analyse rapport hijackthis svp

[xerel]

salut, depuis peu , j'ai des pages internet qui s'affiche et qui me dise que mon pc est infecté et qu'il faut que je lance une détection via cette page. Bien sur je ne l'ai pas fait, j'ai essayé de supprimé ce virus, j'ai lancé spybot sarch & destroy, ad aware SE personal, ils ont trouvé des trucs, mais malgré ça le virus demeure toujours. j'ai aussi lancé CCleaner, pour faire un peu de nettoyage. Donc je voudrais que l'on m'aide, voila le rapport hijackthis, si quelqu'un pourrait me dire ou est le problème, merci d'avance.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:21, on 2009-04-12

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP_1\VBPTASK.EXE

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Steam\steam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - (no file)

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {4380F4A3-A0DA-4733-079D-E1AEA382EE4D} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP_1\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\Fenpowernet.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [A00F2DAC13.exe] C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\_A00F2DAC13.exe

O4 - HKCU\..\Run: [A00F251866.exe] C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\_A00F251866.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_2\Ghost (file missing)

O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_2\Ghost (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://www.triforce.fr/plugin/DivXBrowserPlugin.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_0_4.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: __c00D4F9 - C:\WINDOWS\system32\__c00D4F9.dat

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O24 - Desktop Component 0: (no name) - http://www.google.fr/intl/fr_fr/images/logo.gif

 

--

End of file - 9365 bytes

[Gof]

Bonjour xerel

 

Il y a des traces en effet visibles d'infection. Génère un rapport comme ceci je te prie :

 

Télécharge SmitfraudFix sur ton bureau.

• Double-clique sur smitfraudfix
  
• Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
  
• Poste le rapport sur le forum dans ta prochaine réponse.
  Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
  

[xerel]

salut, merci de vouloir m'aider !

Voila le rapport que tu m'as demandé.

 

SmitFraudFix v2.408

 

Rapport fait à 14:36:49.45, 2009-04-12

Executé à partir de C:\Documents and Settings\Aur‚lien\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP_1\VBPTASK.EXE

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\Steam\steam.exe

c:\program files\steam\steamapps\mick512\day of defeat source\hl2.exe

C:\Program Files\Steam\GameOverlayUI.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Aur‚lien

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Aur‚lien\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\AURLIE~1\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="http://www.google.fr/intl/fr_fr/images/logo.gif"'>http://www.google.fr/intl/fr_fr/images/logo.gif"

"SubscribedURL"="http://www.google.fr/intl/fr_fr/images/logo.gif"

"FriendlyName"=""

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

o4Patch

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

 

»»»»»»»»»»»»»»»»»»»»»»»» RK

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Carte réseau virtuelle FreeBox USB #5 - Miniport d'ordonnancement de paquets

DNS Server Search Order: 195.5.219.1

 

Description: Carte réseau virtuelle FreeBox USB #5 - Miniport d'ordonnancement de paquets

DNS Server Search Order: 212.27.40.240

DNS Server Search Order: 212.27.40.241

 

Description: Carte réseau virtuelle FreeBox USB #5 - Miniport d'ordonnancement de paquets

DNS Server Search Order: 212.27.40.241

DNS Server Search Order: 212.27.40.240

 

Description: Carte réseau virtuelle FreeBox USB #5 - Miniport d'ordonnancement de paquets

DNS Server Search Order: 212.27.53.252

DNS Server Search Order: 212.27.54.252

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{85755769-B15D-45AE-BFCE-38F3D8A0F87B}: DhcpNameServer=195.5.219.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D78CB50-3AD8-4DB8-802D-92D02DD1F0CC}: DhcpNameServer=212.27.40.240 212.27.40.241

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A7574293-BA19-4C42-8056-AB5A0DD13965}: DhcpNameServer=212.27.53.252 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B8317BF5-3602-4816-95D3-2158E9E2F0DF}: DhcpNameServer=212.27.40.241 212.27.40.240

HKLM\SYSTEM\CS1\Services\Tcpip\..\{85755769-B15D-45AE-BFCE-38F3D8A0F87B}: DhcpNameServer=195.5.219.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D78CB50-3AD8-4DB8-802D-92D02DD1F0CC}: DhcpNameServer=212.27.40.240 212.27.40.241

HKLM\SYSTEM\CS1\Services\Tcpip\..\{A7574293-BA19-4C42-8056-AB5A0DD13965}: DhcpNameServer=212.27.53.252 212.27.54.252

HKLM\SYSTEM\CS1\Services\Tcpip\..\{B8317BF5-3602-4816-95D3-2158E9E2F0DF}: DhcpNameServer=212.27.40.241 212.27.40.240

HKLM\SYSTEM\CS2\Services\Tcpip\..\{85755769-B15D-45AE-BFCE-38F3D8A0F87B}: DhcpNameServer=195.5.219.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{9D78CB50-3AD8-4DB8-802D-92D02DD1F0CC}: DhcpNameServer=212.27.40.240 212.27.40.241

HKLM\SYSTEM\CS2\Services\Tcpip\..\{A7574293-BA19-4C42-8056-AB5A0DD13965}: DhcpNameServer=212.27.53.252 212.27.54.252

HKLM\SYSTEM\CS2\Services\Tcpip\..\{B8317BF5-3602-4816-95D3-2158E9E2F0DF}: DhcpNameServer=212.27.40.241 212.27.40.240

HKLM\SYSTEM\CS3\Services\Tcpip\..\{85755769-B15D-45AE-BFCE-38F3D8A0F87B}: DhcpNameServer=195.5.219.1

HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D78CB50-3AD8-4DB8-802D-92D02DD1F0CC}: DhcpNameServer=212.27.40.240 212.27.40.241

HKLM\SYSTEM\CS3\Services\Tcpip\..\{A7574293-BA19-4C42-8056-AB5A0DD13965}: DhcpNameServer=212.27.53.252 212.27.54.252

HKLM\SYSTEM\CS3\Services\Tcpip\..\{B8317BF5-3602-4816-95D3-2158E9E2F0DF}: DhcpNameServer=212.27.40.241 212.27.40.240

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

[Gof]

Re

 

Bon. Relance un scan HijackThis

• Clique sur Do a system scan only et coche les lignes ci-dessous :
  

• O2 - BHO: (no name) - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - (no file)
  O2 - BHO: (no name) - {4380F4A3-A0DA-4733-079D-E1AEA382EE4D} - (no file)
  O4 - HKCU\..\Run: [A00F2DAC13.exe] C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\_A00F2DAC13.exe
  O4 - HKCU\..\Run: [A00F251866.exe] C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\_A00F251866.exe
  O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_2\Ghost (file missing)
  O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_2\Ghost (file missing)
  O20 - Winlogon Notify: __c00D4F9 - C:\WINDOWS\system32\__c00D4F9.dat
  

• Ferme toutes les fenêtres sauf HijackThis et Fix Checked.
  

 

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.

• Double-clique sur OTMoveIt.exe pour le lancer.
  
• Assure toi que Unregister Dll's and Ocx's soit coché.
  
• Copie-colle dans le cadre de gauche de OTMoveIt :Paste Instructions for Item to be moved tout ce qui suit et que j'ai mis en rouge
  

• deb
  :files
  C:\Documents and Settings\AURELIEN\Local Settings\Temp\_A00F2DAC13.exe
  C:\Documents and Settings\AURELIEN\Local Settings\Temp\_A00F251866.exe
  C:\WINDOWS\system32\__c00D4F9.dat
   
  :commands
  [emptytemp]
  

 

• Clique sur MoveIt! pour lancer la suppression.
  
• Le résultat apparaitra dans le cadre Results. Copie le résultat.
  
• Clique sur Exit pour fermer.
  
• Colle le résultat dans ta prochain réponse.
  Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes. Et poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom [nombres_nombres].log.
  

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Branche tes supports amovibles (clés USB, lecteurs MP3, cartes Flash, etc.) sans les ouvrir.
  
• Sélectionne "Exécuter un examen complet"
  
• Clique sur "Rechercher"
  
• L'analyse démarre.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

[xerel]

salut voila la suite

 

le 1er rapport OTmoveIT

 

Error: Unable to interpret <deb> in the current context!

========== FILES ==========

File/Folder C:\Documents and Settings\AURELIEN\Local Settings\Temp\_A00F2DAC13.exe not found.

File/Folder C:\Documents and Settings\AURELIEN\Local Settings\Temp\_A00F251866.exe not found.

File move failed. C:\WINDOWS\system32\__c00D4F9.dat scheduled to be moved on reboot.

========== COMMANDS ==========

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\ZZ4ZMKIH\CA0TBJK7CAPYFKMICAS2R83TCANCPZ8RCAEVZXSHCAFUW09GCA6NV0T5CA42OTPXCAAFQFSYCAJ

55E1SCAHYF4TTCA5PJNU2CAD0BXN5CACV6K3NCA9S090YCAJXRX9LCALOCZLUCAY21POBCA6GWJEWCAY

8

GI77CAK23CUS.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\ZZ4ZMKIH\CABWWQXWCANRPQ2DCAWAL267CA4OTRO1CA7QEM3LCA3BT1SOCACNJOF3CA3VID69CAKN9FGACAW

9G95ZCASL5Z1OCAI1D4HFCA0N3A6WCATRCPNECAXYPIFLCAGNGBTZCA4YF202CA0N1XCOCAKYJ48LCAF

S

3HK2CA7554GK.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\TQSV7A20\hp[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\LK4SLRFH\analyse-rapport-hijackthis-svp-t161741[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\LK4SLRFH\iframe[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\LK4SLRFH\online-scan[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\LK4SLRFH\OTMoveIt3[1].exe scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\LK4SLRFH\rectangle_300x250[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\IC9CAWA6\ads[7].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\IC9CAWA6\ban_728x90[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CAD5DZ8BCACNN8TQCACJOLIECAR94SBJCAA4SQS3CATZXNCICAXYSRUYCAYL7HCRCANM94ZKCA5

ZI2M0CAG7ZZIACAK41I63CAAV5VN5CAKRTYDTCADRUQ98CA9G4BWECA02627JCAWRVTA2CAQG6GTXCAT

Q

62KQCAH00UH4.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CAIY6WUZCA6MTQJHCAR15CY8CA6GB9W0CAZZED7QCA5K7EHRCAOLKK3RCAP0KLAQCAAEJA38CAK

NH36FCARNKJM8CAAR7TY6CAQTVIXYCAVW206FCAY5FGYNCA408FX7CAQGMZRECALOIJ9DCA6QBNOLCAA

Z

YM7ECA4TUBCR.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CALKWL3QCAEJTE9RCAAYNMQPCA6YJ5HCCAQ3VG6JCALCH0U7CAXMO47SCA8I3JALCAXHRSNSCAW

1YFLFCARP6EG9CAE9ABKUCARI41K3CAH87P2ICAV8PX3DCA9CPOM4CAQO9I5ACA62IKH5CABZ9EXQCAG

2

FCYVCAXTFKSH.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CAO1JK1VCAFOPW8TCA76GYPCCADROX0JCA0GSUN4CA8U9B7ZCAS78DILCAYIO14WCAWHGNJOCAN

WQDB9CA6JHG14CAY5PLG1CACXPVO3CAH852INCAT181XXCA33JJAOCA4U0DPSCA5JW1QNCAAP9Y90CAD

L

H354CAQG1U50.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CAR7RN63CAYECU02CA13JD2KCACBQ5X9CAFTDKC5CAG1L3GVCAQ4V3SOCA25S2ROCA3N6VYVCAY

PEE0JCAZ4JME9CA9UYVI0CANF1IP6CAHWPD1GCAPOV4U2CA4M2G3UCAUS9XQDCAZ90JEMCADP0RTMCA7

X

PRY8CAEPR04D.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CARXFUQZCA7E4ESLCA13109SCADZ2F3ECACA2S16CAWVOHH6CAOMWU88CAMX7CZTCASU39NICA3

H0P75CA8BWQ53CA6WIBE3CACBO9ZGCAVP0QKXCAANM504CAAZTG4ICAAYW52OCAQTBSI3CAK1XL4RCAC

5

DI7HCAHC0QUY.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CASJVV09CA6YUDBPCAX9MFQACAEC8N70CAUZ6VRQCASAXU1ZCAFJBOEACADVT0HTCA656LDBCAO

9AQCRCAVXK32ZCAXKGY2MCATP0MZ8CABU3VLOCAW2AJYSCA2042TFCAEUYJO9CAL0PZAVCAZ7YB3DCAF

6

CKYYCAUIIP98.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CAZ1KVG1CAGWCZIVCA2GB78KCAVWYL8VCAG4K862CA91BKB9CANSB1V7CAAFAIGPCAZK6US7CAI

RY11DCAI8UW0UCA3YXPJCCA531OUGCAFLS25PCAYGVHUMCA7D2G71CAFTX4CVCATXB1ISCAA3V9J5CA5

U

EJS2CAF3IXWH.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\dref=http%253A%252F%252Fwww.pspgen.com%252Fmodules[1].php%253Fname%253DForums%2526file%253Dviewtopic%2526t%253D127484%2526postdays%253D0%2526postorder%253Dasc%2526start%253D0 scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

Network Service Temp folder emptied.

Network Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Java cache emptied.

Temp folders emptied.

 

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04132009_122217

 

et voila le second sous le nom nombre_nombre.log

 

Error: Unable to interpret <deb> in the current context!

========== FILES ==========

File/Folder C:\Documents and Settings\AURELIEN\Local Settings\Temp\_A00F2DAC13.exe not found.

File/Folder C:\Documents and Settings\AURELIEN\Local Settings\Temp\_A00F251866.exe not found.

File move failed. C:\WINDOWS\system32\__c00D4F9.dat scheduled to be moved on reboot.

========== COMMANDS ==========

User's Temp folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\ZZ4ZMKIH\CA0TBJK7CAPYFKMICAS2R83TCANCPZ8RCAEVZXSHCAFUW09GCA6NV0T5CA42OTPXCAAFQFSYCAJ

55E1SCAHYF4TTCA5PJNU2CAD0BXN5CACV6K3NCA9S090YCAJXRX9LCALOCZLUCAY21POBCA6GWJEWCAY

8

GI77CAK23CUS.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\ZZ4ZMKIH\CABWWQXWCANRPQ2DCAWAL267CA4OTRO1CA7QEM3LCA3BT1SOCACNJOF3CA3VID69CAKN9FGACAW

9G95ZCASL5Z1OCAI1D4HFCA0N3A6WCATRCPNECAXYPIFLCAGNGBTZCA4YF202CA0N1XCOCAKYJ48LCAF

S

3HK2CA7554GK.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\TQSV7A20\hp[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\LK4SLRFH\analyse-rapport-hijackthis-svp-t161741[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\LK4SLRFH\iframe[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\LK4SLRFH\online-scan[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\LK4SLRFH\OTMoveIt3[1].exe scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\LK4SLRFH\rectangle_300x250[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\IC9CAWA6\ads[7].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\IC9CAWA6\ban_728x90[1].htm scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CAD5DZ8BCACNN8TQCACJOLIECAR94SBJCAA4SQS3CATZXNCICAXYSRUYCAYL7HCRCANM94ZKCA5

ZI2M0CAG7ZZIACAK41I63CAAV5VN5CAKRTYDTCADRUQ98CA9G4BWECA02627JCAWRVTA2CAQG6GTXCAT

Q

62KQCAH00UH4.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CAIY6WUZCA6MTQJHCAR15CY8CA6GB9W0CAZZED7QCA5K7EHRCAOLKK3RCAP0KLAQCAAEJA38CAK

NH36FCARNKJM8CAAR7TY6CAQTVIXYCAVW206FCAY5FGYNCA408FX7CAQGMZRECALOIJ9DCA6QBNOLCAA

Z

YM7ECA4TUBCR.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CALKWL3QCAEJTE9RCAAYNMQPCA6YJ5HCCAQ3VG6JCALCH0U7CAXMO47SCA8I3JALCAXHRSNSCAW

1YFLFCARP6EG9CAE9ABKUCARI41K3CAH87P2ICAV8PX3DCA9CPOM4CAQO9I5ACA62IKH5CABZ9EXQCAG

2

FCYVCAXTFKSH.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CAO1JK1VCAFOPW8TCA76GYPCCADROX0JCA0GSUN4CA8U9B7ZCAS78DILCAYIO14WCAWHGNJOCAN

WQDB9CA6JHG14CAY5PLG1CACXPVO3CAH852INCAT181XXCA33JJAOCA4U0DPSCA5JW1QNCAAP9Y90CAD

L

H354CAQG1U50.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CAR7RN63CAYECU02CA13JD2KCACBQ5X9CAFTDKC5CAG1L3GVCAQ4V3SOCA25S2ROCA3N6VYVCAY

PEE0JCAZ4JME9CA9UYVI0CANF1IP6CAHWPD1GCAPOV4U2CA4M2G3UCAUS9XQDCAZ90JEMCADP0RTMCA7

X

PRY8CAEPR04D.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CARXFUQZCA7E4ESLCA13109SCADZ2F3ECACA2S16CAWVOHH6CAOMWU88CAMX7CZTCASU39NICA3

H0P75CA8BWQ53CA6WIBE3CACBO9ZGCAVP0QKXCAANM504CAAZTG4ICAAYW52OCAQTBSI3CAK1XL4RCAC

5

DI7HCAHC0QUY.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CASJVV09CA6YUDBPCAX9MFQACAEC8N70CAUZ6VRQCASAXU1ZCAFJBOEACADVT0HTCA656LDBCAO

9AQCRCAVXK32ZCAXKGY2MCATP0MZ8CABU3VLOCAW2AJYSCA2042TFCAEUYJO9CAL0PZAVCAZ7YB3DCAF

6

CKYYCAUIIP98.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CAZ1KVG1CAGWCZIVCA2GB78KCAVWYL8VCAG4K862CA91BKB9CANSB1V7CAAFAIGPCAZK6US7CAI

RY11DCAI8UW0UCA3YXPJCCA531OUGCAFLS25PCAYGVHUMCA7D2G71CAFTX4CVCATXB1ISCAA3V9J5CA5

U

EJS2CAF3IXWH.gif scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\dref=http%253A%252F%252Fwww.pspgen.com%252Fmodules[1].php%253Fname%253DForums%2526file%253Dviewtopic%2526t%253D127484%2526postdays%253D0%2526postorder%253Dasc%2526start%253D0 scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.

User's Temporary Internet Files folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

Network Service Temp folder emptied.

Network Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Java cache emptied.

Temp folders emptied.

 

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04132009_122217

 

Files moved on Reboot...

File move failed. C:\WINDOWS\system32\__c00D4F9.dat scheduled to be moved on reboot.

File C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\ZZ4ZMKIH\CA0TBJK7CAPYFKMICAS2R83TCANCPZ8RCAEVZXSHCAFUW09GCA6NV0T5CA42OTPXCAAFQFSYCAJ

55E1SCAHYF4TTCA5PJNU2CAD0BXN5CACV6K3NCA9S090YCAJXRX9LCALOCZLUCAY21POBCA6GWJEWCAY

8

GI77CAK23CUS.gif not found!

File C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\ZZ4ZMKIH\CABWWQXWCANRPQ2DCAWAL267CA4OTRO1CA7QEM3LCA3BT1SOCACNJOF3CA3VID69CAKN9FGACAW

9G95ZCASL5Z1OCAI1D4HFCA0N3A6WCATRCPNECAXYPIFLCAGNGBTZCA4YF202CA0N1XCOCAKYJ48LCAF

S

3HK2CA7554GK.gif not found!

C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\TQSV7A20\hp[1].htm moved successfully.

C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\LK4SLRFH\analyse-rapport-hijackthis-svp-t161741[1].htm moved successfully.

C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\LK4SLRFH\iframe[1].htm moved successfully.

C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\LK4SLRFH\online-scan[1].htm moved successfully.

C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\LK4SLRFH\OTMoveIt3[1].exe moved successfully.

C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\LK4SLRFH\rectangle_300x250[1].htm moved successfully.

C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\IC9CAWA6\ads[7].htm moved successfully.

C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\IC9CAWA6\ban_728x90[1].htm moved successfully.

File C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CAD5DZ8BCACNN8TQCACJOLIECAR94SBJCAA4SQS3CATZXNCICAXYSRUYCAYL7HCRCANM94ZKCA5

ZI2M0CAG7ZZIACAK41I63CAAV5VN5CAKRTYDTCADRUQ98CA9G4BWECA02627JCAWRVTA2CAQG6GTXCAT

Q

62KQCAH00UH4.gif not found!

File C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CAIY6WUZCA6MTQJHCAR15CY8CA6GB9W0CAZZED7QCA5K7EHRCAOLKK3RCAP0KLAQCAAEJA38CAK

NH36FCARNKJM8CAAR7TY6CAQTVIXYCAVW206FCAY5FGYNCA408FX7CAQGMZRECALOIJ9DCA6QBNOLCAA

Z

YM7ECA4TUBCR.gif not found!

File C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CALKWL3QCAEJTE9RCAAYNMQPCA6YJ5HCCAQ3VG6JCALCH0U7CAXMO47SCA8I3JALCAXHRSNSCAW

1YFLFCARP6EG9CAE9ABKUCARI41K3CAH87P2ICAV8PX3DCA9CPOM4CAQO9I5ACA62IKH5CABZ9EXQCAG

2

FCYVCAXTFKSH.gif not found!

File C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CAO1JK1VCAFOPW8TCA76GYPCCADROX0JCA0GSUN4CA8U9B7ZCAS78DILCAYIO14WCAWHGNJOCAN

WQDB9CA6JHG14CAY5PLG1CACXPVO3CAH852INCAT181XXCA33JJAOCA4U0DPSCA5JW1QNCAAP9Y90CAD

L

H354CAQG1U50.gif not found!

File C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CAR7RN63CAYECU02CA13JD2KCACBQ5X9CAFTDKC5CAG1L3GVCAQ4V3SOCA25S2ROCA3N6VYVCAY

PEE0JCAZ4JME9CA9UYVI0CANF1IP6CAHWPD1GCAPOV4U2CA4M2G3UCAUS9XQDCAZ90JEMCADP0RTMCA7

X

PRY8CAEPR04D.gif not found!

File C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CARXFUQZCA7E4ESLCA13109SCADZ2F3ECACA2S16CAWVOHH6CAOMWU88CAMX7CZTCASU39NICA3

H0P75CA8BWQ53CA6WIBE3CACBO9ZGCAVP0QKXCAANM504CAAZTG4ICAAYW52OCAQTBSI3CAK1XL4RCAC

5

DI7HCAHC0QUY.gif not found!

File C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CASJVV09CA6YUDBPCAX9MFQACAEC8N70CAUZ6VRQCASAXU1ZCAFJBOEACADVT0HTCA656LDBCAO

9AQCRCAVXK32ZCAXKGY2MCATP0MZ8CABU3VLOCAW2AJYSCA2042TFCAEUYJO9CAL0PZAVCAZ7YB3DCAF

6

CKYYCAUIIP98.gif not found!

File C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\CAZ1KVG1CAGWCZIVCA2GB78KCAVWYL8VCAG4K862CA91BKB9CANSB1V7CAAFAIGPCAZK6US7CAI

RY11DCAI8UW0UCA3YXPJCCA531OUGCAFLS25PCAYGVHUMCA7D2G71CAFTX4CVCATXB1ISCAA3V9J5CA5

U

EJS2CAF3IXWH.gif not found!

File C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\Content.IE5\6QEPWPV5\dref=http%253A%252F%252Fwww.pspgen.com%252Fmodules[1].php%253Fname%253DForums%2526file%253Dviewtopic%2526t%253D127484%2526postdays%253D0%2526postorder%253Dasc%2526start%253D0 not found!

C:\Documents and Settings\Aurélien\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved

successfully.

 

voila le rapport malwarebyte-antimalware :

 

Malwarebytes' Anti-Malware 1.36

Version de la base de données: 1974

Windows 5.1.2600 Service Pack 3

 

2009-04-15 11:35:46

mbam-log-2009-04-15 (11-35-46).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 261999

Temps écoulé: 8 hour(s), 34 minute(s), 40 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 1

Clé(s) du Registre infectée(s): 7

Valeur(s) du Registre infectée(s): 5

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 21

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\__c00D4F9.dat (Trojan.Agent) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2569ac87-0a69-4aee-8c0e-11ac74dee5f5} (Trojan.BHO.H) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{2569ac87-0a69-4aee-8c0e-11ac74dee5f5} (Trojan.BHO.H) -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00d4f9 (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar (Trojan.Istbar) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\every toolbarevery toolbar (Adware.Trace) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcgjaj0e75p (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\atrac.dll (Trojan.BHO.H) -> Delete on reboot.

C:\Documents and Settings\Emelyne\Local Settings\Temp\dzhlkyzc.dat (Rootkit.Agent) -> Delete on reboot.

C:\Documents and Settings\Emelyne\Local Settings\Temporary Internet Files\Content.IE5\06UFOR3K\last[1].exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\Documents and Settings\Emelyne\Local Settings\Temporary Internet Files\Content.IE5\JIU48JBB\last[1].exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-Claire\Local Settings\Temporary Internet Files\Content.IE5\LITA2AQV\last[1].exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\Documents and Settings\Marie-Claire\Local Settings\Temporary Internet Files\Content.IE5\MWVN1C70\last[1].exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pascal\Local Settings\Temporary Internet Files\Content.IE5\C988U0Z2\last[1].exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\Documents and Settings\Pascal\Local Settings\Temporary Internet Files\Content.IE5\DYO6UAU9\last[1].exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\auth.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\__c002D078.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\__c00355B2.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\__c003E671.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\__c0052BA9.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\__c006C77D.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\__c00730A9.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\__c00B5294.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\__c00C6815.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\__c00CFA6.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\__c00D14D9.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\__c00D4F9.dat (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\__c00EDC40.dat (Trojan.Agent) -> Quarantined and deleted successfully.

Modifié le 15 avril 2009 par xerel

[Gof]

Bonsoir xerel

 

Navré des délais, grosse semaine chargée.

 

On va refaire un point de ce qui pourrait subsister. Profite pour me donner des nouvelles du PC en même temps.

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  

[xerel]

salut dsl du retard, j'ai un peu zappé. Les pages antivirus ont arreté de s'afficher, je n'ai plus de problème majeur mais juste des mineurs comme des ralentissements (peut etre du a la surchage du disque dur?) en tout cas voila les nouveaux rapports :

 

-log.txt :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Aurélien at 2009-05-04 22:39:52

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 10 GB (7%) free of 133 GB

Total RAM: 1022 MB (43% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:40:18, on 2009-05-04

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP_1\VBPTASK.EXE

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Documents and Settings\Aurélien\Mes documents\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Aurélien.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {2569AC87-0A69-4AEE-8C0E-11AC74DEE5F5} - C:\WINDOWS\system32\atrac.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon

O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP_1\VBPTASK.EXE" VBStart

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\Fenpowernet.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://m6video.m6.fr/1click/install/files/installer2.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://www.triforce.fr/plugin/DivXBrowserPlugin.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_0_4.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O24 - Desktop Component 0: (no name) - http://www.google.fr/intl/fr_fr/images/logo.gif

 

--

End of file - 8770 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-11 1443112]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2569AC87-0A69-4AEE-8C0E-11AC74DEE5F5}]

C:\WINDOWS\system32\atrac.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]

DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-10-22 106548]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SchedulingAgent"=mstinit.exe /firstlogon []

"farstone"= []

"RestoreIT!"=C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP_1\VBPTASK.EXE [2004-02-06 114688]

"Raccourci vers la page des propriétés de High Definition Audio"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]

"fenaffiche"=C:\Program Files\FenAffiche\Fenpowernet.exe [2004-07-23 49152]

"avgnt"=C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [2008-05-10 262401]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atwtusb]

atwtusb.exe beta []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

C:\WINDOWS\system32\dla\tfswctrl.exe [2003-10-22 114741]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Aurélien^Menu Démarrer^Programmes^Démarrage^Boot-Time.exe]

C:\Documents and Settings\Aurélien\Menu Démarrer\Programmes\Démarrage\Boot-Time.exe []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=

scecli

scecli

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=0

"NoDriveAutoRun"=00000000

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Jeux\Age of empire II\empires2.exe"="C:\Jeux\Age of empire II\empires2.exe:*:Disabled:Age of Empires II"

"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Disabled:GameSpy Arcade"

"C:\Program Files\EA GAMES\MOHDA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHDA\MOHAA.exe:*:Disabled:Medal of Honor Allied Assault"

"C:\Program Files\EA GAMES\MOHDA\moh_Breakthrough.exe"="C:\Program Files\EA GAMES\MOHDA\moh_Breakthrough.exe:*:Disabled:Medal of Honor Allied Assault Breakthrough"

"C:\Program Files\EA GAMES\MOHDA\moh_spearhead.exe"="C:\Program Files\EA GAMES\MOHDA\moh_spearhead.exe:*:Disabled:Medal of Honor Allied Assault Spearhead"

"C:\Program Files\A4Proxy\A4Proxy.exe"="C:\Program Files\A4Proxy\A4Proxy.exe:*:Enabled:Anonymity 4 Proxy Application"

"C:\Program Files\GhostSurf 2005\Proxy.exe"="C:\Program Files\GhostSurf 2005\Proxy.exe:*:Disabled:GhostSurf proxy"

"C:\Program Files\Web Media Player\webMedia0.61.1.exe"="C:\Program Files\Web Media Player\webMedia0.61.1.exe:*:Enabled:webMedia0.61.1"

"C:\Documents and Settings\Aurélien\Local Settings\Temp\Rar$EX06.125\eMule0.47b\emule.exe"="C:\Documents and Settings\Aurélien\Local Settings\Temp\Rar$EX06.125\eMule0.47b\emule.exe:*:Enabled:eMule"

"C:\Documents and Settings\Aurélien\Local Settings\Temp\Rar$EX05.359\eMule0.47c\emule.exe"="C:\Documents and Settings\Aurélien\Local Settings\Temp\Rar$EX05.359\eMule0.47c\emule.exe:*:Enabled:eMule"

"C:\Documents and Settings\Aurélien\Local Settings\Temp\Rar$EX04.672\emule\eMule.exe"="C:\Documents and Settings\Aurélien\Local Settings\Temp\Rar$EX04.672\emule\eMule.exe:*:Enabled:eMule"

"C:\Documents and Settings\Aurélien\Local Settings\Temp\Rar$EX11.703\emule\eMule.exe"="C:\Documents and Settings\Aurélien\Local Settings\Temp\Rar$EX11.703\emule\eMule.exe:*:Enabled:eMule"

"C:\Program Files\eMuleplus\eMule.exe"="C:\Program Files\eMuleplus\eMule.exe:*:Enabled:eMule Plus"

"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Outil de diagnostic Microsoft DirectX"

"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"

"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"

"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"

"C:\Program Files\Warcraft III\War3.exe"="C:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"

"C:\Program Files\Teamspeak2_RC2 serveur\server_windows.exe"="C:\Program Files\Teamspeak2_RC2 serveur\server_windows.exe:*:Enabled:Server"

"C:\Program Files\Steam\steamapps\unitedcolorofbeneton\day of defeat source\hl2.exe"="C:\Program Files\Steam\steamapps\unitedcolorofbeneton\day of defeat source\hl2.exe:*:Enabled:hl2"

"C:\Program Files\Steam\steamapps\mick512\day of defeat source\hl2.exe"="C:\Program Files\Steam\steamapps\mick512\day of defeat source\hl2.exe:*:Enabled:hl2"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Documents and Settings\antoine\Bureau\emule.exe"="C:\Documents and Settings\antoine\Bureau\emule.exe:*:Disabled:eMule"

"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{111b5efd-56d3-11db-b4bd-0007cb0000ff}]

shell\AutoRun\command - F:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a28323d0-4a64-11db-b499-0007cb0000ff}]

shell\Auto\command - F:\AdobeR.exe e

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a283ac31-76fb-11db-b507-0007cb0000ff}]

shell\Auto\command - H:\AdobeR.exe e

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e775a715-fe95-11dd-bad4-0007cb0000ff}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e88a9694-81ac-11dd-b980-0007cb0000ff}]

shell\Auto\command - AdobeR.exe e

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

 

======List of files/folders created in the last 1 months======

 

2009-05-04 22:39:52 ----D---- C:\rsit

2009-04-16 00:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$

2009-04-16 00:03:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$

2009-04-16 00:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$

2009-04-16 00:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$

2009-04-16 00:00:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$

2009-04-16 00:00:03 ----A---- C:\WINDOWS\imsins.BAK

2009-04-15 23:59:48 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

2009-04-13 20:42:42 ----A---- C:\WINDOWS\system32\avtap.dll

2009-04-13 12:22:17 ----D---- C:\_OTMoveIt

2009-04-12 14:37:06 ----A---- C:\WINDOWS\system32\tmp.txt

2009-04-12 14:36:49 ----A---- C:\rapport.txt

2009-04-12 14:36:15 ----A---- C:\WINDOWS\system32\swxcacls.exe

2009-04-12 14:36:15 ----A---- C:\WINDOWS\system32\swsc.exe

2009-04-12 14:36:15 ----A---- C:\WINDOWS\system32\swreg.exe

2009-04-12 14:36:15 ----A---- C:\WINDOWS\system32\Process.exe

2009-04-12 14:36:15 ----A---- C:\WINDOWS\system32\o4Patch.exe

 

======List of files/folders modified in the last 1 months======

 

2009-05-04 22:29:22 ----D---- C:\WINDOWS\temp

2009-05-04 19:45:50 ----D---- C:\WINDOWS\Prefetch

2009-05-04 19:40:56 ----D---- C:\Program Files\Steam

2009-05-03 23:30:18 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-05-03 15:40:28 ----D---- C:\Program Files\eMule

2009-05-03 11:57:06 ----D---- C:\WINDOWS\system32\CatRoot2

2009-05-01 14:53:42 ----SHD---- C:\WINDOWS\Installer

2009-05-01 12:30:18 ----D---- C:\WINDOWS

2009-04-29 19:34:59 ----A---- C:\WINDOWS\lexstat.ini

2009-04-20 19:51:04 ----D---- C:\Documents and Settings\Aurélien\Application Data\uTorrent

2009-04-19 15:13:41 ----HD---- C:\WINDOWS\inf

2009-04-16 12:16:47 ----D---- C:\WINDOWS\system32

2009-04-16 12:16:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-04-16 12:15:36 ----D---- C:\Program Files\AntiVir PersonalEdition Classic

2009-04-16 12:12:02 ----D---- C:\WINDOWS\system32\wbem

2009-04-16 12:12:02 ----D---- C:\WINDOWS\AppPatch

2009-04-16 00:03:41 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-04-16 00:03:18 ----D---- C:\WINDOWS\system32\fr-fr

2009-04-16 00:03:18 ----D---- C:\Program Files\Internet Explorer

2009-04-16 00:01:01 ----D---- C:\WINDOWS\Debug

2009-04-16 00:00:29 ----HD---- C:\WINDOWS\$hf_mig$

2009-04-15 11:41:55 ----D---- C:\WINDOWS\system32\drivers

2009-04-14 18:58:13 ----SHD---- C:\System Volume Information

2009-04-14 18:58:13 ----D---- C:\WINDOWS\system32\Restore

2009-04-13 12:54:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-04-06 16:57:24 ----A---- C:\WINDOWS\system32\MRT.exe

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-05-10 79424]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2003-07-14 5621]

R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2003-07-14 23219]

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-24 12032]

R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]

R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2003-06-20 40448]

R2 FBAPI;FBAPI; \??\C:\WINDOWS\System32\drivers\FBAPI.sys []

R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2003-10-22 25685]

R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2003-10-22 34837]

R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2003-10-22 4117]

R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2003-10-22 2265]

R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2003-10-22 83572]

R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2003-10-22 14229]

R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2003-10-22 6357]

R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2003-10-22 98164]

R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2003-10-22 100373]

R3 admjoy;Énumérateur de ports jeu Aureal; C:\WINDOWS\system32\DRIVERS\admjoy.sys [2002-08-29 10880]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2007-07-16 1212288]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]

R3 avgntflt;avgntflt; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 fbxusb;Carte réseau virtuelle FreeBox USB (32 bits); C:\WINDOWS\System32\DRIVERS\fbxusb32.sys [2007-08-27 31128]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-03-21 9856]

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-01-21 118656]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 V0080Dev;Creative Camera VF0080 Driver; C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2005-05-06 255230]

S1 aiptektp;HyperPen; C:\WINDOWS\system32\DRIVERS\aiptektp.sys [2004-07-07 22272]

S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

S3 catchme;catchme; \??\C:\DOCUME~1\Pascal\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 EL90X;Pilote de la carte EtherLink XL 90X 3Com; C:\WINDOWS\System32\DRIVERS\el90xnd5.sys [2001-08-23 153631]

S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]

S3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2006-12-25 47360]

S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys []

S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]

S3 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-04-23 28352]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]

S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]

S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]

S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 85696]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73600]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2008-05-10 68865]

R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2008-05-10 147201]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-29 307200]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-06 72704]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

 

-----------------EOF-----------------

 

-rapport info.txt

 

info.txt logfile of random's system information tool 1.06 2009-05-04 22:40:23

 

======Uninstall list======

 

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}

-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {8855FF30-19CE-4CB1-A654-87B38369CCE1}

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x40c

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

1200-V2 WIRELESS SCROLL TABLET-->Rmtablet KNL

Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-551D-4478-9682-DBB587257110}

Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}

Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}

Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}

Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}

Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log

Agere Systems PCI Soft Modem-->agrsmdel

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}

Avira AntiVir Personal – Free Antivirus-->C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

AVPM-Setup-->MsiExec.exe /I{33C4A0D3-3F48-460F-A1F2-4438C638991B}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe

Correctif Lecteur Windows Media 9 [Voir KB885492 pour plus d'informations]-->C:\WINDOWS\$NtUninstallKB885492$\spuninst\spuninst.exe

Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240

Creative Modem Blaster V.92 DI5733-1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1C0717C-546A-11D7-9963-00A0C92C4EC3}\Setup.exe" -l0x40c /remove

Creative WebCam Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{363435F2-7426-11D8-9966-00A0C9663221}\setup.exe" -l0x40c /remove

Creative WebCam Live! Pro/Effects Driver (1.02.05.0506)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0080.uns -unsext NT -plugin V0080Pin.dll -pluginres CtCamPin.crl

Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

eMule-->"C:\Program Files\eMule\Uninstall.exe"

Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe

getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1

greenstreet Picture Browser-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Fichiers communs\GST\Utilities\PBrowser.isu"

Heroes of Might and Magic II-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Heroes2\DeIsL1.isu"

High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotel Giant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4F1B9FE-F3AF-11D5-93D1-00C0CA18FDE6}\setup.exe" -uninst

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Les Sims : et plus si affinités...-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{017E65B1-7484-461A-B16F-7C931166083B}\setup.exe" -l040c

Lexmark 3100 Series-->C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBRUN5C.EXE -dLexmark 3100 Series

LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"

Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}

Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Manuel d'utilisation de Creative WebCam Live! Pro (Français)-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\Manuel d'utilisation de Creative WebCam Live! Pro\French\CTManual.isu"

Meridian 59-->C:\WINDOWS\uninst.exe -fc:\jeux\DeIsL1.isu

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office 2000 SR-1 Disque 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}

Microsoft Office 2000 SR-1 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

MP3 Player Utilities 3.57-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MyDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\Setup.exe" -l0x40c -L0x40c /SMAINT

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PSP Video 9 1.74-->C:\Program Files\pspvideo9\uninst.exe

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly

REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly

Recover Pro-->C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP_1\un_vback.exe

SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe

Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe

SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

Secured eMule 0.47c-->C:\PROGRA~1\SECURE~1\UNWISE.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG

ShowBiz-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07295ABF-1245-415A-BE06-863271753443}\setup.exe" -l0x40c

SIMPLE 4.5V-->"C:\Program Files\SIMPLE45V\miniuins.exe"

Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

Sonic RecordNow DX-->MsiExec.exe /I{8855FF30-19CE-4CB1-A654-87B38369CCE1}

Sonic Simple Backup-->MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}

Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}

SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Steam-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"

Total Video Converter 3.10-->"C:\Program Files\Total Video Converter\unins000.exe"

Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

 

=====HijackThis Backups=====

 

O4 - HKLM\..\Run: [wipe stop boob send] C:\Documents and Settings\All Users\Application Data\Window Free Wipe Stop\Bin Admin.exe [2008-08-22]

O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe [2008-08-22]

O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com [2008-08-22]

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSYYYYYYYYFR [2008-08-22]

O2 - BHO: (no name) - {4380F4A3-A0DA-4733-079D-E1AEA382EE4D} - C:\DOCUME~1\AURLIE~1\APPLIC~1\OOZEWA~1\TRUSTMAGS.exe (file missing) [2008-08-22]

O4 - HKLM\..\Run: [sMrhcgjaj0e75p] C:\Program Files\rhcgjaj0e75p\rhcgjaj0e75p.exe [2008-08-22]

R3 - URLSearchHook: (no name) - - (no file) [2008-08-22]

O4 - HKCU\..\Run: [bAIT SLOW] C:\DOCUME~1\AURLIE~1\APPLIC~1\GRIDGP~1\interaxisstyle.exe [2008-08-22]

O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - [2008-08-22]

O16 - DPF: {00330010-0000-0000-0000-000020160010} - [2008-08-22]

O20 - Winlogon Notify: __c00D4F9 - C:\WINDOWS\system32\__c00D4F9.dat [2009-04-13]

O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_2\Ghost (file missing) [2009-04-13]

O4 - HKCU\..\Run: [A00F2DAC13.exe] C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\_A00F2DAC13.exe [2009-04-13]

O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_6_2\Ghost (file missing) [2009-04-13]

O2 - BHO: (no name) - {4380F4A3-A0DA-4733-079D-E1AEA382EE4D} - (no file) [2009-04-13]

O4 - HKCU\..\Run: [A00F251866.exe] C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\_A00F251866.exe [2009-04-13]

O2 - BHO: (no name) - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - (no file) [2009-04-13]

 

======Hosts File======

 

127.0.0.1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

 

======Security center information======

 

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic (disabled)

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic (disabled)

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic (disabled)

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition (outdated)

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

AV: Avira AntiVir PersonalEdition Classic

 

======System event log======

 

Computer Name: LHEUREUXPMGHAE

Event Code: 7036

Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

 

Record Number: 5685

Source Name: Service Control Manager

Time Written: 20090416121353.000000+120

Event Type: Informations

User:

 

Computer Name: LHEUREUXPMGHAE

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

 

Record Number: 5684

Source Name: Service Control Manager

Time Written: 20090416121353.000000+120

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: LHEUREUXPMGHAE

Event Code: 7036

Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

 

Record Number: 5683

Source Name: Service Control Manager

Time Written: 20090416121353.000000+120

Event Type: Informations

User:

 

Computer Name: LHEUREUXPMGHAE

Event Code: 7036

Message: Le service Détection matériel noyau est entré dans l'état : en cours d'exécution.

 

Record Number: 5682

Source Name: Service Control Manager

Time Written: 20090416121353.000000+120

Event Type: Informations

User:

 

Computer Name: LHEUREUXPMGHAE

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Détection matériel noyau.

 

Record Number: 5681

Source Name: Service Control Manager

Time Written: 20090416121353.000000+120

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

=====Application event log=====

 

Computer Name: LHEUREUXPMGHAE

Event Code: 301

Message: msnmsgr (1704) \\.\C:\Documents and Settings\Emelyne\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6AF0_4343_F043_152B\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\Emelyne\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6AF0_4343_F043_152B\fsr00774.log.

 

Record Number: 12462

Source Name: ESENT

Time Written: 20090314141510.000000+060

Event Type: Informations

User:

 

Computer Name: LHEUREUXPMGHAE

Event Code: 301

Message: msnmsgr (1704) \\.\C:\Documents and Settings\Emelyne\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6AF0_4343_F043_152B\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\Emelyne\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6AF0_4343_F043_152B\fsr00773.log.

 

Record Number: 12461

Source Name: ESENT

Time Written: 20090314141510.000000+060

Event Type: Informations

User:

 

Computer Name: LHEUREUXPMGHAE

Event Code: 300

Message: msnmsgr (1704) \\.\C:\Documents and Settings\Emelyne\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6AF0_4343_F043_152B\dfsr.db: Le moteur de base de données initialise la procédure de récupération.

 

Record Number: 12460

Source Name: ESENT

Time Written: 20090314141510.000000+060

Event Type: Informations

User:

 

Computer Name: LHEUREUXPMGHAE

Event Code: 102

Message: msnmsgr (1704) \\.\C:\Documents and Settings\Emelyne\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_6AF0_4343_F043_152B\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

 

Record Number: 12459

Source Name: ESENT

Time Written: 20090314141509.000000+060

Event Type: Informations

User:

 

Computer Name: LHEUREUXPMGHAE

Event Code: 100

Message: msnmsgr (1704) Le moteur de base de données 5.01.2600.5512 est démarré.

 

Record Number: 12458

Source Name: ESENT

Time Written: 20090314141509.000000+060

Event Type: Informations

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Sonic\MyDVD;;C:\Program Files\Fichiers communs\GTK\2.0\bin;C:\Program Files\Samsung\Samsung PC Studio 3\

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel

"PROCESSOR_REVISION"=0304

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"VeriSign"=C:\Program Files\VeriSign

"VRSN"=C:\Program Files\VeriSign

"VeriSignTemp"=C:\Program Files\VeriSign\Temp

"VRSNTemp"=C:\Program Files\VeriSign\Temp

"FP_NO_HOST_CHECK"=NO

 

-----------------EOF-----------------