type: Erreur

User:

=====Application event log=====

Computer Name: PC-de-GuiGui

Event Code: 1001

Message: Échec de détection du produit ‘{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}’, fonctionnalité ‘SearchSettingBHO’ lors de la demande du composant ‘{F6222920-2075-4D76-9553-A77F08515E43}’

Record Number: 15980

Source Name: MsiInstaller

Time Written: 20090401135229.000000-000

Event Type: Avertissement

User: PC-de-GuiGui\GuiGui

Computer Name: PC-de-GuiGui

Event Code: 1000

Message:

Record Number: 15996

Source Name: Application Error

Time Written: 20090401135559.000000-000

Event Type: Erreur

User:

Computer Name: PC-de-GuiGui

Event Code: 10

Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.

Record Number: 16010

Source Name: Microsoft-Windows-WMI

Time Written: 20090401135627.000000-000

Event Type: Erreur

User:

Computer Name: PC-de-GuiGui

Event Code: 1004

Message: Échec de détection du produit ‘{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}’, fonctionnalité ‘SearchSettingBHO’, composant ‘{DD8B164F-FF69-4AA5-A125-1DE4D1B7967C}. La ressource ‘C:\Program Files\Search Settings\kb127\res\’ n’existe pas.

Record Number: 16023

Source Name: MsiInstaller

Time Written: 20090401140655.000000-000

Event Type: Avertissement

User: PC-de-GuiGui\GuiGui

Computer Name: PC-de-GuiGui

Event Code: 1001

Message: Échec de détection du produit ‘{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}’, fonctionnalité ‘SearchSettingBHO’ lors de la demande du composant ‘{F6222920-2075-4D76-9553-A77F08515E43}’

Record Number: 16024

Source Name: MsiInstaller

Time Written: 20090401140655.000000-000

Event Type: Avertissement

User: PC-de-GuiGui\GuiGui

=====Security event log=====

Computer Name: PC-de-GuiGui

Event Code: 5038

Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys

Record Number: 18579

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090401140623.748289-000

Event Type: Échec de l'audit

User:

Computer Name: PC-de-GuiGui

Event Code: 5038

Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys

Record Number: 18580

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090401140623.771289-000

Event Type: Échec de l'audit

User:

Computer Name: PC-de-GuiGui

Event Code: 5038

Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys

Record Number: 18581

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090401140623.792289-000

Event Type: Échec de l'audit

User:

Computer Name: PC-de-GuiGui

Event Code: 5038

Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys

Record Number: 18582

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090401140623.813289-000

Event Type: Échec de l'audit

User:

Computer Name: PC-de-GuiGui

Event Code: 5038

Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys

Record Number: 18583

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090401140623.837289-000

Event Type: Échec de l'audit

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;H:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=0f06

"NUMBER_OF_PROCESSORS"=2

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

"CLASSPATH"=.;H:\Program Files\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=H:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Falkra · le 1 avril 2009

Ta restauration (non demandée) a restauré une belle infection.

Quand aux nombreux cracks, ils peuvent être à l'origine de l'infection, il serait sage de s'en débarrasser...

Par ailleurs, tes clés usb et autres supports amovibles sont sans doute infectés aussi, ne les utilise pas pour le moment, on traitera ça séparément.

Relance Toolbar-S&D. Choisis cette fois l'option "suppression" puis valide en appuyant sur "Entrée".

! Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.

Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."

Tape explorer puis valide.

NotPerfect · le 1 avril 2009

voici le rapport :

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Intégrale ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Core2 CPU 6700 @ 2.66GHz )

BIOS : BIOS Date: 03/20/08 21:37:53 Ver: 08.00.12

USER : GuiGui ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1229 [VPS 081203-0] 4.8.1229 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:69 Go (Free:13 Go)

D:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)

E:\ (Local Disk) - NTFS - Total:298 Go (Free:17 Go)

F:\ (CD or DVD)

H:\ (Local Disk) - NTFS - Total:233 Go (Free:51 Go)

L:\ (USB) - FAT32 - Total:3815 Mo (Free:1 Go)

Z:\ (Network Disk)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 01/04/2009|16:13 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\Search Settings\kb127

Supprime! - C:\Program Files\Search Settings\SearchSettings.exe

Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"

"Url"="http://go.microsoft.com/fwlink/?LinkID=68928"

"Url"="http://go.microsoft.com/fwlink/?LinkID=44406"

"Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\GuiGui\Desktop\Iphone\Photoshop.CS3.-.WaWa-MaNia.-.By.CoolTy\Photoshop.CS3.-.WaWa-MaNia.-.By.CoolTy\Crack FR {Photoshop CS3 Extended}.rar

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7

C:\Users\GuiGui\Downloads\4D083.M45T3R.C54.UP.BY.BXNXG\Keygen + Crack

C:\Users\GuiGui\Downloads\4D083.M45T3R.C54.UP.BY.BXNXG\Keygen + Crack\Fichier … Patcher

C:\Users\GuiGui\Downloads\4D083.M45T3R.C54.UP.BY.BXNXG\Keygen + Crack\keygen.exe

C:\Users\GuiGui\Downloads\4D083.M45T3R.C54.UP.BY.BXNXG\Keygen + Crack\Fichier … Patcher\32 Bits

C:\Users\GuiGui\Downloads\4D083.M45T3R.C54.UP.BY.BXNXG\Keygen + Crack\Fichier … Patcher\64 bits

C:\Users\GuiGui\Downloads\4D083.M45T3R.C54.UP.BY.BXNXG\Keygen + Crack\Fichier … Patcher\32 Bits\amtlib.dll

C:\Users\GuiGui\Downloads\4D083.M45T3R.C54.UP.BY.BXNXG\Keygen + Crack\Fichier … Patcher\64 bits\amtlib.dll

C:\Users\GuiGui\Downloads\avstpr.By.StreetCat\Avast.Pro.v4.8.1282.Incl.Keymaker-CORE\keygen.exe

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7\Adobe CS3

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7\Adobe CS3\Photoshop

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7\Adobe CS3\Photoshop\Adobe CS3

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7\Adobe CS3\Photoshop\Adobe CS3\resources

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7\Adobe CS3\Photoshop\Adobe CS3\resources\media

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7\Adobe CS3\Photoshop\Adobe CS3\resources\media\img

C:\Users\GuiGui\Downloads\PhotoshopCS3+CrackBy.Se7\Photoshop CS3 + Crack By.Se7\Adobe CS3\Photoshop\Adobe CS3\resources\media\img\Thumbs.db

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 01/04/2009|16:01 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 01/04/2009|16:14 - Option : [2]

-----------\\ Fin du rapport a 16:14:32,13

je pense que c'était le fichier searchsettings.exe qui était à l'origine du problème oc utilisé à 2% actuellement

et dans un dossier de cracks :

Dans le fichier 'C:\Users\GuiGui\Downloads\avstpr.By.StreetCat\Avast.Pro.v4.8.1282.Incl.Keymaker-CORE\keygen.exe'
un virus ou un programme indésirable 'TR/Trash.Gen' [trojan] a été détecté.

Action exécutée : Déplacer le fichier en quarantaine

donc tous les dossiers supprimés

mais continuons le nettoyage !

Ta restauration (non demandée) a restauré une belle infection.

Tu veux dire qu'elle a fait apparaitre une infection ou le contraire ? :s

Falkra · le 1 avril 2009

Elle a fait revenir l'infection, mais là on vient de la shooter.

Inutile de cracker avast, soit dit en passant, il n'est pas bon. On s'occupera d'en mettre un bon (gratuitement et légalement), en fin de parcours.

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

Branche tes clés USB et disques durs externes avant ce qui suit, laisse-les branchés pendant toute la durée du traitement (ce n'est pas un scan) et après redémarrage.

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

Assure toi que tous les programmes sont fermés avant de commencer.
Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
Double-clique combofix.exe afin de l'exécuter.
Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
Le bureau disparaît, c'est normal, et il va revenir.
Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
Lorsque l'analyse sera terminée, un rapport apparaîtra.
Copie-colle ce rapport dans ta prochaine réponse.
Le rapport se trouve dans : C:\Combofix.txt (si jamais).

NotPerfect · le 1 avril 2009

Dsl de la lenteur mais j'ai du effacer avast en mode sans échec car la restauration système l'a fait complétement buggé :s

j'ai donc installé Antivir à la place !

voici le rapport de combofix :

ComboFix 09-03-31.03 - GuiGui 2009-04-01 17:01:16.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.3198.2062 [GMT 2:00]

Lancé depuis: c:\users\GuiGui\Desktop\ComboFix.exe

* Un nouveau point de restauration a été créé

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

L:\autorun.inf

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-01 au 2009-04-01 ))))))))))))))))))))))))))))))))))))

.

2009-04-01 16:06 . 2009-04-01 16:06 <REP> d-------- C:\rsit

2009-04-01 15:39 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-04-01 15:39 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-04-01 13:09 . 2009-04-01 16:14 <REP> d-------- C:\ToolBar SD

2009-03-31 18:14 . 2009-03-31 18:14 <REP> d-------- c:\users\All Users\Avira

2009-03-31 18:14 . 2009-03-31 18:14 <REP> d-------- c:\programdata\Avira

2009-03-31 18:14 . 2009-03-31 18:14 <REP> d-------- c:\program files\Avira

2009-03-31 17:47 . 2009-03-31 17:47 <REP> d-------- c:\users\GuiGui\AppData\Roaming\Malwarebytes

2009-03-31 17:47 . 2009-03-31 17:47 <REP> d-------- c:\users\All Users\Malwarebytes

2009-03-31 17:47 . 2009-03-31 17:47 <REP> d-------- c:\programdata\Malwarebytes

2009-03-31 17:47 . 2009-04-01 15:39 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-31 15:51 . 2009-03-31 15:51 <REP> d--hs---- C:\found.000

2009-03-28 21:13 . 2009-03-28 21:13 <REP> d-------- c:\program files\Intel Corporation

2009-03-27 11:05 . 2009-03-27 13:28 <REP> d-------- c:\users\All Users\Futuremark

2009-03-27 11:05 . 2009-03-27 13:28 <REP> d-------- c:\programdata\Futuremark

2009-03-27 11:01 . 2009-03-27 11:01 <REP> d-------- c:\program files\Common Files\Futuremark Shared

2009-03-27 10:59 . 2009-03-27 10:59 <REP> d-------- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP

2009-03-26 15:02 . 2009-03-26 15:02 <REP> d-------- c:\program files\Marvell

2009-03-26 14:59 . 2009-03-26 15:00 <REP> d-------- c:\users\GuiGui\AppData\Roaming\GetRightToGo

2009-03-23 18:25 . 2009-03-27 03:55 252,083,858 --a------ c:\windows\MEMORY.DMP

2009-03-23 16:22 . 2009-03-23 16:22 <REP> d-------- c:\windows\V7.14.01

2009-03-23 16:07 . 2009-02-17 00:17 453,152 --a------ c:\windows\System32\NVUNINST.EXE

2009-03-17 02:54 . 2009-03-17 02:54 179 --a------ C:\muxmp4.bat

2009-03-12 15:43 . 2009-03-12 15:43 <REP> d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-12 15:43 . 2009-03-12 15:43 <REP> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-12 15:43 . 2009-03-12 15:43 <REP> d-------- c:\program files\iTunes

2009-03-12 15:43 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll

2009-03-12 15:43 . 2009-01-15 13:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys

2009-03-11 19:04 . 2009-03-11 19:04 <REP> d-------- C:\N++RECOV

2009-03-11 18:49 . 70 c:\windows\???????›?????????›????????????????????????????????=??????°?????????????????

2009-03-11 05:21 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys

2009-03-11 05:21 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll

2009-03-08 16:59 . 2008-04-07 06:38 22,872 -ra------ c:\windows\System32\AdobePDFUI.dll

2009-03-08 16:22 . 2009-03-08 17:03 <REP> d-------- c:\users\GuiGui\AppData\Roaming\Download Manager

2009-03-08 15:21 . 2009-03-08 15:22 <REP> d-------- c:\windows\System32\Adobe

2009-03-06 22:25 . 2009-03-06 22:25 <REP> d-------- c:\users\All Users\ALM

2009-03-06 22:25 . 2009-03-06 22:25 <REP> d-------- c:\programdata\ALM

2009-03-06 22:17 . 2009-03-06 22:17 <REP> d-------- c:\program files\Common Files\Macrovision Shared

2009-03-06 00:59 . 2009-03-06 00:59 1,900,544 --a------ c:\windows\System32\usbaaplrc.dll

2009-03-06 00:59 . 2009-03-06 00:59 36,864 --a------ c:\windows\System32\drivers\usbaapl.sys

2009-03-01 18:59 . 2009-03-01 18:59 139,556 --ah----- c:\windows\System32\mlfcache.dat

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-01 23:28 --------- d-----w c:\programdata\HP Product Assistant

2009-03-31 16:07 --------- d-----w c:\users\GuiGui\AppData\Roaming\MAGIX

2009-03-30 23:09 --------- d-----w c:\users\GuiGui\AppData\Roaming\FileZilla

2009-03-28 19:13 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-27 12:16 --------- d-----w c:\programdata\HPSSUPPLY

2009-03-27 11:26 --------- d-----w c:\users\GuiGui\AppData\Roaming\Azureus

2009-03-27 08:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-03-27 08:25 86,016 ----a-w c:\windows\System32\OpenAL32.dll

2009-03-27 08:25 262,144 ----a-w c:\windows\System32\wrap_oal.dll

2009-03-26 13:07 --------- d-----w c:\program files\REALTEK RTL8187B Wireless LAN Driver

2009-03-25 23:42 --------- d-----w c:\program files\Vuze

2009-03-25 07:59 --------- d-----w c:\programdata\ma-config.com

2009-03-25 07:59 --------- d-----w c:\program files\ma-config.com

2009-03-23 16:06 --------- d-----w c:\programdata\Spybot - Search & Destroy

2009-03-23 16:06 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-03-23 16:06 --------- d-----w c:\program files\Image-Line

2009-03-23 16:01 --------- d-----w c:\program files\eToro

2009-03-23 15:28 --------- d-----w c:\program files\ASUS

2009-03-23 14:55 --------- d-----w c:\programdata\NVIDIA

2009-03-23 14:11 --------- d-----w c:\program files\AGEIA Technologies

2009-03-17 01:11 200 ----a-w C:\ffmpeg_debug.bat

2009-03-17 01:11 193 ----a-w C:\ffmpeg.bat

2009-03-12 14:14 --------- d-----w c:\users\GuiGui\AppData\Roaming\VSO

2009-03-12 13:43 --------- d-----w c:\program files\iPod

2009-03-12 13:43 --------- d-----w c:\program files\Common Files\Apple

2009-03-12 02:01 --------- d-----w c:\program files\Windows Mail

2009-03-12 02:00 --------- d-----w c:\programdata\Microsoft Help

2009-03-06 20:37 --------- d-----w c:\program files\Common Files\Adobe

2009-02-27 09:17 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-24 19:37 --------- d-----w c:\users\GuiGui\AppData\Roaming\vlc

2009-02-23 11:59 --------- d-----w c:\program files\Windows Live

2009-02-23 11:59 --------- d-----w c:\program files\Microsoft Office Outlook Connector

2009-02-23 11:59 --------- d-----w c:\program files\Microsoft

2009-02-23 11:58 --------- d-----w c:\program files\Microsoft Sync Framework

2009-02-23 11:56 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition

2009-02-22 12:43 615,424 ----a-w c:\windows\System32\themeui.dll

2009-02-22 12:43 240,128 ----a-w c:\windows\System32\uxtheme.dll

2009-02-21 10:05 --------- d-----w c:\program files\Avanquest update

2009-02-20 17:19 --------- d-----w c:\program files\Safari

2009-02-12 19:14 11,359,744 ----a-w c:\windows\System32\shell32 (2).dll

2009-02-12 15:08 19,898,368 ----a-w c:\windows\System32\imageres (2).dll

2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll

2009-02-06 17:08 55,280 ----a-w c:\windows\system32\drivers\fssfltr.sys

2009-01-16 17:24 70,936 ----a-w c:\windows\System32\PhysXLoader.dll

2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll

2009-01-14 09:02 201,816 ----a-w c:\windows\System32\PnkBstrB.exe

2009-01-08 16:22 239 ----a-w C:\reecmuxmkv.bat

2009-01-04 22:24 22,328 ----a-w c:\users\GuiGui\AppData\Roaming\PnkBstrK.sys

2009-01-04 22:23 682,280 ----a-w c:\windows\System32\pbsvc.exe

2008-01-21 02:41 174 --sha-w c:\program files\desktop.ini

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"LaCie Backup"="h:\program files\LaCie\Backup Software\\LaCieBackup.exe" [2006-07-06 2596864]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"HP Software Update"="h:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"TrayServer"="h:\program files\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe" [2007-07-17 90112]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13683232]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 92704]

"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-12-08 3714048]

"RivaTunerStartupDaemon"="h:\program files\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

GammaTray.lnk - h:\program files\MagicTune Premium\GammaTray.exe [2009-01-01 36864]

HP Digital Imaging Monitor.lnk - h:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableInstallerDetection"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"FilterAdministratorToken"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= DivXa32.acm

"vidc.X264"= x264vfw.dll

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-12-29 12:40 687560 h:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

--a------ 2007-12-23 01:03 916240 h:\program files\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2009-02-06 19:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

--a------ 2008-07-10 11:22 397312 h:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{737423C6-43DE-4F4F-8CA0-60A527E204BD}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{6EF3309C-B5B7-477F-BE1E-6B087C0D34A4}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"{6BA08305-6ED5-4BBD-9404-76B321289147}"= UDP:h:\program files\ma-config.com\maconfservice.exe:maconfservice

"{39E91E29-47AC-4DC0-A1E3-A089F481536F}"= TCP:h:\program files\ma-config.com\maconfservice.exe:maconfservice

"{9BFA85E7-D18C-431E-A9BC-3BD21854127C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{A91AEA65-6417-4FE9-BD2A-3178E66EBC28}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{72984EB2-BAA0-4C07-BEC6-A634ED9AEC74}"= UDP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{3EA62DF3-469F-43AD-8F57-300A1EDC2E7E}"= TCP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{4FFEAD97-580C-483F-9464-AE2912025EB1}"= UDP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{A0B23572-84FB-42C1-B406-0C83FD11B41A}"= TCP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{1913140B-4F14-4BE5-918A-26FE64C27D38}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{B77F2F6C-C780-4A9D-A28B-86B7C82B98F1}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{7A24032E-417A-4D26-A544-1F92BC3A1D66}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{A80B399D-B758-48A1-9FF8-3011FA2784E2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{43E4B101-EE18-4CC4-81EC-A7254E1DDD5C}h:\\program files\\emule\\emule.exe"= UDP:h:\program files\emule\emule.exe:eMule

"UDP Query User{02EE4E64-05D8-47BF-A903-B3403F7E38F1}h:\\program files\\emule\\emule.exe"= TCP:h:\program files\emule\emule.exe:eMule

"{B9BFB705-6036-4AAB-983F-63B3B0F2128B}"= UDP:h:\program files\iTunes\iTunes.exe:iTunes

"{0F40E23D-1F4A-41B9-AFB1-50525AF810B8}"= TCP:h:\program files\iTunes\iTunes.exe:iTunes

"{6A2A4A0C-4EE3-4F37-8AE5-33E914591436}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{7F4A5B3D-484E-46A7-BA5A-33B790E763D3}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS33CD.tmp\setup\HPZnui01.exe:hpznui01.exe

"{C5E400BF-4FFD-42F8-A6D5-7C46162845F1}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS33CD.tmp\setup\HPZnui01.exe:hpznui01.exe

"TCP Query User{DAEA9674-C6D8-41D8-BBCC-4FB167E5CC38}h:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:h:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"UDP Query User{6F9F7257-4C58-476F-BE80-E1111EA7F42E}h:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:h:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"TCP Query User{17C05B8B-036C-41F8-BB8A-F2A23130CD11}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike source\\hl2.exe"= UDP:h:\program files\steam\steamapps\guillaumedufik\counter-strike source\hl2.exe:hl2

"UDP Query User{FB0F4C31-2D9B-48D5-A07A-B43E58E4ECFC}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike source\\hl2.exe"= TCP:h:\program files\steam\steamapps\guillaumedufik\counter-strike source\hl2.exe:hl2

"{3F058273-21AE-41B5-BF4B-C9B9E30A878B}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS5720.tmp\setup\HPZnui01.exe:hpznui01.exe

"{0E734D63-702F-48B9-945C-D6F62E862F39}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS5720.tmp\setup\HPZnui01.exe:hpznui01.exe

"TCP Query User{7A8E1FD8-A399-4274-9188-33D18EFF8BE5}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike source\\hl2.exe"= UDP:h:\program files\steam\steamapps\guillaumedufik\counter-strike source\hl2.exe:hl2

"UDP Query User{6BC29E14-F17B-442E-B58F-48459A396295}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike source\\hl2.exe"= TCP:h:\program files\steam\steamapps\guillaumedufik\counter-strike source\hl2.exe:hl2

"TCP Query User{76A59ACD-C23C-4E49-95F9-34D04BE5D9F0}h:\\program files\\emule\\emule.exe"= UDP:h:\program files\emule\emule.exe:eMule

"UDP Query User{23B56ABB-A53A-45FC-AFF7-C7572ADFE32C}h:\\program files\\emule\\emule.exe"= TCP:h:\program files\emule\emule.exe:eMule

"TCP Query User{2F02027C-4D25-4E16-B2A6-BC205F70036B}h:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:h:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"UDP Query User{2D8F462D-72C9-4B6D-829D-511B859C81C4}h:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:h:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"{865B77E3-8453-43F9-AB1A-4172E5E2CDC7}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS9B76.tmp\setup\HPZnui01.exe:hpznui01.exe

"{3C149AD3-28DA-4A72-8D41-8301F426397A}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS9B76.tmp\setup\HPZnui01.exe:hpznui01.exe

"TCP Query User{26E35C70-8E94-4BD5-BCF7-17C7A93438DB}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike\\hl.exe"= UDP:h:\program files\steam\steamapps\guillaumedufik\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{27AC4C26-3D6C-4EC8-9D88-F6892902AFF1}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike\\hl.exe"= TCP:h:\program files\steam\steamapps\guillaumedufik\counter-strike\hl.exe:Half-Life Launcher

"{8CC4F93B-2DFA-4D45-92F4-4997122E934E}"= UDP:c:\program files\Vista Anti-Lag\val.exe:Vista Anti-Lag

"{8372E150-DB43-437F-991E-0D4AC096BC27}"= TCP:c:\program files\Vista Anti-Lag\val.exe:Vista Anti-Lag

"{6F4FC972-9B30-488E-A171-2C522C6DDE83}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS5C53.tmp\setup\HPZnui01.exe:hpznui01.exe

"{440A111E-F51B-4B9A-AED2-19216576F812}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS5C53.tmp\setup\HPZnui01.exe:hpznui01.exe

"{F4AC5529-2951-4C88-B42C-EE3D6172843C}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS952D.tmp\setup\HPZnui01.exe:hpznui01.exe

"{4D30B741-0BBA-47A3-9FA8-D7BE8DD9761B}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS952D.tmp\setup\HPZnui01.exe:hpznui01.exe

"{D6933E02-DC8E-4819-A480-122456DC9EE3}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zSFC86.tmp\setup\HPZnui01.exe:hpznui01.exe

"{05F669F5-A6EC-4E58-98C3-B7A21A7CC904}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zSFC86.tmp\setup\HPZnui01.exe:hpznui01.exe

"{26EB30A1-59D2-4D3D-8B57-4C08C5D39638}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS48D3.tmp\setup\HPZnui01.exe:hpznui01.exe

"{66DAE81B-46F7-4B6B-AC90-DA53AF37795E}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS48D3.tmp\setup\HPZnui01.exe:hpznui01.exe

"{DED77812-99D5-41A7-87DE-8A16E952BAB1}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

"{324607DB-C65E-4037-A123-489F801955BC}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

"{663241D2-BA9B-419F-BAB4-F1527D147DD3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{791346E9-927E-4278-9B51-7F3BF891B056}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{331AD6A2-E5EE-43F4-9458-CCE89293EF46}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike\\hl.exe"= UDP:h:\program files\steam\steamapps\guillaumedufik\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{F8C4A7B1-A1F9-4396-9200-706A53C06F41}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike\\hl.exe"= TCP:h:\program files\steam\steamapps\guillaumedufik\counter-strike\hl.exe:Half-Life Launcher

"{2046FDA4-573A-4FC4-B588-D296FADDA319}"= UDP:5353:Adobe CSI CS4

"{C0C803A3-DE9F-4DCE-ACD9-A45A30B28B28}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{BAC861B6-45C3-412B-9B0B-EE7BB3963D0C}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{205D6DB9-09D9-40CA-BF86-2B8FDFAB27DC}"= UDP:3703:Adobe Version Cue CS4 Server

"{350D2814-9E04-49A7-A157-E097EB41A373}"= UDP:3704:Adobe Version Cue CS4 Server

"{65D7D4B9-FB51-4F35-95DB-EE640E131706}"= UDP:51000:Adobe Version Cue CS4 Server

"{38D02223-767F-4729-969C-E78AE09E156C}"= UDP:51001:Adobe Version Cue CS4 Server

"{FEA20BA4-B9B4-4DB5-A6DE-467741566862}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server

"{1EE83604-A39A-45D3-953B-1EE84AD8EED4}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server

"{564FB498-4FA7-454D-9E70-8F25FC2A10C3}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{B18846C1-0A6B-41DC-93E3-71BAEF5A507A}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"TCP Query User{7DC64539-D399-489D-8E9E-F88C0E078B46}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{A8D538AE-FC89-4099-AAAC-870A2E23133D}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"{E8A3AE7C-B1D9-4810-9AEE-063CEB7D497B}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zSE478.tmp\setup\HPZnui01.exe:hpznui01.exe

"{F2D3A039-08F9-40BD-86FC-EDEC1E5DB90A}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zSE478.tmp\setup\HPZnui01.exe:hpznui01.exe

"{00CEFB9B-D30F-4352-88E7-85137A557F1A}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zSE322.tmp\setup\HPZnui01.exe:hpznui01.exe

"{3AE48B86-F17A-4665-A495-45D3AD08F28A}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zSE322.tmp\setup\HPZnui01.exe:hpznui01.exe

"{BC9A1F77-8E1A-4A8E-B478-668F81C8DB31}"= UDP:c:\users\GuiGui\AppData\Local\Temp\7zS945.tmp\setup\HPZnui01.exe:hpznui01.exe

"{3E51C3C2-6D11-47F6-91B2-02F3F93A4E57}"= TCP:c:\users\GuiGui\AppData\Local\Temp\7zS945.tmp\setup\HPZnui01.exe:hpznui01.exe

"TCP Query User{390AC96E-D12E-4BBC-8B64-73F9BD28B4B4}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{1F63953A-885A-44EF-8023-36692740A6B3}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"TCP Query User{4D1AE879-6ACA-4B94-9019-DCBFFF4DD21B}h:\\wamp\\bin\\apache\\apache2.2.10\\bin\\httpd.exe"= UDP:h:\wamp\bin\apache\apache2.2.10\bin\httpd.exe:Apache HTTP Server

"UDP Query User{FEF99B79-261F-42DA-A3E3-2C46861EFB57}h:\\wamp\\bin\\apache\\apache2.2.10\\bin\\httpd.exe"= TCP:h:\wamp\bin\apache\apache2.2.10\bin\httpd.exe:Apache HTTP Server

"TCP Query User{D75D7CEE-2666-4F18-9DA9-989EF486042C}h:\\program files\\tmnationsforever\\tmforever.exe"= UDP:h:\program files\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{29F6E9E1-AC45-43BC-B9B1-1ADAD525E6A7}h:\\program files\\tmnationsforever\\tmforever.exe"= TCP:h:\program files\tmnationsforever\tmforever.exe:TmForever

"{244AF71D-F4B0-4FD3-A7A1-D54798A5E702}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{6C0977E5-AB02-460C-BF3C-ADCA9AF2AB3D}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{D6B9B31D-70E5-47F9-BF42-7626BAE8BB9F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{A949D650-E0DB-4E6D-8DCB-B49C8AA23C54}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{DF62C207-1CDE-43D2-923D-F94B0548CC6C}"= UDP:h:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War

"{99A0565C-27FD-49A2-BC14-45BA58853A42}"= TCP:h:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War

"{05646965-E979-4BA1-A8FF-932A6E89B19D}"= UDP:h:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War

"{AE0A8495-2E16-4350-A5DE-9B7649A491ED}"= TCP:h:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War

"{7909CA3E-6615-46B6-B8D3-B6F8B0A10A18}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS2D0D.tmp\setup\HPZnui01.exe:hpznui01.exe

"{F128A9DC-76DB-4268-AF18-E3955B6DBC5D}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS2D0D.tmp\setup\HPZnui01.exe:hpznui01.exe

"{3C825857-860C-4729-8182-9F285175C667}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zSB1E0.tmp\setup\HPZnui01.exe:hpznui01.exe

"{08DDDE3B-8741-444A-A1CF-512BD4A87CEA}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zSB1E0.tmp\setup\HPZnui01.exe:hpznui01.exe

"{4166197B-4DC1-432F-9776-14C8C18EE194}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS6B50.tmp\setup\HPZnui01.exe:hpznui01.exe

"{B1CE851F-759D-4A66-AE34-F5C09A1CF0C9}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS6B50.tmp\setup\HPZnui01.exe:hpznui01.exe

"{BBD9ADAD-E1CA-4B3D-BBF0-EA777F8C9F6A}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zSA8BE.tmp\setup\HPZnui01.exe:hpznui01.exe

"{ECECAB01-95A2-45D0-8782-A0CAC2F84B3F}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zSA8BE.tmp\setup\HPZnui01.exe:hpznui01.exe

"{E47C4345-E927-4EB5-A95E-F650C901922B}"= UDP:h:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{A405F726-0C04-4B90-B1FD-B3B2E9ABE1A0}"= TCP:h:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{57AE43D4-314E-44CD-8173-3C9F4F9B6620}"= UDP:h:\program files\Electronic Arts\Alerte Rouge 3\RA3.exe:RA3

"{8040087D-C43B-4A5A-93B3-7501562267D4}"= TCP:h:\program files\Electronic Arts\Alerte Rouge 3\RA3.exe:RA3

"{3C93984B-5227-4207-A5D0-E543FDACA85A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{15855276-81BC-4399-B022-C7A081BB98E0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{D1C78151-AE16-441E-8762-72420ACB4952}"= UDP:h:\program files\ma-config.com\maconfservice.exe:maconfservice

"{CE2474AF-DF88-4954-954B-75654151F2B8}"= TCP:h:\program files\ma-config.com\maconfservice.exe:maconfservice

"{2AC7DB73-CCB7-46F4-B9A4-840766CC22B7}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{D2D0246D-2476-444E-879B-5BE751DEB71D}"= UDP:5353:Adobe CSI CS4

"{A47BDE4C-8894-402E-88C0-7730A5389A7A}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{F01B0C2C-8E12-48F6-9873-BE9277A3E31B}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{6158FDEC-80D4-446B-974F-E9D9C793A2CF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{3CC53FF4-E6AE-44B5-AA34-85C1CF5DB1A2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{00B8EA5E-4C3E-4474-ABC8-863AD2F9031A}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

"{BB041692-FFAD-4357-8390-F8EEBB8AF896}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

"{C08B6CF2-6B57-4413-9835-1AB9E7FF966A}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zSA66E.tmp\setup\HPZnui01.exe:hpznui01.exe

"{ECA78428-6860-4B14-AE99-50F2CDD5EE77}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zSA66E.tmp\setup\HPZnui01.exe:hpznui01.exe

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [2008-10-05 25896]

R2 RealtekUSB;RealtekUSB;c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [2008-10-05 36864]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187.sys [2008-10-05 335872]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;h:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-11-18 1527900]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-23 55280]

S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [2008-12-12 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [2008-12-12 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [2008-12-12 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [2008-12-12 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [2008-12-12 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [2008-12-12 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [2008-12-12 115752]

S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [2008-11-04 218112]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-11-18 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55eb3dae-a048-11dd-b545-001a92ba9256}]

\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e

\shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60652f6a-bcaf-11dd-b5b0-001a92ba9256}]

\shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd0016c3-0bc9-11de-9980-001a92ba9256}]

\shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff4fd897-9954-11dd-b535-001a92ba9256}]

\shell\AutoRun\command - L:\a2h2.com

\shell\open\Command - L:\a2h2.com

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

%SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

Contenu du dossier 'Tâches planifiées'

2009-03-28 c:\windows\Tasks\Defraggler Volume H Task.job

- h:\program files\Defraggler\df.exe [2009-03-13 15:37]

.

- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-AdobeBridge - (no file)

HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

HKLM-Run-Adobe_ID0ENQBO - c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

MSConfigStartUp-1&1 EasyLogin - h:\program files\1&1\1&1 EasyLogin\EasyLogin.exe

MSConfigStartUp-TomTomHOME - h:\program files\TomTom HOME 2\HOMERunner.exe

.

------- Examen supplémentaire -------

.

mWindow Title =

uInternet Settings,ProxyOverride = local

IE: Ajouter au fichier PDF existant

IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir au format PDF

IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convertir la cible du lien en Adobe PDF

IE: Convertir la cible du lien en un fichier PDF existant

FF - ProfilePath - c:\users\GuiGui\AppData\Roaming\Mozilla\Firefox\Profiles\8pv7je9g.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\GuiGui\AppData\Roaming\Mozilla\Firefox\Profiles\8pv7je9g.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll

FF - plugin: h:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

FF - plugin: h:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: h:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: h:\program files\ma-config.com\nphardwaredetection.dll

FF - plugin: h:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin.dll

FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin3.dll

FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin4.dll

FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin5.dll

FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin6.dll

FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin7.dll

FF - plugin: h:\program files\Real Alternative\browser\plugins\nppl3260.dll

FF - plugin: h:\program files\Real Alternative\browser\plugins\nprpjplug.dll

FF - plugin: h:\program files\VideoLAN\VLC\npvlc.dll

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-01 17:03:52

Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 54386 bytes

Scan terminé avec succès

Fichiers cachés: 1

**************************************************************************

.

Heure de fin: 2009-04-01 17:05:40

ComboFix-quarantined-files.txt 2009-04-01 15:05:38

Avant-CF: 14 303 301 632 octets libres

Après-CF: 14,318,915,584 octets libres

376 --- E O F --- 2009-03-23 14:08:04

Falkra · le 1 avril 2009

On l'aurait fait après, pour avast, fais gaffe ça fait déjà plusieurs initiatives qui peuvent s'avérer risquées.

Laisse ta clé usb branchée elle était infectée, et a pu infecter d'autres machines (la clé qui est en L:\)

:!: Ce qui suit n'est que pour ta machine, et ta machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

Ouvre le Bloc-notes. Vérifie que dans le menu "Format", le "retour automatique à la ligne" est désactivé. Copie colle ceci dedans :

Killall::

files::

L:\Boot.exe

L:\a2h2.com

registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55eb3dae-a048-11dd-b545-001a92ba9256}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff4fd897-9954-11dd-b535-001a92ba9256}]

Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

NotPerfect · le 1 avril 2009

Voici le rapport :

ComboFix 09-03-31.03 - GuiGui 2009-04-01 17:17:00.2 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.3198.2010 [GMT 2:00]

Lancé depuis: c:\users\GuiGui\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\users\GuiGui\Desktop\CFScript.txt

* Un nouveau point de restauration a été créé

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-01 au 2009-04-01 ))))))))))))))))))))))))))))))))))))

.

2009-04-01 16:06 . 2009-04-01 16:06 <REP> d-------- C:\rsit

2009-04-01 15:39 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-04-01 15:39 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-04-01 13:09 . 2009-04-01 16:14 <REP> d-------- C:\ToolBar SD

2009-03-31 18:14 . 2009-03-31 18:14 <REP> d-------- c:\users\All Users\Avira

2009-03-31 18:14 . 2009-03-31 18:14 <REP> d-------- c:\programdata\Avira

2009-03-31 18:14 . 2009-03-31 18:14 <REP> d-------- c:\program files\Avira

2009-03-31 17:47 . 2009-03-31 17:47 <REP> d-------- c:\users\GuiGui\AppData\Roaming\Malwarebytes

2009-03-31 17:47 . 2009-03-31 17:47 <REP> d-------- c:\users\All Users\Malwarebytes

2009-03-31 17:47 . 2009-03-31 17:47 <REP> d-------- c:\programdata\Malwarebytes

2009-03-31 17:47 . 2009-04-01 15:39 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-03-31 15:51 . 2009-03-31 15:51 <REP> d--hs---- C:\found.000

2009-03-28 21:13 . 2009-03-28 21:13 <REP> d-------- c:\program files\Intel Corporation

2009-03-27 11:05 . 2009-03-27 13:28 <REP> d-------- c:\users\All Users\Futuremark

2009-03-27 11:05 . 2009-03-27 13:28 <REP> d-------- c:\programdata\Futuremark

2009-03-27 11:01 . 2009-03-27 11:01 <REP> d-------- c:\program files\Common Files\Futuremark Shared

2009-03-27 10:59 . 2009-03-27 10:59 <REP> d-------- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP

2009-03-26 15:02 . 2009-03-26 15:02 <REP> d-------- c:\program files\Marvell

2009-03-26 14:59 . 2009-03-26 15:00 <REP> d-------- c:\users\GuiGui\AppData\Roaming\GetRightToGo

2009-03-23 18:25 . 2009-03-27 03:55 252,083,858 --a------ c:\windows\MEMORY.DMP

2009-03-23 16:22 . 2009-03-23 16:22 <REP> d-------- c:\windows\V7.14.01

2009-03-23 16:07 . 2009-02-17 00:17 453,152 --a------ c:\windows\System32\NVUNINST.EXE

2009-03-17 02:54 . 2009-03-17 02:54 179 --a------ C:\muxmp4.bat

2009-03-12 15:43 . 2009-03-12 15:43 <REP> d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-12 15:43 . 2009-03-12 15:43 <REP> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

2009-03-12 15:43 . 2009-03-12 15:43 <REP> d-------- c:\program files\iTunes

2009-03-12 15:43 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll

2009-03-12 15:43 . 2009-01-15 13:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys

2009-03-11 19:04 . 2009-03-11 19:04 <REP> d-------- C:\N++RECOV

2009-03-11 18:49 . 70 c:\windows\???????›?????????›????????????????????????????????=??????°?????????????????

2009-03-11 05:21 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys

2009-03-11 05:21 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll

2009-03-08 16:59 . 2008-04-07 06:38 22,872 -ra------ c:\windows\System32\AdobePDFUI.dll

2009-03-08 16:22 . 2009-03-08 17:03 <REP> d-------- c:\users\GuiGui\AppData\Roaming\Download Manager

2009-03-08 15:21 . 2009-03-08 15:22 <REP> d-------- c:\windows\System32\Adobe

2009-03-06 22:25 . 2009-03-06 22:25 <REP> d-------- c:\users\All Users\ALM

2009-03-06 22:25 . 2009-03-06 22:25 <REP> d-------- c:\programdata\ALM

2009-03-06 22:17 . 2009-03-06 22:17 <REP> d-------- c:\program files\Common Files\Macrovision Shared

2009-03-06 00:59 . 2009-03-06 00:59 1,900,544 --a------ c:\windows\System32\usbaaplrc.dll

2009-03-06 00:59 . 2009-03-06 00:59 36,864 --a------ c:\windows\System32\drivers\usbaapl.sys

2009-03-01 18:59 . 2009-03-01 18:59 139,556 --ah----- c:\windows\System32\mlfcache.dat

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-01 23:28 --------- d-----w c:\programdata\HP Product Assistant

2009-03-31 16:07 --------- d-----w c:\users\GuiGui\AppData\Roaming\MAGIX

2009-03-30 23:09 --------- d-----w c:\users\GuiGui\AppData\Roaming\FileZilla

2009-03-28 19:13 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-27 12:16 --------- d-----w c:\programdata\HPSSUPPLY

2009-03-27 11:26 --------- d-----w c:\users\GuiGui\AppData\Roaming\Azureus

2009-03-27 08:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-03-27 08:25 86,016 ----a-w c:\windows\System32\OpenAL32.dll

2009-03-27 08:25 262,144 ----a-w c:\windows\System32\wrap_oal.dll

2009-03-26 13:07 --------- d-----w c:\program files\REALTEK RTL8187B Wireless LAN Driver

2009-03-25 23:42 --------- d-----w c:\program files\Vuze

2009-03-25 07:59 --------- d-----w c:\programdata\ma-config.com

2009-03-25 07:59 --------- d-----w c:\program files\ma-config.com

2009-03-23 16:06 --------- d-----w c:\programdata\Spybot - Search & Destroy

2009-03-23 16:06 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-03-23 16:06 --------- d-----w c:\program files\Image-Line

2009-03-23 16:01 --------- d-----w c:\program files\eToro

2009-03-23 15:28 --------- d-----w c:\program files\ASUS

2009-03-23 14:55 --------- d-----w c:\programdata\NVIDIA

2009-03-23 14:11 --------- d-----w c:\program files\AGEIA Technologies

2009-03-17 01:11 200 ----a-w C:\ffmpeg_debug.bat

2009-03-17 01:11 193 ----a-w C:\ffmpeg.bat

2009-03-12 14:14 --------- d-----w c:\users\GuiGui\AppData\Roaming\VSO

2009-03-12 13:43 --------- d-----w c:\program files\iPod

2009-03-12 13:43 --------- d-----w c:\program files\Common Files\Apple

2009-03-12 02:01 --------- d-----w c:\program files\Windows Mail

2009-03-12 02:00 --------- d-----w c:\programdata\Microsoft Help

2009-03-06 20:37 --------- d-----w c:\program files\Common Files\Adobe

2009-02-27 09:17 --------- d-----w c:\program files\Microsoft Silverlight

2009-02-24 19:37 --------- d-----w c:\users\GuiGui\AppData\Roaming\vlc

2009-02-23 11:59 --------- d-----w c:\program files\Windows Live

2009-02-23 11:59 --------- d-----w c:\program files\Microsoft Office Outlook Connector

2009-02-23 11:59 --------- d-----w c:\program files\Microsoft

2009-02-23 11:58 --------- d-----w c:\program files\Microsoft Sync Framework

2009-02-23 11:56 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition

2009-02-22 12:43 615,424 ----a-w c:\windows\System32\themeui.dll

2009-02-22 12:43 240,128 ----a-w c:\windows\System32\uxtheme.dll

2009-02-21 10:05 --------- d-----w c:\program files\Avanquest update

2009-02-20 17:19 --------- d-----w c:\program files\Safari

2009-02-12 19:14 11,359,744 ----a-w c:\windows\System32\shell32 (2).dll

2009-02-12 15:08 19,898,368 ----a-w c:\windows\System32\imageres (2).dll

2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR

2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll

2009-02-06 17:08 55,280 ----a-w c:\windows\system32\drivers\fssfltr.sys

2009-01-16 17:24 70,936 ----a-w c:\windows\System32\PhysXLoader.dll

2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll

2009-01-14 09:02 201,816 ----a-w c:\windows\System32\PnkBstrB.exe

2009-01-08 16:22 239 ----a-w C:\reecmuxmkv.bat

2009-01-04 22:24 22,328 ----a-w c:\users\GuiGui\AppData\Roaming\PnkBstrK.sys

2009-01-04 22:23 682,280 ----a-w c:\windows\System32\pbsvc.exe

2008-01-21 02:41 174 --sha-w c:\program files\desktop.ini

.

((((((((((((((((((((((((((((( SnapShot@2009-04-01_17.04.17,10 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-04-01 15:03:58 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat

+ 2009-04-01 15:19:55 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat

+ 2009-04-01 15:19:55 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-04-01 15:03:51 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2009-04-01 15:19:56 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat

- 2009-04-01 15:00:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-04-01 15:19:41 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-04-01 15:00:06 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-04-01 15:19:41 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-04-01 15:00:06 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-04-01 15:19:41 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-04-01 14:46:35 105,922 ----a-w c:\windows\System32\perfc009.dat

+ 2009-04-01 15:04:02 105,922 ----a-w c:\windows\System32\perfc009.dat

- 2009-04-01 14:46:35 129,090 ----a-w c:\windows\System32\perfc00C.dat

+ 2009-04-01 15:04:02 129,090 ----a-w c:\windows\System32\perfc00C.dat

- 2009-04-01 14:46:35 598,652 ----a-w c:\windows\System32\perfh009.dat

+ 2009-04-01 15:04:02 598,652 ----a-w c:\windows\System32\perfh009.dat

- 2009-04-01 14:46:35 681,936 ----a-w c:\windows\System32\perfh00C.dat

+ 2009-04-01 15:04:02 681,936 ----a-w c:\windows\System32\perfh00C.dat

+ 2008-07-26 06:25:24 109,080 ----a-w c:\windows\Temp\logishrd\LVPrcInj01.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"LaCie Backup"="h:\program files\LaCie\Backup Software\\LaCieBackup.exe" [2006-07-06 2596864]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"HP Software Update"="h:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"TrayServer"="h:\program files\MAGIX\Video_deluxe_2008_PLUS\TrayServer.exe" [2007-07-17 90112]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

"QuickTime Task"="h:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13683232]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 92704]

"Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-12-08 3714048]

"RivaTunerStartupDaemon"="h:\program files\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

GammaTray.lnk - h:\program files\MagicTune Premium\GammaTray.exe [2009-01-01 36864]

HP Digital Imaging Monitor.lnk - h:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableInstallerDetection"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"FilterAdministratorToken"= 1 (0x1)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.divxa32"= DivXa32.acm

"vidc.X264"= x264vfw.dll

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-12-29 12:40 687560 h:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

--a------ 2007-12-23 01:03 916240 h:\program files\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2009-02-06 19:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

--a------ 2008-07-10 11:22 397312 h:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{737423C6-43DE-4F4F-8CA0-60A527E204BD}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{6EF3309C-B5B7-477F-BE1E-6B087C0D34A4}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"{6BA08305-6ED5-4BBD-9404-76B321289147}"= UDP:h:\program files\ma-config.com\maconfservice.exe:maconfservice

"{39E91E29-47AC-4DC0-A1E3-A089F481536F}"= TCP:h:\program files\ma-config.com\maconfservice.exe:maconfservice

"{9BFA85E7-D18C-431E-A9BC-3BD21854127C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{A91AEA65-6417-4FE9-BD2A-3178E66EBC28}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{72984EB2-BAA0-4C07-BEC6-A634ED9AEC74}"= UDP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{3EA62DF3-469F-43AD-8F57-300A1EDC2E7E}"= TCP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32

"{4FFEAD97-580C-483F-9464-AE2912025EB1}"= UDP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{A0B23572-84FB-42C1-B406-0C83FD11B41A}"= TCP:h:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

"{1913140B-4F14-4BE5-918A-26FE64C27D38}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{B77F2F6C-C780-4A9D-A28B-86B7C82B98F1}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{7A24032E-417A-4D26-A544-1F92BC3A1D66}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{A80B399D-B758-48A1-9FF8-3011FA2784E2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{43E4B101-EE18-4CC4-81EC-A7254E1DDD5C}h:\\program files\\emule\\emule.exe"= UDP:h:\program files\emule\emule.exe:eMule

"UDP Query User{02EE4E64-05D8-47BF-A903-B3403F7E38F1}h:\\program files\\emule\\emule.exe"= TCP:h:\program files\emule\emule.exe:eMule

"{B9BFB705-6036-4AAB-983F-63B3B0F2128B}"= UDP:h:\program files\iTunes\iTunes.exe:iTunes

"{0F40E23D-1F4A-41B9-AFB1-50525AF810B8}"= TCP:h:\program files\iTunes\iTunes.exe:iTunes

"{6A2A4A0C-4EE3-4F37-8AE5-33E914591436}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{7F4A5B3D-484E-46A7-BA5A-33B790E763D3}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS33CD.tmp\setup\HPZnui01.exe:hpznui01.exe

"{C5E400BF-4FFD-42F8-A6D5-7C46162845F1}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS33CD.tmp\setup\HPZnui01.exe:hpznui01.exe

"TCP Query User{DAEA9674-C6D8-41D8-BBCC-4FB167E5CC38}h:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:h:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"UDP Query User{6F9F7257-4C58-476F-BE80-E1111EA7F42E}h:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:h:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"TCP Query User{17C05B8B-036C-41F8-BB8A-F2A23130CD11}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike source\\hl2.exe"= UDP:h:\program files\steam\steamapps\guillaumedufik\counter-strike source\hl2.exe:hl2

"UDP Query User{FB0F4C31-2D9B-48D5-A07A-B43E58E4ECFC}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike source\\hl2.exe"= TCP:h:\program files\steam\steamapps\guillaumedufik\counter-strike source\hl2.exe:hl2

"{3F058273-21AE-41B5-BF4B-C9B9E30A878B}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS5720.tmp\setup\HPZnui01.exe:hpznui01.exe

"{0E734D63-702F-48B9-945C-D6F62E862F39}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS5720.tmp\setup\HPZnui01.exe:hpznui01.exe

"TCP Query User{7A8E1FD8-A399-4274-9188-33D18EFF8BE5}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike source\\hl2.exe"= UDP:h:\program files\steam\steamapps\guillaumedufik\counter-strike source\hl2.exe:hl2

"UDP Query User{6BC29E14-F17B-442E-B58F-48459A396295}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike source\\hl2.exe"= TCP:h:\program files\steam\steamapps\guillaumedufik\counter-strike source\hl2.exe:hl2

"TCP Query User{76A59ACD-C23C-4E49-95F9-34D04BE5D9F0}h:\\program files\\emule\\emule.exe"= UDP:h:\program files\emule\emule.exe:eMule

"UDP Query User{23B56ABB-A53A-45FC-AFF7-C7572ADFE32C}h:\\program files\\emule\\emule.exe"= TCP:h:\program files\emule\emule.exe:eMule

"TCP Query User{2F02027C-4D25-4E16-B2A6-BC205F70036B}h:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:h:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"UDP Query User{2D8F462D-72C9-4B6D-829D-511B859C81C4}h:\\program files\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:h:\program files\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever

"{865B77E3-8453-43F9-AB1A-4172E5E2CDC7}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS9B76.tmp\setup\HPZnui01.exe:hpznui01.exe

"{3C149AD3-28DA-4A72-8D41-8301F426397A}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS9B76.tmp\setup\HPZnui01.exe:hpznui01.exe

"TCP Query User{26E35C70-8E94-4BD5-BCF7-17C7A93438DB}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike\\hl.exe"= UDP:h:\program files\steam\steamapps\guillaumedufik\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{27AC4C26-3D6C-4EC8-9D88-F6892902AFF1}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike\\hl.exe"= TCP:h:\program files\steam\steamapps\guillaumedufik\counter-strike\hl.exe:Half-Life Launcher

"{8CC4F93B-2DFA-4D45-92F4-4997122E934E}"= UDP:c:\program files\Vista Anti-Lag\val.exe:Vista Anti-Lag

"{8372E150-DB43-437F-991E-0D4AC096BC27}"= TCP:c:\program files\Vista Anti-Lag\val.exe:Vista Anti-Lag

"{6F4FC972-9B30-488E-A171-2C522C6DDE83}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS5C53.tmp\setup\HPZnui01.exe:hpznui01.exe

"{440A111E-F51B-4B9A-AED2-19216576F812}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS5C53.tmp\setup\HPZnui01.exe:hpznui01.exe

"{F4AC5529-2951-4C88-B42C-EE3D6172843C}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS952D.tmp\setup\HPZnui01.exe:hpznui01.exe

"{4D30B741-0BBA-47A3-9FA8-D7BE8DD9761B}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS952D.tmp\setup\HPZnui01.exe:hpznui01.exe

"{D6933E02-DC8E-4819-A480-122456DC9EE3}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zSFC86.tmp\setup\HPZnui01.exe:hpznui01.exe

"{05F669F5-A6EC-4E58-98C3-B7A21A7CC904}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zSFC86.tmp\setup\HPZnui01.exe:hpznui01.exe

"{26EB30A1-59D2-4D3D-8B57-4C08C5D39638}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS48D3.tmp\setup\HPZnui01.exe:hpznui01.exe

"{66DAE81B-46F7-4B6B-AC90-DA53AF37795E}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS48D3.tmp\setup\HPZnui01.exe:hpznui01.exe

"{DED77812-99D5-41A7-87DE-8A16E952BAB1}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

"{324607DB-C65E-4037-A123-489F801955BC}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

"{663241D2-BA9B-419F-BAB4-F1527D147DD3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{791346E9-927E-4278-9B51-7F3BF891B056}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"TCP Query User{331AD6A2-E5EE-43F4-9458-CCE89293EF46}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike\\hl.exe"= UDP:h:\program files\steam\steamapps\guillaumedufik\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{F8C4A7B1-A1F9-4396-9200-706A53C06F41}h:\\program files\\steam\\steamapps\\guillaumedufik\\counter-strike\\hl.exe"= TCP:h:\program files\steam\steamapps\guillaumedufik\counter-strike\hl.exe:Half-Life Launcher

"{2046FDA4-573A-4FC4-B588-D296FADDA319}"= UDP:5353:Adobe CSI CS4

"{C0C803A3-DE9F-4DCE-ACD9-A45A30B28B28}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{BAC861B6-45C3-412B-9B0B-EE7BB3963D0C}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{205D6DB9-09D9-40CA-BF86-2B8FDFAB27DC}"= UDP:3703:Adobe Version Cue CS4 Server

"{350D2814-9E04-49A7-A157-E097EB41A373}"= UDP:3704:Adobe Version Cue CS4 Server

"{65D7D4B9-FB51-4F35-95DB-EE640E131706}"= UDP:51000:Adobe Version Cue CS4 Server

"{38D02223-767F-4729-969C-E78AE09E156C}"= UDP:51001:Adobe Version Cue CS4 Server

"{FEA20BA4-B9B4-4DB5-A6DE-467741566862}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server

"{1EE83604-A39A-45D3-953B-1EE84AD8EED4}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server

"{564FB498-4FA7-454D-9E70-8F25FC2A10C3}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{B18846C1-0A6B-41DC-93E3-71BAEF5A507A}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"TCP Query User{7DC64539-D399-489D-8E9E-F88C0E078B46}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{A8D538AE-FC89-4099-AAAC-870A2E23133D}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"{E8A3AE7C-B1D9-4810-9AEE-063CEB7D497B}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zSE478.tmp\setup\HPZnui01.exe:hpznui01.exe

"{F2D3A039-08F9-40BD-86FC-EDEC1E5DB90A}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zSE478.tmp\setup\HPZnui01.exe:hpznui01.exe

"{00CEFB9B-D30F-4352-88E7-85137A557F1A}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zSE322.tmp\setup\HPZnui01.exe:hpznui01.exe

"{3AE48B86-F17A-4665-A495-45D3AD08F28A}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zSE322.tmp\setup\HPZnui01.exe:hpznui01.exe

"{BC9A1F77-8E1A-4A8E-B478-668F81C8DB31}"= UDP:c:\users\GuiGui\AppData\Local\Temp\7zS945.tmp\setup\HPZnui01.exe:hpznui01.exe

"{3E51C3C2-6D11-47F6-91B2-02F3F93A4E57}"= TCP:c:\users\GuiGui\AppData\Local\Temp\7zS945.tmp\setup\HPZnui01.exe:hpznui01.exe

"TCP Query User{390AC96E-D12E-4BBC-8B64-73F9BD28B4B4}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{1F63953A-885A-44EF-8023-36692740A6B3}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"TCP Query User{4D1AE879-6ACA-4B94-9019-DCBFFF4DD21B}h:\\wamp\\bin\\apache\\apache2.2.10\\bin\\httpd.exe"= UDP:h:\wamp\bin\apache\apache2.2.10\bin\httpd.exe:Apache HTTP Server

"UDP Query User{FEF99B79-261F-42DA-A3E3-2C46861EFB57}h:\\wamp\\bin\\apache\\apache2.2.10\\bin\\httpd.exe"= TCP:h:\wamp\bin\apache\apache2.2.10\bin\httpd.exe:Apache HTTP Server

"TCP Query User{D75D7CEE-2666-4F18-9DA9-989EF486042C}h:\\program files\\tmnationsforever\\tmforever.exe"= UDP:h:\program files\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{29F6E9E1-AC45-43BC-B9B1-1ADAD525E6A7}h:\\program files\\tmnationsforever\\tmforever.exe"= TCP:h:\program files\tmnationsforever\tmforever.exe:TmForever

"{244AF71D-F4B0-4FD3-A7A1-D54798A5E702}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{6C0977E5-AB02-460C-BF3C-ADCA9AF2AB3D}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{D6B9B31D-70E5-47F9-BF42-7626BAE8BB9F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{A949D650-E0DB-4E6D-8DCB-B49C8AA23C54}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{DF62C207-1CDE-43D2-923D-F94B0548CC6C}"= UDP:h:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War

"{99A0565C-27FD-49A2-BC14-45BA58853A42}"= TCP:h:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War

"{05646965-E979-4BA1-A8FF-932A6E89B19D}"= UDP:h:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War

"{AE0A8495-2E16-4350-A5DE-9B7649A491ED}"= TCP:h:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War

"{7909CA3E-6615-46B6-B8D3-B6F8B0A10A18}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS2D0D.tmp\setup\HPZnui01.exe:hpznui01.exe

"{F128A9DC-76DB-4268-AF18-E3955B6DBC5D}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS2D0D.tmp\setup\HPZnui01.exe:hpznui01.exe

"{3C825857-860C-4729-8182-9F285175C667}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zSB1E0.tmp\setup\HPZnui01.exe:hpznui01.exe

"{08DDDE3B-8741-444A-A1CF-512BD4A87CEA}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zSB1E0.tmp\setup\HPZnui01.exe:hpznui01.exe

"{4166197B-4DC1-432F-9776-14C8C18EE194}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zS6B50.tmp\setup\HPZnui01.exe:hpznui01.exe

"{B1CE851F-759D-4A66-AE34-F5C09A1CF0C9}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zS6B50.tmp\setup\HPZnui01.exe:hpznui01.exe

"{BBD9ADAD-E1CA-4B3D-BBF0-EA777F8C9F6A}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zSA8BE.tmp\setup\HPZnui01.exe:hpznui01.exe

"{ECECAB01-95A2-45D0-8782-A0CAC2F84B3F}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zSA8BE.tmp\setup\HPZnui01.exe:hpznui01.exe

"{E47C4345-E927-4EB5-A95E-F650C901922B}"= UDP:h:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{A405F726-0C04-4B90-B1FD-B3B2E9ABE1A0}"= TCP:h:\program files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2

"{57AE43D4-314E-44CD-8173-3C9F4F9B6620}"= UDP:h:\program files\Electronic Arts\Alerte Rouge 3\RA3.exe:RA3

"{8040087D-C43B-4A5A-93B3-7501562267D4}"= TCP:h:\program files\Electronic Arts\Alerte Rouge 3\RA3.exe:RA3

"{3C93984B-5227-4207-A5D0-E543FDACA85A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{15855276-81BC-4399-B022-C7A081BB98E0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{D1C78151-AE16-441E-8762-72420ACB4952}"= UDP:h:\program files\ma-config.com\maconfservice.exe:maconfservice

"{CE2474AF-DF88-4954-954B-75654151F2B8}"= TCP:h:\program files\ma-config.com\maconfservice.exe:maconfservice

"{2AC7DB73-CCB7-46F4-B9A4-840766CC22B7}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{D2D0246D-2476-444E-879B-5BE751DEB71D}"= UDP:5353:Adobe CSI CS4

"{A47BDE4C-8894-402E-88C0-7730A5389A7A}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{F01B0C2C-8E12-48F6-9873-BE9277A3E31B}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

"{6158FDEC-80D4-446B-974F-E9D9C793A2CF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{3CC53FF4-E6AE-44B5-AA34-85C1CF5DB1A2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{00B8EA5E-4C3E-4474-ABC8-863AD2F9031A}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

"{BB041692-FFAD-4357-8390-F8EEBB8AF896}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice

"{C08B6CF2-6B57-4413-9835-1AB9E7FF966A}"= Disabled:UDP:c:\users\GuiGui\AppData\Local\Temp\7zSA66E.tmp\setup\HPZnui01.exe:hpznui01.exe

"{ECA78428-6860-4B14-AE99-50F2CDD5EE77}"= Disabled:TCP:c:\users\GuiGui\AppData\Local\Temp\7zSA66E.tmp\setup\HPZnui01.exe:hpznui01.exe

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [2008-10-05 25896]

R2 RealtekUSB;RealtekUSB;c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [2008-10-05 36864]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187.sys [2008-10-05 335872]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;h:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-11-18 1527900]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-23 55280]

S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [2008-12-12 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [2008-12-12 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [2008-12-12 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [2008-12-12 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [2008-12-12 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [2008-12-12 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [2008-12-12 115752]

S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\System32\drivers\sis163u.sys [2008-11-04 218112]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-11-18 544768]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60652f6a-bcaf-11dd-b5b0-001a92ba9256}]

\shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd0016c3-0bc9-11de-9980-001a92ba9256}]

\shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

%SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

Contenu du dossier 'Tâches planifiées'

2009-03-28 c:\windows\Tasks\Defraggler Volume H Task.job

- h:\program files\Defraggler\df.exe [2009-03-13 15:37]

.

.

------- Examen supplémentaire -------

.

mWindow Title =

uInternet Settings,ProxyOverride = local

IE: Ajouter au fichier PDF existant

IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Ajouter à un fichier PDF existant - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir au format PDF

IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convertir la cible du lien en Adobe PDF

IE: Convertir la cible du lien en un fichier PDF existant

FF - ProfilePath - c:\users\GuiGui\AppData\Roaming\Mozilla\Firefox\Profiles\8pv7je9g.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=

.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-01 17:20:01

Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\TEMP\TMP00000002B14EC1BB2C185D13 524288 bytes

c:\users\GuiGui\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt 153 bytes

Scan terminé avec succès

Fichiers cachés: 2

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe

c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe

h:\program files\MagicTune Premium\MagicTuneEngine.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\windows\System32\PnkBstrA.exe

c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\WUDFHost.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Media Player\wmpnscfg.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Heure de fin: 2009-04-01 17:23:58 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-04-01 15:23:54

ComboFix2.txt 2009-04-01 15:05:41

Avant-CF: 12 315 230 208 octets libres

Après-CF: 12,034,338,816 octets libres

397 --- E O F --- 2009-03-23 14:08:04

Merci encore de tes réponses plutot rapides !

Connexion

Pas encore inscrit ?

[RESOLU] PC Infecté, du jour au lendemain !

Messages recommandés

NotPerfect

Lien vers le commentaire

Partager sur d’autres sites

Falkra

Lien vers le commentaire

Partager sur d’autres sites

NotPerfect

Lien vers le commentaire

Partager sur d’autres sites

NotPerfect

Lien vers le commentaire

Partager sur d’autres sites

Falkra

Lien vers le commentaire

Partager sur d’autres sites

NotPerfect

Lien vers le commentaire

Partager sur d’autres sites

Falkra

Lien vers le commentaire

Partager sur d’autres sites

NotPerfect

Lien vers le commentaire

Partager sur d’autres sites

Falkra

Lien vers le commentaire

Partager sur d’autres sites

NotPerfect

Lien vers le commentaire

Partager sur d’autres sites

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer