Pc qui gèles tout le temps + fenêtre bizarre au démarrage

arriabelle · le 27 juin 2009

Salut tout le monde,

Je ne sais pas de quoi il s'agit, mais mon ordi gèles très souvent et j'ai la fenêtre de ReadReg.exe qui apparais quelques secondes au démarrage de windows. Cependant, je ne vois rien dans le rapport Hijackthis....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:53:02, on 2009-06-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\IDETOOL\IDETOOL.EXE

C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Safari\Safari.exe

C:\Documents and Settings\Claude\Mes documents\wolfounette.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: IDETool.lnk = C:\Program Files\IDETOOL\IDETOOL.EXE

O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

O23 - Service: 90467A66 - Unknown owner - C:\WINDOWS\system32\90467A66.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DE3A4BB5 - Unknown owner - C:\WINDOWS\system32\DE3A4BB5.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LQPDB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Claude\LOCALS~1\Temp\LQPDB.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OOXJGQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Claude\LOCALS~1\Temp\OOXJGQ.exe

O23 - Service: QDAIPWCHCREU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDAIPWCHCREU.exe

--

End of file - 5443 bytes

Thanos · le 27 juin 2009

salut

On va faire un scan stp pour confirmer ou non la présence d'une infection >>

Télécharge Malwarebytes' Anti-Malware (MBAM)

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

Double clique sur le fichier téléchargé pour lancer le processus d'installation.
Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
Sélectionne "Exécuter un examen complêt"
Clique sur "Rechercher"
L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Après ca, lance ce scna rapide >>

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

Poste les 3 rapports stp.

arriabelle · le 27 juin 2009

Log MBAM

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2343

Windows 5.1.2600 Service Pack 2

2009-06-27 17:35:13

mbam-log-2009-06-27 (17-35-13).txt

Type de recherche: Examen complet (C:\|)

Eléments examinés: 138890

Temps écoulé: 42 minute(s), 0 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Claude at 2009-06-27 17:35:24

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 9 GB (31%) free of 30 GB

Total RAM: 511 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:35:30, on 2009-06-27

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Claude\Bureau\RSIT.exe

C:\Program Files\trend micro\Claude.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

O23 - Service: 90467A66 - Unknown owner - C:\WINDOWS\system32\90467A66.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DE3A4BB5 - Unknown owner - C:\WINDOWS\system32\DE3A4BB5.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: LQPDB - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Claude\LOCALS~1\Temp\LQPDB.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OOXJGQ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Claude\LOCALS~1\Temp\OOXJGQ.exe

O23 - Service: QDAIPWCHCREU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDAIPWCHCREU.exe

--

End of file - 5160 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{E92107B0-4FCC-4557-AC7C-B82121FEF231}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-17 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-17 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-10-10 69632]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]

"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]

"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]

"DevconDefaultDB"=C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS []

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2002-01-14 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]

C:\Program Files\BitTorrent\bittorrent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

C:\Program Files\DNA\btdna.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DevconDefaultDB]

C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

C:\Program Files\Ahead\InCD\InCD.exe [2006-07-12 1397760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]

C:\Program Files\Microsoft IntelliType Pro\itype.exe [2007-08-31 988584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]

C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]

C:\Program Files\lg_fwupdate\fwupdate.exe [2008-12-26 548864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]

C:\Program Files\Microsoft LifeCam\LifeExp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]

C:\Program Files\Saitek\Software\Profiler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiSmart]

C:\Program Files\Saitek\Software\SaiSmart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]

C:\WINDOWS\MIDIDef.exe [2002-01-14 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-17 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]

C:\Program Files\SweetIM\Messenger\SweetIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]

C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]

C:\WINDOWS\vVX1000.exe [2007-04-10 709992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]

C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]

C:\PROGRA~1\BRODER~1\PRINTM~1\PMremind.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Claude^Menu Démarrer^Programmes^Démarrage^FMZilla.lnk]

C:\PROGRA~1\FREEMU~1\FMZilla.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Claude^Menu Démarrer^Programmes^Démarrage^Free Music Zilla.lnk]

C:\PROGRA~1\FREEMU~1\FMZilla.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3

"WLSetupSvc"=3

"usnjsvc"=3

"StarWindServiceAE"=2

"ose"=3

"odserv"=3

"NVSvc"=2

"Nero BackItUp Scheduler 4.0"=2

"MSCamSvc"=2

"JavaQuickStarterService"=2

"iPod Service"=3

"InCDsrv"=2

"idsvc"=3

"IDriverT"=3

"FLEXnet Licensing Service"=3

"Bonjour Service"=2

"avast! Web Scanner"=3

"avast! Mail Scanner"=3

"avast! Antivirus"=2

"aswUpdSv"=2

"Apple Mobile Device"=2

"ACDaemon"=2

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-10-18 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"MemCheckBoxInRunDlg"=1

"NoSMBalloonTip"=1

"NoDesktopCleanupWizard"=1

"NoWelcomeScreen"=1

"NoAutoUpdate"=1

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-06-27 16:53:37 ----D---- C:\Program Files\trend micro

2009-06-27 16:53:35 ----D---- C:\rsit

2009-06-27 15:45:03 ----A---- C:\WINDOWS\system32\90467A66.exe

2009-06-24 21:01:36 ----A---- C:\WINDOWS\system32\DE3A4BB5.exe

2009-06-24 19:41:52 ----D---- C:\WINDOWS\ERUNT

2009-06-24 19:38:40 ----D---- C:\SDFix

2009-06-24 07:47:07 ----SHD---- C:\RECYCLER

2009-06-24 07:47:00 ----SD---- C:\ComboFix

2009-06-24 07:46:59 ----A---- C:\WINDOWS\system32\CF25764.exe

2009-06-24 07:32:47 ----A---- C:\WINDOWS\wininit.ini

2009-06-24 06:48:37 ----D---- C:\WINDOWS\temp

2009-06-24 06:48:35 ----A---- C:\ComboFix.txt

2009-06-24 06:08:21 ----SHD---- C:\WINDOWS\CSC

2009-06-24 05:21:28 ----A---- C:\WINDOWS\ntbtlog.txt

2009-06-24 05:19:22 ----A---- C:\Boot.bak

2009-06-24 05:19:17 ----RASHD---- C:\cmdcons

2009-06-24 05:03:30 ----A---- C:\resultat.txt

2009-06-24 04:20:30 ----D---- C:\WINDOWS\system32\NtmsData

2009-06-24 00:53:06 ----A---- C:\WINDOWS\NIRCMD.exe

2009-06-24 00:53:05 ----A---- C:\WINDOWS\zip.exe

2009-06-24 00:53:05 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-06-24 00:53:05 ----A---- C:\WINDOWS\SWSC.exe

2009-06-24 00:53:05 ----A---- C:\WINDOWS\SWREG.exe

2009-06-24 00:53:05 ----A---- C:\WINDOWS\sed.exe

2009-06-24 00:53:05 ----A---- C:\WINDOWS\PEV.exe

2009-06-24 00:53:05 ----A---- C:\WINDOWS\grep.exe

2009-06-24 00:52:04 ----D---- C:\WINDOWS\ERDNT

2009-06-24 00:51:59 ----D---- C:\Qoobox

2009-06-23 22:02:03 ----D---- C:\Program Files\Avira

2009-06-23 22:02:03 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-06-23 20:43:54 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\SFMS32.DLL

2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\sfman32.dll

2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\REGPLIB.EXE

2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\PIAPROXY.DLL

2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\KILLAPPS.EXE

2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\KILL.INI

2009-06-23 13:42:55 ----AC---- C:\WINDOWS\system32\EAXAC3.DLL

2009-06-23 13:42:55 ----AC---- C:\WINDOWS\READREG.EXE

2009-06-23 13:42:55 ----AC---- C:\WINDOWS\PSCONV.EXE

2009-06-23 13:42:55 ----AC---- C:\WINDOWS\MIDIDEF.EXE

2009-06-23 13:42:55 ----AC---- C:\WINDOWS\DEVREG.DLL

2009-06-23 13:42:55 ----AC---- C:\WINDOWS\CTDCRES.DLL

2009-06-23 13:42:55 ----A---- C:\WINDOWS\system32\OpenAL32.dll

2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTSPKHLP.DLL

2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTSBLFX.DLL

2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTOSUSER.DLL

2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTHELPER.EXE

2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTEMUPIA.DLL

2009-06-23 13:42:54 ----AC---- C:\WINDOWS\system32\CTDPROXY.DLL

2009-06-23 13:42:53 ----AC---- C:\WINDOWS\system32\CTDEVCON.DLL

2009-06-23 13:42:53 ----AC---- C:\WINDOWS\system32\CTASIO.DLL

2009-06-23 13:42:53 ----AC---- C:\WINDOWS\system32\CTAGENT.DLL

2009-06-23 13:42:53 ----AC---- C:\WINDOWS\system32\COMMONFX.DLL

2009-06-23 13:42:53 ----AC---- C:\WINDOWS\system32\AC3API.DLL

2009-06-23 12:19:47 ----N---- C:\WINDOWS\system32\pxinsa64.exe

2009-06-23 12:19:47 ----N---- C:\WINDOWS\system32\pxhpinst.exe

2009-06-23 12:19:47 ----N---- C:\WINDOWS\system32\pxcpya64.exe

2009-06-23 12:19:47 ----N---- C:\WINDOWS\system32\pxafs.dll

2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\vxblock.dll

2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\pxwave.dll

2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\pxsfs.dll

2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\pxmas.dll

2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\pxdrv.dll

2009-06-23 12:19:46 ----N---- C:\WINDOWS\system32\px.dll

2009-06-23 12:19:43 ----D---- C:\Program Files\Winamp

2009-06-23 12:19:43 ----D---- C:\Documents and Settings\Claude\Application Data\Winamp

2009-06-23 12:12:55 ----D---- C:\Documents and Settings\Claude\Application Data\Opera

2009-06-23 09:07:18 ----D---- C:\Documents and Settings\Claude\Application Data\AVS4YOU

2009-06-23 09:06:17 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU

2009-06-23 08:46:14 ----D---- C:\Program Files\Safari

2009-06-23 08:45:29 ----D---- C:\Program Files\Bonjour

2009-06-23 08:45:09 ----D---- C:\Program Files\Apple Software Update

2009-06-23 08:44:33 ----D---- C:\Program Files\Opera

2009-06-23 08:43:53 ----A---- C:\WINDOWS\system32\lfpng13n.dll

2009-06-23 08:43:52 ----A---- C:\WINDOWS\system32\lfgif13n.dll

2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\ltkrn13n.dll

2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\ltimg13n.dll

2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\ltfil13n.dll

2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\ltefx13n.dll

2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\ltdis13n.dll

2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\lfcmp13n.dll

2009-06-23 08:43:50 ----A---- C:\WINDOWS\system32\lfbmp13n.dll

2009-06-23 08:38:48 ----D---- C:\Program Files\Fichiers communs\AVSMedia

2009-06-23 08:38:48 ----A---- C:\WINDOWS\system32\msvcr70.dll

2009-06-23 08:38:48 ----A---- C:\WINDOWS\system32\msvcp70.dll

2009-06-23 08:38:48 ----A---- C:\WINDOWS\system32\mfc70.dll

2009-06-23 08:38:48 ----A---- C:\WINDOWS\system32\GdiPlus.dll

2009-06-23 08:38:47 ----D---- C:\Program Files\AVS4YOU

2009-06-22 12:24:49 ----D---- C:\Program Files\Realtek AC97

2009-06-22 09:38:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$

2009-06-21 23:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$

2009-06-21 23:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

2009-06-21 23:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$

2009-06-21 23:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$

2009-06-21 22:59:14 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$

2009-06-21 22:47:17 ----HDC---- C:\WINDOWS\$NtUninstallWIC$

2009-06-21 22:47:11 ----D---- C:\Program Files\MSXML 6.0

2009-06-21 22:46:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

2009-06-21 22:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$

2009-06-21 22:45:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$

2009-06-21 22:45:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$

2009-06-21 22:45:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$

2009-06-21 22:44:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$

2009-06-21 22:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

2009-06-21 22:44:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$

2009-06-21 22:42:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$

2009-06-21 22:42:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$

2009-06-21 22:41:56 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$

2009-06-21 22:41:48 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$

2009-06-21 22:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$

2009-06-21 22:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$

2009-06-21 22:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$

2009-06-21 22:41:09 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$

2009-06-21 22:40:55 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$

2009-06-21 22:40:14 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$

2009-06-21 22:40:06 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$

2009-06-21 22:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$

2009-06-21 22:39:49 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$

2009-06-21 22:39:40 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$

2009-06-21 22:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$

2009-06-21 22:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$

2009-06-21 22:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$

2009-06-21 22:39:05 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$

2009-06-21 22:38:55 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$

2009-06-21 22:38:46 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$

2009-06-21 22:38:37 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$

2009-06-21 22:38:28 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$

2009-06-21 22:38:19 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$

2009-06-21 22:38:10 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$

2009-06-21 22:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$

2009-06-21 22:37:52 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$

2009-06-21 22:37:35 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$

2009-06-21 22:37:26 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$

2009-06-21 22:37:18 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$

2009-06-21 22:37:07 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$

2009-06-21 22:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$

2009-06-21 22:36:50 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$

2009-06-21 22:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$

2009-06-21 22:36:31 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$

2009-06-21 22:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$

2009-06-21 22:36:04 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$

2009-06-21 21:02:47 ----HD---- C:\WINDOWS\msdownld.tmp

2009-06-21 21:02:14 ----D---- C:\WINDOWS\ie8updates

2009-06-21 21:01:47 ----A---- C:\WINDOWS\imsins.BAK

2009-06-21 21:00:53 ----HDC---- C:\WINDOWS\ie8

2009-06-21 09:06:45 ----D---- C:\Program Files\Fichiers communs\Logishrd

2009-06-21 09:05:51 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd

2009-06-21 08:58:08 ----D---- C:\Program Files\CCleaner

2009-06-21 08:44:16 ----D---- C:\Program Files\IDETOOL

2009-06-21 08:25:41 ----D---- C:\Program Files\VIA

2009-06-21 07:50:21 ----D---- C:\Program Files\SystemRequirementsLab

2009-06-21 07:50:09 ----D---- C:\Documents and Settings\Claude\Application Data\SystemRequirementsLab

2009-06-21 07:33:08 ----D---- C:\WINDOWS\Prefetch

2009-06-20 20:38:35 ----D---- C:\Program Files\CyberDBS Key Grabber 4.0

2009-06-20 20:36:59 ----D---- C:\Program Files\CyberDBS Key Grabber 4.1

2009-06-20 01:37:47 ----D---- C:\Program Files\PhotoFiltre Studio

2009-06-20 01:28:39 ----A---- C:\WINDOWS\system32\ChCfg.exe

2009-06-20 01:27:54 ----A---- C:\WINDOWS\system32\RTLCPL.exe

2009-06-20 01:27:52 ----A---- C:\WINDOWS\soundman.exe

2009-06-20 01:27:51 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll

2009-06-20 01:27:50 ----A---- C:\WINDOWS\alcupd.exe

2009-06-20 01:27:50 ----A---- C:\WINDOWS\Alcrmv.exe

2009-06-19 22:54:32 ----D---- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver

2009-06-19 22:54:30 ----D---- C:\Documents and Settings\Claude\Application Data\InstallShield

2009-06-19 22:53:29 ----D---- C:\WINDOWS\Drivers

2009-06-19 22:12:49 ----D---- C:\Program Files\ma-config.com

2009-06-19 22:12:49 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2009-06-19 21:55:18 ----D---- C:\Documents and Settings\Claude\Application Data\Mozilla

2009-06-19 21:54:06 ----D---- C:\Program Files\Mozilla Firefox

2009-06-19 20:55:47 ----D---- C:\Documents and Settings\Claude\Application Data\Malwarebytes

2009-06-19 20:55:41 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-06-19 20:55:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-06-19 19:55:59 ----A---- C:\WINDOWS\RTacDbg.txt

2009-06-19 19:54:54 ----D---- C:\WINDOWS\OPTIONS

2009-06-19 19:54:54 ----D---- C:\Program Files\TRENDnet

======List of files/folders modified in the last 1 months======

2009-06-27 16:58:11 ----D---- C:\WINDOWS\system32\drivers

2009-06-27 16:53:37 ----D---- C:\Program Files

2009-06-27 16:48:19 ----D---- C:\WINDOWS\system32\CatRoot2

2009-06-27 16:47:53 ----D---- C:\WINDOWS

2009-06-27 16:20:23 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-06-27 15:46:25 ----D---- C:\WINDOWS\system32

2009-06-27 14:33:48 ----HD---- C:\WINDOWS\inf

2009-06-24 19:43:04 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-06-24 15:52:34 ----D---- C:\WINDOWS\Microsoft.NET

2009-06-24 14:46:01 ----D---- C:\Documents and Settings\Claude\Application Data\GameHouse

2009-06-24 14:29:37 ----SHD---- C:\WINDOWS\Installer

2009-06-24 14:29:36 ----HD---- C:\Config.Msi

2009-06-24 06:45:37 ----A---- C:\WINDOWS\system.ini

2009-06-24 06:43:05 ----D---- C:\WINDOWS\system32\config

2009-06-24 06:41:04 ----D---- C:\WINDOWS\AppPatch

2009-06-24 06:41:02 ----D---- C:\Program Files\Fichiers communs

2009-06-24 06:08:28 ----D---- C:\Documents and Settings

2009-06-24 05:19:23 ----RASH---- C:\boot.ini

2009-06-23 22:01:31 ----D---- C:\WINDOWS\WinSxS

2009-06-23 20:36:44 ----RD---- C:\WINDOWS\Web

2009-06-23 20:36:40 ----D---- C:\WINDOWS\SHELLNEW

2009-06-23 13:47:07 ----HD---- C:\Program Files\InstallShield Installation Information

2009-06-23 13:43:17 ----D---- C:\WINDOWS\system32\Defaults

2009-06-23 13:42:30 ----D---- C:\WINDOWS\Media

2009-06-23 12:13:06 ----D---- C:\Documents and Settings\Claude\Application Data\Apple Computer

2009-06-23 08:46:14 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

2009-06-23 08:45:20 ----SD---- C:\WINDOWS\Tasks

2009-06-23 08:43:42 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-06-23 08:22:39 ----D---- C:\Downloads

2009-06-23 08:14:37 ----SHD---- C:\System Volume Information

2009-06-23 08:14:37 ----D---- C:\WINDOWS\system32\Restore

2009-06-22 22:30:38 ----D---- C:\WINDOWS\system32\Macromed

2009-06-22 12:24:59 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-06-22 09:39:01 ----D---- C:\WINDOWS\system32\CatRoot

2009-06-22 09:38:29 ----HD---- C:\WINDOWS\$hf_mig$

2009-06-21 23:40:29 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-06-21 23:37:15 ----D---- C:\WINDOWS\system32\wbem

2009-06-21 23:37:15 ----D---- C:\WINDOWS\msagent

2009-06-21 23:19:02 ----RSD---- C:\WINDOWS\assembly

2009-06-21 23:14:59 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2009-06-21 23:09:46 ----RSD---- C:\WINDOWS\Fonts

2009-06-21 23:09:36 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2009-06-21 23:08:43 ----D---- C:\Program Files\Microsoft Works

2009-06-21 23:05:28 ----AC---- C:\WINDOWS\win.ini

2009-06-21 22:59:01 ----D---- C:\WINDOWS\system32\XPSViewer

2009-06-21 22:58:40 ----D---- C:\WINDOWS\system32\mui

2009-06-21 22:52:17 ----D---- C:\WINDOWS\system32\en-us

2009-06-21 22:49:13 ----D---- C:\Program Files\Internet Explorer

2009-06-21 22:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$

2009-06-21 22:44:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2009-06-21 22:44:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2009-06-21 22:44:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2009-06-21 22:43:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2009-06-21 22:43:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2009-06-21 22:43:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2009-06-21 22:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2009-06-21 22:43:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2009-06-21 22:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2009-06-21 22:43:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2009-06-21 22:43:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2009-06-21 22:42:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2009-06-21 22:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2009-06-21 22:42:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2009-06-21 22:42:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2009-06-21 21:06:21 ----D---- C:\WINDOWS\system32\fr-fr

2009-06-21 21:06:20 ----D---- C:\WINDOWS\Help

2009-06-21 20:57:30 ----D---- C:\WINDOWS\Debug

2009-06-21 10:25:26 ----D---- C:\WINDOWS\nview

2009-06-21 08:52:22 ----D---- C:\Program Files\Windows Media Connect 2

2009-06-21 08:52:20 ----D---- C:\Program Files\lg_fwupdate

2009-06-21 08:44:16 ----A---- C:\AUTOEXEC.BAT

2009-06-21 07:56:24 ----D---- C:\WINDOWS\security

2009-06-21 07:32:51 ----D---- C:\WINDOWS\system32\Setup

2009-06-21 07:32:49 ----D---- C:\Program Files\Messenger

2009-06-21 07:20:54 ----D---- C:\WINDOWS\system32\usmt

2009-06-21 07:20:48 ----D---- C:\WINDOWS\system32\oobe

2009-06-21 07:20:47 ----D---- C:\WINDOWS\system32\npp

2009-06-21 07:18:39 ----D---- C:\WINDOWS\system32\Com

2009-06-21 07:16:27 ----D---- C:\WINDOWS\system

2009-06-21 07:16:27 ----D---- C:\WINDOWS\srchasst

2009-06-21 07:16:25 ----D---- C:\WINDOWS\PeerNet

2009-06-21 07:16:18 ----D---- C:\WINDOWS\ime

2009-06-21 07:16:10 ----D---- C:\Program Files\Windows Media Player

2009-06-21 07:16:10 ----D---- C:\Program Files\Outlook Express

2009-06-21 07:16:08 ----D---- C:\Program Files\NetMeeting

2009-06-21 07:15:28 ----D---- C:\Program Files\Fichiers communs\System

2009-06-21 07:15:11 ----D---- C:\WINDOWS\system32\inetsrv

2009-06-21 07:15:11 ----D---- C:\WINDOWS\system32\fr

2009-06-21 07:15:09 ----D---- C:\WINDOWS\system32\bits

2009-06-21 07:15:00 ----D---- C:\WINDOWS\network diagnostic

2009-06-21 07:15:00 ----D---- C:\WINDOWS\l2schemas

2009-06-21 07:15:00 ----D---- C:\WINDOWS\ehome

2009-06-21 07:15:00 ----D---- C:\Program Files\movie maker

2009-06-20 21:14:53 ----SD---- C:\Documents and Settings\Claude\Application Data\Microsoft

2009-06-20 14:54:43 ----D---- C:\Program Files\HP

2009-06-20 14:54:05 ----D---- C:\Program Files\Nestopia RPlus!

2009-06-20 14:52:44 ----D---- C:\Program Files\Windows Live

2009-06-20 14:46:03 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-06-20 09:02:12 ----D---- C:\Documents and Settings\Claude\Application Data\dvdcss

2009-06-20 05:54:13 ----D---- C:\Documents and Settings\All Users\Application Data\HP

2009-06-20 05:42:33 ----D---- C:\Program Files\Fichiers communs\Designer

2009-06-20 05:39:45 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared

2009-06-20 05:39:45 ----D---- C:\Program Files\Fichiers communs\Adobe

2009-06-20 05:37:54 ----D---- C:\Documents and Settings\Claude\Application Data\Adobe

2009-06-20 05:35:40 ----D---- C:\Program Files\Adobe

2009-06-20 05:34:30 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2009-06-19 21:45:45 ----AC---- C:\WINDOWS\NeroDigital.ini

2009-06-19 20:17:50 ----D---- C:\Program Files\Google

2009-06-19 19:58:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2009-06-19 19:57:44 ----D---- C:\WINDOWS\system32\LogFiles

2009-06-19 19:56:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-06-01 09:51:14 ----AC---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2006-01-09 41600]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]

R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-23 28520]

R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-06-19 21035]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2005-07-26 9600]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]

R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-09-26 28816]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2005-07-26 12288]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-01 47360]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2008-06-26 335104]

R3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys []

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]

R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]

S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2005-07-26 14848]

S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []

S2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []

S3 ancnwq9f;ancnwq9f; C:\WINDOWS\system32\drivers\ancnwq9f.sys []

S3 catchme;catchme; \??\C:\DOCUME~1\Claude\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2005-07-26 17024]

S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]

S3 ctljystk;Creative SBLive! Port de jeux; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2005-07-26 3712]

S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]

S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2005-07-26 283904]

S3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2005-07-26 6912]

S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]

S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2005-07-26 27165]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]

S3 mbr;mbr; \??\C:\DOCUME~1\Claude\LOCALS~1\Temp\mbr.sys []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2005-07-26 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2005-07-26 85376]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2005-07-26 10880]

S3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2007-08-31 18856]

S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]

S3 rkhdrv40;Rootkit Unhooker Driver; C:\WINDOWS\system32\drivers\rkhdrv40.sys []

S3 SaiHFF0C;SaiHFF0C; C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys [2004-06-11 56576]

S3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2004-07-06 15616]

S3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiNtBus.sys [2004-07-06 26752]

S3 SaiUFF0C;SaiUFF0C; C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys [2004-06-11 19584]

S3 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []

S3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2005-07-26 36480]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2005-07-26 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2005-07-26 15360]

S3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys []

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2005-07-26 59264]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 VX1000;VX-1000; C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2005-07-26 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-23 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-23 185089]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]

S3 90467A66;90467A66; C:\WINDOWS\system32\90467A66.exe [2009-06-27 6656]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 DE3A4BB5;DE3A4BB5; C:\WINDOWS\system32\DE3A4BB5.exe [2009-06-24 6656]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 LQPDB;LQPDB; C:\DOCUME~1\Claude\LOCALS~1\Temp\LQPDB.exe [2009-06-24 400256]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]

S3 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 OOXJGQ;OOXJGQ; C:\DOCUME~1\Claude\LOCALS~1\Temp\OOXJGQ.exe [2009-06-27 453504]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

S3 QDAIPWCHCREU;QDAIPWCHCREU; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDAIPWCHCREU.exe [2009-06-24 437120]

S3 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe []

S4 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S4 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 871424]

S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-17 152984]

S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []

S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-06-27 17:35:33

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /L:FRN

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x40c /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x40c /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x40c /remove

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x40c

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x40c /remove

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

ConvertXtoDVD 3.3.4.106e-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"

Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

CyberDBS Key Grabber 4.0-->"C:\Program Files\CyberDBS Key Grabber 4.0\unins000.exe"

CyberDBS Key Grabber 4.1-->"C:\Program Files\CyberDBS Key Grabber 4.1\unins000.exe"

DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"

Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}

HijackThis 2.0.2-->"C:\Documents and Settings\Claude\Mes documents\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

K-Lite Mega Codec Pack 4.4.2-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"

Ma-Config.com-->MsiExec.exe /X{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall

Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe

Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}

Nero MediaHome 4-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M06-019C-TTET-880Z-5PUM-6XA2-5MEC-35WM"

Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U

Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}

PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"

PrintMaster ClickArt-->C:\WINDOWS\UNIN040C.EXE -f"C:\PROGRA~1\BRODER~1\CLICKA~1\DeIsL1.isu"

ProtectDisc Driver, Version 11-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v11.exe

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly

REALTEK RTL8187B Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{7095FD27-37F0-4750-9DE8-D37DC0043706}\Install.exe -uninst -l0x40C

Safari-->MsiExec.exe /I{0A9C92A5-D27F-4BD9-9DB9-0EFD8C681E29}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}

Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}

Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}

Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG

Sound Blaster Live!-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x40c

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

The Font Thing-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Fisher\The Font Thing\DeIsL1.isu" -c"C:\Program Files\Fisher\The Font Thing\_ISREG32.DLL"

TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{C43421C0-0DCB-4F26-8A3B-BF16155F9879}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}

Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}

VIA Bus Master Ultra ATA Driver (Remove)-->RunDll32 VIAIDECO.dll,UninstallIDE

VIA Gestionnaire de périphériques de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}

Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: XPSP2-8AA5A695E

Event Code: 26

Message: Application popup : : Machine Check: Regs

Record Number: 154

Source Name: Application Popup

Time Written: 20090620143231.000000-240

Event Type: Informations

User:

Computer Name: XPSP2-8AA5A695E

Event Code: 26

Message: Application popup : : Machine Check:

Record Number: 153

Source Name: Application Popup

Time Written: 20090620143231.000000-240

Event Type: Informations

User:

Computer Name: XPSP2-8AA5A695E

Event Code: 26

Message: Application popup : : Machine Check: Regs

Record Number: 152

Source Name: Application Popup

Time Written: 20090620143231.000000-240

Event Type: Informations

User:

Computer Name: XPSP2-8AA5A695E

Event Code: 26

Message: Application popup : : Machine Check:

Record Number: 151

Source Name: Application Popup

Time Written: 20090620143231.000000-240

Event Type: Informations

User:

Computer Name: XPSP2-8AA5A695E

Event Code: 26

Message: Application popup : : Machine Check: Regs

Record Number: 150

Source Name: Application Popup

Time Written: 20090620143231.000000-240

Event Type: Informations

User:

=====Application event log=====

Computer Name: XPSP2-8AA5A695E

Event Code: 1002

Message: L'environnement s'est arrêté de façon inattendue et Explorer.exe a redémarré.

Record Number: 1462

Source Name: Winlogon

Time Written: 20090116183137.000000-300

Event Type: Informations

User:

Computer Name: XPSP2-8AA5A695E

Event Code: 701

Message: MsnMsgr (2632) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Claude\Local Settings\Application Data\Microsoft\Messenger\hide_1@live.ca\SharingMetadata\Working\database_EE08_95B9_895_816F\dfsr.db'.

Record Number: 1461

Source Name: ESENT

Time Written: 20090116180057.000000-300

Event Type: Informations

User:

Computer Name: XPSP2-8AA5A695E

Event Code: 700

Message: MsnMsgr (2632) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Claude\Local Settings\Application Data\Microsoft\Messenger\hide_1@live.ca\SharingMetadata\Working\database_EE08_95B9_895_816F\dfsr.db'.

Record Number: 1460

Source Name: ESENT

Time Written: 20090116180057.000000-300

Event Type: Informations

User:

Computer Name: XPSP2-8AA5A695E

Event Code: 701

Message: MsnMsgr (2632) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\Claude\Local Settings\Application Data\Microsoft\Messenger\hide_1@live.ca\SharingMetadata\Working\database_EE08_95B9_895_816F\dfsr.db'.

Record Number: 1459

Source Name: ESENT

Time Written: 20090116170057.000000-300

Event Type: Informations

User:

Computer Name: XPSP2-8AA5A695E

Event Code: 700

Message: MsnMsgr (2632) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\Claude\Local Settings\Application Data\Microsoft\Messenger\hide_1@live.ca\SharingMetadata\Working\database_EE08_95B9_895_816F\dfsr.db'.

Record Number: 1458

Source Name: ESENT

Time Written: 20090116170057.000000-300

Event Type: Informations

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 0, AuthenticAMD

"PROCESSOR_REVISION"=0800

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Thanos · le 27 juin 2009

J'aimerai stp que tu fasses analyser un fichier pour lequel je n'ai aucune info >

Rend toi à cette adresse => http://www.virustotal.com/

Tu as une case nommée "Parcourir": tu cliques dessus et une fenêtre s'ouvre=> copie/colle ceci dans le champs à droite de "Nom du Fichier" en bas de page >> C:\WINDOWS\system32\90467A66.exe

Clique maintenant sur "ouvrir" en bas de la fenêtre puis sur "Envoyer le fichier". Le scan de ce fichier va débuter. Tu n'as plus qu'à sélectionner puis copier /coller l'analyse dans ton prochain message.

Note: les fichiers uploadés sont mis en attente, car le virusscan est sollicité! patiente (un message t'indique le temps que ca prendra pour faire analyser)

Note: il arrive parfois que le fichier ait déjà été analysé. Si c'est le cas, clique sur le bouton Reanalyse file now

Fais de même avec ce nom de fichier stp >> C:\WINDOWS\system32\DE3A4BB5.exe

arriabelle · le 28 juin 2009

Fichier 90467A66.exe reçu le 2009.06.28 13:28:45 (UTC)
Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.18 2009.06.28 Trojan-Spy.Agent.NJP!IK

AhnLab-V3 5.0.0.2 2009.06.27 Win-Trojan/Agent.6656.FJ

AntiVir 7.9.0.199 2009.06.26 -

Antiy-AVL 2.0.3.1 2009.06.26 Trojan/Win32.OnLineGames.gen

Authentium 5.1.2.4 2009.06.27 -

Avast 4.8.1335.0 2009.06.28 -

AVG 8.5.0.339 2009.06.27 -

BitDefender 7.2 2009.06.28 -

CAT-QuickHeal 10.00 2009.06.26 Trojan.Agent.IRC

ClamAV 0.94.1 2009.06.28 Trojan.Spy-44942

Comodo 1470 2009.06.28 TrojWare.Win32.Agent.~GAJ

DrWeb 5.0.0.12182 2009.06.28 -

eSafe 7.0.17.0 2009.06.28 -

eTrust-Vet 31.6.6582 2009.06.26 Win32/PcClient.FW

F-Prot 4.4.4.56 2009.06.27 -

F-Secure 8.0.14470.0 2009.06.27 Trojan:W32/Agent.IKS

Fortinet 3.117.0.0 2009.06.28 W32/Agent.1EA9!tr

GData 19 2009.06.28 -

Ikarus T3.1.1.64.0 2009.06.28 Trojan-Spy.Agent.NJP

Jiangmin 11.0.706 2009.06.28 TrojanSpy.Agent.dja

K7AntiVirus 7.10.768 2009.06.19 Trojan-Spy.Win32.Agent.NJP

Kaspersky 7.0.0.125 2009.06.28 -

McAfee 5659 2009.06.27 Generic PWS.y

McAfee+Artemis 5659 2009.06.27 Generic PWS.y

McAfee-GW-Edition 6.7.6 2009.06.27 -

Microsoft 1.4803 2009.06.28 -

NOD32 4194 2009.06.28 -

Norman 6.01.09 2009.06.26 W32/Agent.MJJN

nProtect 2009.1.8.0 2009.06.28 Trojan-Spy/W32.Agent.6656.C

Panda 10.0.0.16 2009.06.28 -

PCTools 4.4.2.0 2009.06.28 -

Rising 21.35.62.00 2009.06.28 -

Sophos 4.43.0 2009.06.28 Mal/Generic-A

Sunbelt 3.2.1858.2 2009.06.27 Bulk Trojan

Symantec 1.4.4.12 2009.06.28 Trojan Horse

TheHacker 6.3.4.3.356 2009.06.27 Trojan/Agent.gen

TrendMicro 8.950.0.1094 2009.06.28 -

VBA32 3.12.10.7 2009.06.28 -

ViRobot 2009.6.27.1808 2009.06.27 -

VirusBuster 4.6.5.0 2009.06.27 -

Information additionnelle

File size: 6656 bytes

MD5...: 2d2cfd52b636a3acdd036b74e55b9a7a

SHA1..: df8b83e169053cf8f806a02ef35b9d19b6cf3ba9

SHA256: 61c4b83ca42cd72e90ac46557547994c1aa4a49412e7b1190c610d1837ef8819

ssdeep: 48:OEPDnVTXagwDAk70wmXAp4byWHgs8SHpG89HWBFdLTmtcQ9wkIZMHBYnO3O7E 1J:nPDnFXApTsL889aFhicCPGO3Og1 

PEiD..: -

TrID..: File type identification -

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1c1d timedatestamp.....: 0x4649d618 (Tue May 15 15:47:36 2007) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 CODE 0x1000 0xc2c 0xe00 5.70 3dd073383b20c611a463431861c16973 DATA 0x2000 0x8 0x200 0.04 532dd4aa9cd9b1a3dad1f0b610d1d6cc BSS 0x3000 0xa22f5 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0xa6000 0x2d8 0x400 3.57 1ca6e665e111aa0d5ca04c130721765d .reloc 0xa7000 0x10c 0x200 3.99 ce7e4bf50b046fae2ca28edba741b101 ( 4 imports ) > kernel32.dll: VirtualProtectEx, Sleep, SetErrorMode, OutputDebugStringW, LocalUnlock, LocalReAlloc, LocalLock, LocalFree, LocalAlloc, HeapFree, HeapAlloc, GetVolumeInformationW, GetProcessHeap, GetCurrentProcess, GetCommandLineW, FindFirstFileExW, FindClose, ExitProcess > ntdll.dll: ZwQueryInformationFile, ZwCreateFile, ZwClose, RtlInitUnicodeString > advapi32.dll: StartServiceCtrlDispatcherW, SetServiceStatus, RegisterServiceCtrlHandlerW > kernel32.dll: FindNextFileW ( 0 exports ) 

PDFiD.: -

RDS...: NSRL Reference Data Set -

ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a''>http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a' target='_blank'>http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a</a>'>http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a</a>

Fichier DE3A4BB5.exe reçu le 2009.06.28 13:32:52 (UTC)
Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.18 2009.06.28 Trojan-Spy.Agent.NJP!IK

AhnLab-V3 5.0.0.2 2009.06.27 Win-Trojan/Agent.6656.FJ

AntiVir 7.9.0.199 2009.06.26 -

Antiy-AVL 2.0.3.1 2009.06.26 Trojan/Win32.OnLineGames.gen

Authentium 5.1.2.4 2009.06.27 -

Avast 4.8.1335.0 2009.06.28 -

AVG 8.5.0.339 2009.06.27 -

BitDefender 7.2 2009.06.28 -

CAT-QuickHeal 10.00 2009.06.26 Trojan.Agent.IRC

ClamAV 0.94.1 2009.06.28 Trojan.Spy-44942

Comodo 1470 2009.06.28 TrojWare.Win32.Agent.~GAJ

DrWeb 5.0.0.12182 2009.06.28 -

eSafe 7.0.17.0 2009.06.28 -

eTrust-Vet 31.6.6582 2009.06.26 Win32/PcClient.FW

F-Prot 4.4.4.56 2009.06.27 -

F-Secure 8.0.14470.0 2009.06.27 Trojan:W32/Agent.IKS

Fortinet 3.117.0.0 2009.06.28 W32/Agent.1EA9!tr

GData 19 2009.06.28 -

Ikarus T3.1.1.64.0 2009.06.28 Trojan-Spy.Agent.NJP

Jiangmin 11.0.706 2009.06.28 TrojanSpy.Agent.dja

K7AntiVirus 7.10.768 2009.06.19 Trojan-Spy.Win32.Agent.NJP

Kaspersky 7.0.0.125 2009.06.28 -

McAfee 5659 2009.06.27 Generic PWS.y

McAfee+Artemis 5659 2009.06.27 Generic PWS.y

McAfee-GW-Edition 6.7.6 2009.06.27 -

Microsoft 1.4803 2009.06.28 -

NOD32 4194 2009.06.28 -

Norman 6.01.09 2009.06.26 W32/Agent.MJJN

nProtect 2009.1.8.0 2009.06.28 Trojan-Spy/W32.Agent.6656.C

Panda 10.0.0.16 2009.06.28 -

PCTools 4.4.2.0 2009.06.28 -

Prevx 3.0 2009.06.28 -

Rising 21.35.62.00 2009.06.28 -

Sophos 4.43.0 2009.06.28 Mal/Generic-A

Sunbelt 3.2.1858.2 2009.06.27 Bulk Trojan

Symantec 1.4.4.12 2009.06.28 Trojan Horse

TheHacker 6.3.4.3.356 2009.06.27 Trojan/Agent.gen

TrendMicro 8.950.0.1094 2009.06.28 -

VBA32 3.12.10.7 2009.06.28 -

ViRobot 2009.6.27.1808 2009.06.27 -

VirusBuster 4.6.5.0 2009.06.27 -

Information additionnelle

File size: 6656 bytes

MD5...: 2d2cfd52b636a3acdd036b74e55b9a7a

SHA1..: df8b83e169053cf8f806a02ef35b9d19b6cf3ba9

SHA256: 61c4b83ca42cd72e90ac46557547994c1aa4a49412e7b1190c610d1837ef8819

ssdeep: 48:OEPDnVTXagwDAk70wmXAp4byWHgs8SHpG89HWBFdLTmtcQ9wkIZMHBYnO3O7E 1J:nPDnFXApTsL889aFhicCPGO3Og1 

PEiD..: -

TrID..: File type identification Win32 Executable Generic (38.4%) Win32 Dynamic Link Library (generic) (34.1%) Win16/32 Executable Delphi generic (9.3%) Generic Win/DOS Executable (9.0%) DOS Executable Generic (9.0%)

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1c1d timedatestamp.....: 0x4649d618 (Tue May 15 15:47:36 2007) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 CODE 0x1000 0xc2c 0xe00 5.70 3dd073383b20c611a463431861c16973 DATA 0x2000 0x8 0x200 0.04 532dd4aa9cd9b1a3dad1f0b610d1d6cc BSS 0x3000 0xa22f5 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .idata 0xa6000 0x2d8 0x400 3.57 1ca6e665e111aa0d5ca04c130721765d .reloc 0xa7000 0x10c 0x200 3.99 ce7e4bf50b046fae2ca28edba741b101 ( 4 imports ) > kernel32.dll: VirtualProtectEx, Sleep, SetErrorMode, OutputDebugStringW, LocalUnlock, LocalReAlloc, LocalLock, LocalFree, LocalAlloc, HeapFree, HeapAlloc, GetVolumeInformationW, GetProcessHeap, GetCurrentProcess, GetCommandLineW, FindFirstFileExW, FindClose, ExitProcess > ntdll.dll: ZwQueryInformationFile, ZwCreateFile, ZwClose, RtlInitUnicodeString > advapi32.dll: StartServiceCtrlDispatcherW, SetServiceStatus, RegisterServiceCtrlHandlerW > kernel32.dll: FindNextFileW ( 0 exports ) 

PDFiD.: -

RDS...: NSRL Reference Data Set -

ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a' target='_blank'>http://www.threatexpert.com/report.aspx?md5=2d2cfd52b636a3acdd036b74e55b9a7a</a>

Thanos · le 28 juin 2009

Ok les deux drivers sont infectieux: on va s'en débarrasser et faire du ménage comme ceci >>

Télécharge OTM par OldTimer et enregistre ce fichier sur le Bureau.

Fais un double clic sur OTM.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).

Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

:first

:processes
explorer.exe
90467A66.exe
DE3A4BB5.exe

:services
90467A66
DE3A4BB5
LQPDB
OOXJGQ
QDAIPWCHCREU
SjyPkt
ancnwq9f
mbr
rkhdrv40
SBRE
catchme

:files
C:\WINDOWS\system32\90467A66.exe
C:\WINDOWS\system32\DE3A4BB5.exe
C:\DOCUME~1\Claude\LOCALS~1\Temp\LQPDB.exe
C:\DOCUME~1\Claude\LOCALS~1\Temp\OOXJGQ.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDAIPWCHCREU.exe
C:\WINDOWS\System32\Drivers\SjyPkt.sys
C:\WINDOWS\system32\drivers\ancnwq9f.sys
C:\DOCUME~1\Claude\LOCALS~1\Temp\mbr.sys
C:\WINDOWS\system32\drivers\rkhdrv40.sys
C:\WINDOWS\system32\drivers\SBREdrv.sys
C:\DOCUME~1\Claude\LOCALS~1\Temp\catchme.sys
C:\WINDOWS\NIRCMD.exe
C:\WINDOWS\zip.exe
C:\WINDOWS\SWXCACLS.exe
C:\WINDOWS\SWSC.exe
C:\WINDOWS\SWREG.exe
C:\WINDOWS\sed.exe
C:\WINDOWS\PEV.exe
C:\WINDOWS\grep.exe
C:\SDFix
C:\ComboFix
C:\Qoobox
C:\WINDOWS\system32\CF25764.exe

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

:commands
[emptytemp]
[start explorer]

Retourne dans la fenêtre de OTMoveIt3, fais un clic droit dans la zone de gauche intitulée puis choisis Coller.
Clique sur le bouton rouge
Ferme OTM
Poste dans ta prochaine réponse le rapport de OTM (contenu du fichier C:\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

Modifié le 28 juin 2009 par Thanos

arriabelle · le 28 juin 2009

Voila le log après redémarrage:

All processes killed
Error: Unable to interpret <:first> in the current context!

========== PROCESSES ==========

No active process named explorer.exe was found!

No active process named 90467A66.exe was found!

No active process named DE3A4BB5.exe was found!

========== SERVICES/DRIVERS ==========

Service\Driver 90467A66 deleted successfully.

Service\Driver DE3A4BB5 deleted successfully.

Service\Driver LQPDB deleted successfully.

Service\Driver OOXJGQ deleted successfully.

Service\Driver QDAIPWCHCREU deleted successfully.

Service\Driver SjyPkt stopped successfully.

Service\Driver SjyPkt deleted successfully.

Service\Driver ancnwq9f not found.

Service\Driver ancnwq9f not found.

Service\Driver ancnwq9f not found.

Service\Driver mbr deleted successfully.

Service\Driver ancnwq9f not found.

Service\Driver rkhdrv40 deleted successfully.

Service\Driver ancnwq9f not found.

Service\Driver SBRE deleted successfully.

Service\Driver ancnwq9f not found.

Service\Driver catchme deleted successfully.

========== FILES ==========

C:\WINDOWS\system32\90467A66.exe moved successfully.

C:\WINDOWS\system32\DE3A4BB5.exe moved successfully.

C:\DOCUME~1\Claude\LOCALS~1\Temp\LQPDB.exe moved successfully.

C:\DOCUME~1\Claude\LOCALS~1\Temp\OOXJGQ.exe moved successfully.

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\QDAIPWCHCREU.exe moved successfully.

C:\WINDOWS\System32\Drivers\SjyPkt.sys moved successfully.

File/Folder C:\WINDOWS\system32\drivers\ancnwq9f.sys not found.

File/Folder C:\DOCUME~1\Claude\LOCALS~1\Temp\mbr.sys not found.

File/Folder C:\WINDOWS\system32\drivers\rkhdrv40.sys not found.

File/Folder C:\WINDOWS\system32\drivers\SBREdrv.sys not found.

File/Folder C:\DOCUME~1\Claude\LOCALS~1\Temp\catchme.sys not found.

C:\WINDOWS\NIRCMD.exe moved successfully.

C:\WINDOWS\zip.exe moved successfully.

C:\WINDOWS\SWXCACLS.exe moved successfully.

C:\WINDOWS\SWSC.exe moved successfully.

C:\WINDOWS\SWREG.exe moved successfully.

C:\WINDOWS\sed.exe moved successfully.

C:\WINDOWS\PEV.exe moved successfully.

C:\WINDOWS\grep.exe moved successfully.

C:\SDFix\backups moved successfully.

C:\SDFix\apps\Replace\xp moved successfully.

C:\SDFix\apps\Replace\w2k moved successfully.

C:\SDFix\apps\Replace moved successfully.

C:\SDFix\apps moved successfully.

C:\SDFix moved successfully.

C:\ComboFix\N_ moved successfully.

C:\ComboFix moved successfully.

C:\Qoobox\TestC moved successfully.

C:\Qoobox\Test moved successfully.

C:\Qoobox\Quarantine\Registry_backups moved successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers moved successfully.

C:\Qoobox\Quarantine\C\WINDOWS\system32 moved successfully.

C:\Qoobox\Quarantine\C\WINDOWS moved successfully.

C:\Qoobox\Quarantine\C\Documents and Settings\Claude\Application Data moved successfully.

C:\Qoobox\Quarantine\C\Documents and Settings\Claude moved successfully.

C:\Qoobox\Quarantine\C\Documents and Settings moved successfully.

C:\Qoobox\Quarantine\C moved successfully.

C:\Qoobox\Quarantine moved successfully.

C:\Qoobox\LastRun moved successfully.

C:\Qoobox\BackEnv moved successfully.

C:\Qoobox moved successfully.

C:\WINDOWS\system32\CF25764.exe moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur

->Temp folder emptied: 53248 bytes

->Temporary Internet Files folder emptied: 1471609 bytes

->FireFox cache emptied: 11746568 bytes

User: All Users

User: Claude

->Temp folder emptied: 621277 bytes

->Temporary Internet Files folder emptied: 18401763 bytes

->Java cache emptied: 1057655 bytes

->FireFox cache emptied: 41442501 bytes

->Apple Safari cache emptied: 37632096 bytes

->Opera cache emptied: 3890748 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

C:\WINDOWS\7104189AC5924A56AC9E7C0CA135DA3C.TMP folder deleted successfully.

C:\WINDOWS\msdownld.tmp folder deleted successfully.

%systemroot% .tmp files removed: 2289230 bytes

%systemroot%\System32 .tmp files removed: 3072 bytes

Windows Temp folder emptied: 255 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 113,15 mb

OTM by OldTimer - Version 3.0.0.2 log created on 06282009_170522

Files moved on Reboot...

Registry entries deleted on Reboot...

Thanos · le 28 juin 2009

ok c'est bon: à présent refais un scan avec RSIT et poste le contenu du rapport qui s'affiche: log.txt

Connexion

Pas encore inscrit ?

Pc qui gèles tout le temps + fenêtre bizarre au démarrage

Messages recommandés

arriabelle

Thanos

arriabelle

Thanos

arriabelle

Thanos

arriabelle

Thanos

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer