rapport hijackthis-Résolu-

[amen]

slt, voila mon rapport

y a t il kelkun ki peut m aider!

merci

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:16:40, on 01/07/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\AlienGUIse\wbload.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Windows Live\Family Safety\fsssvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Live\Family Safety\fsui.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Registry Easy\RE.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/?fr=fp-yie8

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?&.s...ym&.intl=fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo!

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [EPSON TX106_TX109 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDR.EXE /FU "C:\WINDOWS\TEMP\E_S56.tmp" /EF "HKCU"

O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227457152484

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)

O23 - Service: Service Google Update (gupdate1c991c198633948) (gupdate1c991c198633948) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 12097 bytes

Modifié le 7 juillet 2009 par amen

[Thanos]

Salut et bienvenue sur le forum

 

Quelques liens pour t'aider à commencer :

• Comment participer à un forum
  
• retrouver ses messages et activer la notification par email
  

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement

 

Pour répondre ou ajouter un post, un rapport, etc, utilise le bouton .

(bouton qui se trouve entre "Flash" et "Nouveau")

 

Le bouton ne sert que pour créer le sujet, la première fois uniquement, tu n'en as plus besoin.

 

*******

 

Tu vas utiliser ce programme pour commencer la désinfection >>

 

Un petit scan supplémentaire avec un programme que tu vas pouvoir conserver: si tu le possède déjà, passe l'étape de l'installation et va directement à la mise à jour >>

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen complêt"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

 

Après avoir fais ce scan, lance celui ci (c'est rapide!) >>

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit
  

Modifié le 1 juillet 2009 par Thanos

[amen]

merci!!

voici le rapport de MBAM log:

Malwarebytes' Anti-Malware 1.38

Version de la base de données: 2363

Windows 5.1.2600 Service Pack 2

 

02/07/2009 16:50:44

mbam-log-2009-07-02 (16-50-38).txt

 

Type de recherche: Examen complet (C:\|D:\|G:\|)

Eléments examinés: 153877

Temps écoulé: 49 minute(s), 16 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 6

Valeur(s) du Registre infectée(s): 3

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 2

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Lala (Trojan.Banker) -> No action taken.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> No action taken.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> No action taken.

 

Dossier(s) infecté(s):

C:\resycled (Trojan.DNSChanger) -> No action taken.

C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> No action taken.

 

Fichier(s) infecté(s):

c:\RECYCLER\s-1-5-21-0243636035-3055115376-381863306-1556\Desktop.ini (Backdoor.Bot) -> No action taken.

c:\documents and settings\s.a.r.l. kimedias\local settings\application data\kqscaqs_nav.dat (Adware.NaviPromo) -> No action taken.

[Thanos]

salut,

 

Relis bien ma procédure amen Je te demandais de faire ce réglage avec MBAM >>

Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

La, MBAM a fait son scan, détecté les malwares, mais n'a rien nettoyé! >> "No action taken" (aucune action entreprise).

 

Il faut donc refaire le scan, puis supprimer les éléments détectés.

Poste le nouveau rapport généré stp pour voir si c'est bon.

 

De plus, je te demandais ce scan (très rapide) >>

élécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

 

* Double-clique sur RSIT.exe afin de lancer RSIT.

* Clique Continue à l'écran Disclaimer.

* Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)

ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

* Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

Poste les 3 rapports stp

[amen]

salut!!

ok j ai fait tt ce ke tu mas demandé de faire mai g oublié de poster le rapport de RIT, le voila: et merci beacoup c tres gentil!!

Logfile of random's system information tool 1.06 (written by random/random)

Run by S.A.R.L. KIMEDIAS at 2009-07-02 17:05:35

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 7 GB (23%) free of 31 GB

Total RAM: 1015 MB (28% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:05:48, on 02/07/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Windows Live\Family Safety\fsssvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\AlienGUIse\wbload.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Windows Live\Family Safety\fsui.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\S.A.R.L. KIMEDIAS\Bureau\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Trend Micro\HijackThis\S.A.R.L. KIMEDIAS.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/?fr=fp-yie8

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?&.s...ym&.intl=fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo!

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [EPSON TX106_TX109 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDR.EXE /FU "C:\WINDOWS\TEMP\E_S56.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227457152484

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)

O23 - Service: Service Google Update (gupdate1c991c198633948) (gupdate1c991c198633948) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 11829 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\Maintenance en 1 clic.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]

Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]

Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-03-08 770048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-11 41368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-11 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]

EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-03-08 770048]

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2008-02-28 570664]

"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]

"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]

"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]

"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-11 148888]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]

"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2005-03-14 1057280]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

"EPSON TX106_TX109 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDR.EXE [2008-02-05 188928]

 

C:\Documents and Settings\S.A.R.L. KIMEDIAS\Menu Démarrer\Programmes\Démarrage

Alienware Dock.lnk - C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="wbsys.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]

C:\Program Files\AlienGUIse\fastload.dll [2001-12-21 24576]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

WgaLogon.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

nwprovau

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoBandCustomize"=0

"NoMovingBands"=0

"NoCloseDragDropBands"=0

"NoActiveDesktop"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player"

"E:\STHIW\stInstall.exe"="E:\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java Platform SE binary"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{423914ec-4ad6-11de-84fe-b49b25917e5e}]

shell\AutoRun\command - F:\ozmzwu.exe

shell\explore\command - F:\ozmzwu.exe

shell\open\command - F:\ozmzwu.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c2d8af8-4a2e-11de-84fa-cbf0cd8e0061}]

shell\AutoRun\command - F:\ozmzwu.exe

shell\explore\command - F:\ozmzwu.exe

shell\open\command - F:\ozmzwu.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3b2da7c-1166-11de-842b-00147f1c1b1d}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af8fcb0e-b724-11dd-8289-001d7d7474fb}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

 

 

======List of files/folders created in the last 1 months======

 

2009-07-02 17:05:35 ----D---- C:\rsit

2009-07-02 15:34:06 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\Malwarebytes

2009-07-02 15:34:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-07-02 15:33:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-07-01 02:05:49 ----D---- C:\Program Files\Registry Easy

2009-07-01 01:40:49 ----A---- C:\WINDOWS\system32\TUProgSt.exe

2009-07-01 01:40:48 ----A---- C:\WINDOWS\system32\uxtuneup.dll

2009-07-01 01:40:47 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe

2009-07-01 01:40:46 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\TuneUp Software

2009-07-01 01:40:17 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2009-07-01 01:40:14 ----D---- C:\Program Files\TuneUp Utilities 2009

2009-07-01 01:39:53 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2009-07-01 01:33:20 ----D---- C:\Program Files\Trend Micro

2009-06-26 14:46:26 ----A---- C:\WINDOWS\iun6002.exe

2009-06-26 14:46:18 ----D---- C:\Program Files\Tweak-XP Pro 4

2009-06-26 14:39:07 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\Auslogics

2009-06-26 14:39:01 ----D---- C:\Program Files\Auslogics

2009-06-26 00:35:29 ----D---- C:\Program Files\AskSearch

2009-06-26 00:35:28 ----D---- C:\Program Files\AskBarDis

2009-06-22 11:37:04 ----D---- C:\Documents and Settings\All Users\Application Data\UDL

2009-06-22 11:36:34 ----D---- C:\Program Files\Epson Software

2009-06-22 11:35:41 ----D---- C:\Program Files\ABBYY FineReader 6.0 Sprint

2009-06-22 11:33:52 ----A---- C:\WINDOWS\system32\PICSDK2.dll

2009-06-22 11:33:52 ----A---- C:\WINDOWS\system32\PICSDK.ini

2009-06-22 11:33:52 ----A---- C:\WINDOWS\system32\PICSDK.dll

2009-06-22 11:33:52 ----A---- C:\WINDOWS\system32\PICEntry.dll

2009-06-22 11:33:52 ----A---- C:\WINDOWS\system32\EpPicPrt.dll

2009-06-22 11:33:52 ----A---- C:\WINDOWS\system32\EPPicMgr.dll

2009-06-22 11:33:07 ----A---- C:\WINDOWS\system32\E_DCINST.DLL

2009-06-22 11:33:06 ----A---- C:\WINDOWS\system32\E_FLBEDR.DLL

2009-06-22 11:33:06 ----A---- C:\WINDOWS\system32\E_FD4BEDR.DLL

2009-06-22 11:32:51 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON

2009-06-22 11:32:41 ----A---- C:\WINDOWS\system32\escwiad.dll

2009-06-22 11:32:36 ----D---- C:\Program Files\epson

2009-06-22 11:32:02 ----A---- C:\WINDOWS\CDETX106109ERUkAr.ini

2009-06-21 00:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$

2009-06-21 00:27:10 ----N---- C:\WINDOWS\system32\spmsg.dll

2009-06-21 00:27:08 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$

2009-06-17 14:07:53 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\ENJOY Plus!

2009-06-17 14:07:53 ----D---- C:\Documents and Settings\All Users\Application Data\ENJOY Plus!

2009-06-17 14:07:50 ----D---- C:\Program Files\ENJOY Plus!

2009-06-11 18:04:23 ----A---- C:\WINDOWS\system32\javaws.exe

2009-06-11 18:04:23 ----A---- C:\WINDOWS\system32\javaw.exe

2009-06-11 18:04:23 ----A---- C:\WINDOWS\system32\java.exe

2009-06-09 18:05:32 ----D---- C:\Program Files\Avira

2009-06-09 18:05:32 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-06-06 13:24:00 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll

2009-06-06 13:23:58 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL

2009-06-06 13:23:57 ----D---- C:\Program Files\PDFCreator

2009-06-06 13:23:57 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL

2009-06-06 13:23:57 ----A---- C:\WINDOWS\system32\MSCC2FR.DLL

2009-06-05 23:09:11 ----RA---- C:\WINDOWS\system32\igfxres.dll

2009-06-05 23:05:12 ----D---- C:\WINDOWS\Prefetch

2009-06-05 22:58:27 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2009-06-05 22:48:27 ----A---- C:\WINDOWS\system32\spxcoins.dll

2009-06-05 22:48:27 ----A---- C:\WINDOWS\system32\irclass.dll

2009-06-05 22:48:07 ----RA---- C:\WINDOWS\SET99.tmp

2009-06-05 22:48:05 ----RA---- C:\WINDOWS\SET8D.tmp

2009-06-05 22:48:04 ----RA---- C:\WINDOWS\SET8A.tmp

2009-06-05 18:18:17 ----A---- C:\WINDOWS\system32\setb5.tmp

2009-06-05 18:17:06 ----D---- C:\WINDOWS\RegisteredPackages

2009-06-05 14:27:26 ----D---- C:\Program Files\LimeWire

2009-06-05 13:38:03 ----A---- C:\WINDOWS\wininit.ini

2009-06-05 13:28:38 ----A---- C:\WINDOWS\ModemLog_Câble de communication entre deux ordinateurs.txt

2009-06-05 13:26:58 ----D---- C:\WINDOWS\IIS Temporary Compressed Files

2009-06-05 13:07:54 ----RA---- C:\WINDOWS\SETC3.tmp

2009-06-05 13:07:50 ----RA---- C:\WINDOWS\SETB7.tmp

2009-06-05 13:07:49 ----RA---- C:\WINDOWS\SETB4.tmp

2009-06-05 12:49:59 ----A---- C:\WINDOWS\UPGRADE.TXT

2009-06-05 12:41:41 ----D---- C:\WINDOWS\system32\Cache

2009-06-05 12:41:32 ----A---- C:\WINDOWS\system32\snprfdll.dll

2009-06-05 12:41:32 ----A---- C:\WINDOWS\system32\smtpctrs.ini

2009-06-05 12:41:32 ----A---- C:\WINDOWS\system32\smtpctrs.dll

2009-06-05 12:41:32 ----A---- C:\WINDOWS\system32\regtrace.exe

2009-06-05 12:41:32 ----A---- C:\WINDOWS\system32\ntfsdrct.ini

2009-06-05 12:41:32 ----A---- C:\WINDOWS\system32\fcachdll.dll

2009-06-05 12:41:32 ----A---- C:\WINDOWS\system32\adsiisex.dll

2009-06-05 12:41:07 ----A---- C:\WINDOWS\system32\w3svapi.dll

2009-06-05 12:41:07 ----A---- C:\WINDOWS\system32\w3ctrs.ini

2009-06-05 12:41:07 ----A---- C:\WINDOWS\system32\w3ctrs.dll

2009-06-05 12:41:07 ----A---- C:\WINDOWS\system32\axperf.ini

2009-06-05 12:41:07 ----A---- C:\WINDOWS\system32\aspperf.dll

2009-06-05 12:41:06 ----A---- C:\WINDOWS\system32\wamregps.dll

2009-06-05 12:41:06 ----A---- C:\WINDOWS\system32\iisrstap.dll

2009-06-05 12:41:06 ----A---- C:\WINDOWS\system32\iisreset.exe

2009-06-05 12:41:06 ----A---- C:\WINDOWS\system32\ftpsapi2.dll

2009-06-05 12:41:05 ----A---- C:\WINDOWS\system32\infoctrs.ini

2009-06-05 12:41:05 ----A---- C:\WINDOWS\system32\infoctrs.dll

2009-06-05 12:41:05 ----A---- C:\WINDOWS\system32\inetsloc.dll

2009-06-05 12:41:05 ----A---- C:\WINDOWS\system32\iismui.dll

2009-06-05 12:41:05 ----A---- C:\WINDOWS\system32\convlog.exe

2009-06-05 12:41:05 ----A---- C:\WINDOWS\system32\admxprox.dll

2009-06-05 12:41:01 ----A---- C:\WINDOWS\system32\smtpapi.dll

2009-06-05 12:41:00 ----A---- C:\WINDOWS\system32\rwnh.dll

2009-06-05 12:40:59 ----A---- C:\WINDOWS\system32\infoadmn.dll

2009-06-05 12:40:59 ----A---- C:\WINDOWS\system32\iismap.dll

2009-06-05 12:40:59 ----A---- C:\WINDOWS\system32\iisext.dll

2009-06-05 12:40:59 ----A---- C:\WINDOWS\system32\exstrace.dll

2009-06-05 12:40:59 ----A---- C:\WINDOWS\system32\adsiis.dll

2009-06-05 12:40:59 ----A---- C:\WINDOWS\system32\admwprox.dll

2009-06-05 12:40:58 ----A---- C:\WINDOWS\system32\iisRtl.dll

2009-06-05 12:40:55 ----A---- C:\WINDOWS\system32\staxmem.dll

2009-06-03 02:12:55 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\InstallShield

2009-06-03 01:26:08 ----RA---- C:\WINDOWS\Alcmtr.exe

 

======List of files/folders modified in the last 1 months======

 

2009-07-02 16:58:42 ----D---- C:\WINDOWS\Temp

2009-07-02 16:57:04 ----D---- C:\WINDOWS\system32\inetsrv

2009-07-02 16:53:18 ----D---- C:\WINDOWS\system32\CatRoot2

2009-07-02 16:52:27 ----RD---- C:\Program Files

2009-07-02 16:52:27 ----D---- C:\WINDOWS\system32\drivers

2009-07-02 16:51:44 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-07-02 16:17:19 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\uTorrent

2009-07-02 12:33:52 ----D---- C:\WINDOWS\system32

2009-07-02 00:42:05 ----D---- C:\Program Files\Mozilla Firefox

2009-07-01 22:33:49 ----D---- C:\WINDOWS

2009-07-01 19:55:52 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-07-01 17:48:56 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\LimeWire

2009-07-01 16:14:33 ----D---- C:\WINDOWS\security

2009-07-01 02:57:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-07-01 02:47:37 ----SHD---- C:\System Volume Information

2009-07-01 02:47:37 ----D---- C:\WINDOWS\system32\Restore

2009-07-01 02:42:08 ----SD---- C:\WINDOWS\Tasks

2009-07-01 01:40:51 ----SHD---- C:\WINDOWS\Installer

2009-07-01 01:40:51 ----SHD---- C:\Config.Msi

2009-07-01 01:40:50 ----D---- C:\WINDOWS\system32\config

2009-06-29 01:40:40 ----D---- C:\WINDOWS\Minidump

2009-06-28 14:07:02 ----A---- C:\WINDOWS\NeroDigital.ini

2009-06-26 15:21:43 ----D---- C:\WINDOWS\system32\LogFiles

2009-06-26 14:46:20 ----HD---- C:\WINDOWS\inf

2009-06-26 14:04:36 ----A---- C:\WINDOWS\win.ini

2009-06-26 14:04:08 ----D---- C:\Program Files\Windows Media Player

2009-06-26 14:01:36 ----D---- C:\WINDOWS\WinSxS

2009-06-26 13:58:28 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-06-26 13:58:22 ----D---- C:\WINDOWS\Help

2009-06-26 13:58:21 ----D---- C:\Program Files\Windows Media Connect 2

2009-06-25 21:02:28 ----D---- C:\Program Files\FreeUndelete

2009-06-25 12:55:01 ----D---- C:\Program Files\Google

2009-06-22 11:36:34 ----HD---- C:\Program Files\InstallShield Installation Information

2009-06-22 11:36:15 ----D---- C:\Program Files\Fichiers communs\InstallShield

2009-06-22 11:32:54 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-06-22 11:32:36 ----D---- C:\WINDOWS\twain_32

2009-06-21 02:12:51 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\dvdcss

2009-06-21 01:34:27 ----D---- C:\WINDOWS\AppPatch

2009-06-21 00:29:16 ----D---- C:\WINDOWS\system32\CatRoot

2009-06-16 23:39:40 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\Skype

2009-06-16 22:28:03 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\skypePM

2009-06-11 18:04:04 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-06-11 18:04:00 ----D---- C:\Program Files\Java

2009-06-06 23:13:02 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\vlc

2009-06-06 16:25:10 ----HD---- C:\WINDOWS\$hf_mig$

2009-06-06 12:03:15 ----D---- C:\WINDOWS\SoftwareDistribution

2009-06-06 03:33:45 ----D---- C:\WINDOWS\Debug

2009-06-06 00:45:13 ----D---- C:\WINDOWS\system

2009-06-06 00:45:12 ----D---- C:\WINDOWS\system32\Setup

2009-06-06 00:45:03 ----D---- C:\WINDOWS\system32\usmt

2009-06-06 00:44:53 ----D---- C:\WINDOWS\ime

2009-06-06 00:44:53 ----D---- C:\WINDOWS\ehome

2009-06-06 00:44:51 ----RSD---- C:\WINDOWS\Fonts

2009-06-06 00:44:51 ----D---- C:\WINDOWS\Media

2009-06-06 00:44:40 ----D---- C:\WINDOWS\PeerNet

2009-06-06 00:44:28 ----D---- C:\WINDOWS\system32\npp

2009-06-06 00:44:22 ----D---- C:\WINDOWS\msagent

2009-06-06 00:42:34 ----D---- C:\WINDOWS\system32\1036

2009-06-06 00:42:13 ----D---- C:\WINDOWS\system32\icsxml

2009-06-06 00:41:44 ----D---- C:\WINDOWS\system32\1033

2009-06-06 00:40:49 ----D---- C:\WINDOWS\Driver Cache

2009-06-05 23:09:34 ----D---- C:\WINDOWS\Registration

2009-06-05 22:59:16 ----A---- C:\WINDOWS\ODBCINST.INI

2009-06-05 22:58:53 ----D---- C:\WINDOWS\system32\ias

2009-06-05 22:58:29 ----RD---- C:\WINDOWS\Web

2009-06-05 22:58:23 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest

2009-06-05 22:58:09 ----D---- C:\WINDOWS\system32\oobe

2009-06-05 22:57:06 ----D---- C:\WINDOWS\system32\Com

2009-06-05 22:56:15 ----D---- C:\WINDOWS\system32\wbem

2009-06-05 22:54:34 ----SH---- C:\boot.ini

2009-06-05 22:48:47 ----A---- C:\WINDOWS\system.ini

2009-06-05 22:48:20 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini

2009-06-05 16:22:55 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-06-05 14:21:58 ----SHD---- C:\RECYCLER

2009-06-05 13:18:03 ----D---- C:\Program Files\Outlook Express

2009-06-05 13:18:03 ----D---- C:\Program Files\Fichiers communs\System

2009-06-05 13:17:59 ----D---- C:\Program Files\Internet Explorer

2009-06-05 12:42:05 ----D---- C:\InetPub

2009-06-03 02:13:08 ----D---- C:\Program Files\Realtek

2009-06-03 01:48:14 ----D---- C:\Program Files\iPod

2009-06-03 01:38:56 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\ESTsoft

2009-06-03 01:29:25 ----D---- C:\WINDOWS\system32\RTCOM

2009-06-03 01:26:45 ----D---- C:\WINDOWS\system32\ReinstallBackups

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40320]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]

R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-03 223616]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-04 12032]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]

R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2008-11-21 15781]

R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]

R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-04 63232]

R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-04 55936]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]

R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-03 163584]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-04 5888]

R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-19 12416]

R3 USB_RNDIS;Thomson ST Remote NDIS Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 12672]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

S3 DIGIRPS;Pilote PortServer Digi; C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-08-23 42656]

S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []

S3 msloop;Pilote de carte de bouclage Microsoft; C:\WINDOWS\system32\DRIVERS\loop.sys [2001-10-04 4992]

S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\Ndisprot.sys []

S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]

S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\SARL~1.KIM\LOCALS~1\Temp\mc2A.tmp []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-10 185089]

R2 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

R2 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 15872]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-11 152984]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]

R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 15872]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-07-01 603904]

R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

R2 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 15872]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]

S2 gupdate1c991c198633948;Service Google Update (gupdate1c991c198633948); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-18 133104]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe []

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-07-01 360192]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

 

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-07-02 17:05:50

 

======Uninstall list======

 

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}

AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}

AlienGUIse Theme Manager-->C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise

ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

ENJOY Plus!-->"C:\Program Files\ENJOY Plus!\UnInstall.exe"

Epson Easy Photo Print 2-->C:\Program Files\InstallShield Installation Information\{DEDB47A3-C988-4A43-A645-E2CEA571E680}\SETUP.EXE -runfromtemp -l0x040c UNINST -removeonly

EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r

EPSON Stylus SX100_TX100 Manual-->C:\Program Files\EPSON\TPMANUAL\ESSX100_TX100\ENG\USE_G\DOCUNINS.EXE

EPSON TX106_TX109 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEDR.EXE /R /APD /P:"EPSON TX106_TX109 Series"

EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything

ffdshow [rev 1703] [2007-12-15]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"

Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}

GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772

Java 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

K-Lite Mega Codec Pack 4.7.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

MediaInfo 0.7.7.8-->C:\Program Files\MediaInfo\uninst.exe

Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Nero 8-->MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891036}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

PDFCreator-->C:\Program Files\PDFCreator\unins000.exe

QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1036

REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x040c -removeonly

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

Remote Desktop Web Connection-->rundll32 advpack.dll,LaunchINFSection C:\InetPub\wwwroot\TSWeb\setup.inf,DefaultUninstall,,

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}

Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}

Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"

TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}

Tweak-XP Pro 4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Tweak-XP Pro 4\irunin.ini"

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}

Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}

Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}

Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}

Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

 

======Hosts File======

 

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

 

======Security center information======

 

AV: AntiVir Desktop

 

======System event log======

 

Computer Name: KIMEDIA

Event Code: 59

Message: Generate Activation Context a échoué pour C:\Program Files\Fichiers communs\Nero\AudioPlugins\msa.dll.

Message d'erreur de référence : Opération réussie.

.

 

Record Number: 1087

Source Name: SideBySide

Time Written: 20090614212912.000000+120

Event Type: erreur

User:

 

Computer Name: KIMEDIA

Event Code: 58

Message: Erreur de syntaxe dans le fichier manifeste ou le fichier de stratégie "C:\Program Files\Fichiers communs\Nero\AudioPlugins\msa.dll" à la ligne 9.

 

Record Number: 1086

Source Name: SideBySide

Time Written: 20090614212912.000000+120

Event Type: erreur

User:

 

Computer Name: KIMEDIA

Event Code: 59

Message: Generate Activation Context a échoué pour C:\Program Files\Fichiers communs\Nero\AudioPlugins\MSAxp.dll.

Message d'erreur de référence : Opération réussie.

.

 

Record Number: 1085

Source Name: SideBySide

Time Written: 20090614212708.000000+120

Event Type: erreur

User:

 

Computer Name: KIMEDIA

Event Code: 58

Message: Erreur de syntaxe dans le fichier manifeste ou le fichier de stratégie "C:\Program Files\Fichiers communs\Nero\AudioPlugins\MSAxp.dll" à la ligne 9.

 

Record Number: 1084

Source Name: SideBySide

Time Written: 20090614212708.000000+120

Event Type: erreur

User:

 

Computer Name: KIMEDIA

Event Code: 59

Message: Generate Activation Context a échoué pour C:\Program Files\Fichiers communs\Nero\AudioPlugins\msa.dll.

Message d'erreur de référence : Opération réussie.

.

 

Record Number: 1083

Source Name: SideBySide

Time Written: 20090614212707.000000+120

Event Type: erreur

User:

 

=====Application event log=====

 

Computer Name: KIMEDIA

Event Code: 105

Message: The service was started.

 

Record Number: 5

Source Name: PLFlash DeviceIoControl Service

Time Written: 20090618125132.000000+120

Event Type: Informations

User:

 

Computer Name: KIMEDIA

Event Code: 0

Message:

Record Number: 4

Source Name: Nero BackItUp Scheduler 3

Time Written: 20090618125132.000000+120

Event Type: Informations

User:

 

Computer Name: KIMEDIA

Event Code: 0

Message: Service started

 

Record Number: 3

Source Name: fsssvc

Time Written: 20090618125130.000000+120

Event Type: Informations

User:

 

Computer Name: KIMEDIA

Event Code: 0

Message:

Record Number: 2

Source Name: gupdate1c991c198633948

Time Written: 20090618125130.000000+120

Event Type: Informations

User:

 

Computer Name: KIMEDIA

Event Code: 4096

Message: The AntiVir service has been started successfully!

 

Record Number: 1

Source Name: Avira AntiVir

Time Written: 20090618125129.000000+120

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\ESTsoft\ALZip;C:\Program Files\Fichiers communs\DivX Shared\;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

 

-----------------EOF-----------------

[Thanos]

salut

 

amen, je te demandais de refaire le scan avec MBAM et de "Supprimer la sélection": l'as tu fait ?

 

Désactive le teatimer de Spybot en passant par les options de Spybot: une fois dans le logiciel, il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" . Tu ne dois plus voir l'icône du Teatimer dans la barre de tâches!

Ne fais pas l'impasse sur cette étape, car ca peut faire échouer la procédure de désinfection !

 

1°) Rend toi sur cette page afin de télécharger le fichier fix.reg sur ton Bureau => http://senduit.com/c13b4b

Patiente une seconde: le téléchargement va se lancer automatiquement.

 

Double-clique sur le fichier: au message qui s'affiche, clique sur OK pour faire fusionner le fichier avec le registre.

Elimine le fichier une fois l'opération effectuée.

 

2°) Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

• Lance l'installation du programme en exécutant le fichier téléchargé.
  
• Double-clique maintenant sur le raccourci de Toolbar-S&D.
  
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  
• Poste le rapport généré. (C:\TB.txt)
  
• >>Aide en images<<
  

 

3°) Nettoyage >>

• Relance Toolbar-S&D en double-cliquant sur le raccourci.
  
• Tape sur "2" puis valide en appuyant sur "Entrée".
  
• ! Ne ferme pas la fenêtre lors de la suppression !
  
• Un rapport sera généré, poste son contenu ici.
  
• NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
  Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
  Tape explorer puis valide.
  

 

Poste stp les deux rapports de Toolbar-S&D et refais un scan avec RSIT (poste aussi son rapport).

[amen]

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz )

BIOS : Award Modular BIOS v6.00PG

USER : S.A.R.L. KIMEDIAS ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.30 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:29 Go (Free:6 Go)

D:\ (Local Disk) - NTFS - Total:44 Go (Free:20 Go)

E:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [1] ( 04/07/2009|13:16 )

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\Program Files\AskBarDis

C:\Program Files\AskBarDis\bar

C:\Program Files\AskBarDis\bar\bin

C:\Program Files\AskBarDis\bar\bin\askPopStp.dll

C:\DOCUME~1\SARL~1.KIM\Favoris\Torrent Search Torrent Finder Torrent Search Engine.url

C:\WINDOWS\iun6002.exe

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Search Page"="http://www.google.com"'>http://www.google.com"

"SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"'>http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"

"Default_Page_URL"="http://fr.yahoo.com/?fr=fp-yie8"'>http://fr.yahoo.com/?fr=fp-yie8"

"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"'>http://go.microsoft.com/fwlink/?LinkId=68929"

"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"'>http://go.microsoft.com/fwlink/?LinkId=68928"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://toolbar.ask.com/toolbarv/askRedirect?o=101808&gct=&gc=1&q="'>http://toolbar.ask.com/toolbarv/askRedirect?o=101808&gct=&gc=1&q="

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\SARL~1.KIM\Application Data\uTorrent\2 in 1 pack - Kaspersky Internet Security & AntiVirus Anti-Virus 2009 v8.0.0.357 crack + serial + Keygen.rar.torrent

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 04/07/2009|13:17 - Option : [1]

 

-----------\\ Fin du rapport a 13:17:12,67

Aprés suppression:

 

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2

X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2180 @ 2.00GHz )

BIOS : Award Modular BIOS v6.00PG

USER : S.A.R.L. KIMEDIAS ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.30 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:29 Go (Free:6 Go)

D:\ (Local Disk) - NTFS - Total:44 Go (Free:20 Go)

E:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 04/07/2009|13:19 )

 

-----------\\ SUPPRESSION

 

Supprime! - C:\Program Files\AskBarDis\bar

Supprime! - C:\DOCUME~1\SARL~1.KIM\Favoris\Torrent Search Torrent Finder Torrent Search Engine.url

Supprime! - C:\WINDOWS\iun6002.exe

Supprime! - C:\Program Files\AskBarDis

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Search Page"="http://www.google.com"

"SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"

"Default_Page_URL"="http://fr.yahoo.com/?fr=fp-yie8"

"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"

"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://toolbar.ask.com/toolbarv/askRedirect?o=101808&gct=&gc=1&q="

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\SARL~1.KIM\Application Data\uTorrent\2 in 1 pack - Kaspersky Internet Security & AntiVirus Anti-Virus 2009 v8.0.0.357 crack + serial + Keygen.rar.torrent

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 04/07/2009|13:17 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 04/07/2009|13:20 - Option : [2]

 

-----------\\ Fin du rapport a 13:20:21,17

Rapport RSIT:

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by S.A.R.L. KIMEDIAS at 2009-07-04 13:27:53

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 7 GB (22%) free of 31 GB

Total RAM: 1015 MB (30% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:28:03, on 04/07/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\AlienGUIse\wbload.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Windows Live\Family Safety\fsssvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Windows Live\Family Safety\fsui.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\dwwin.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\S.A.R.L. KIMEDIAS\Bureau\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Trend Micro\HijackThis\S.A.R.L. KIMEDIAS.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/?fr=fp-yie8

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?&.s...ym&.intl=fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo!

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [EPSON TX106_TX109 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDR.EXE /FU "C:\WINDOWS\TEMP\E_S56.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227457152484

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Unknown owner - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (file missing)

O23 - Service: Service Google Update (gupdate1c991c198633948) (gupdate1c991c198633948) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

 

--

End of file - 11698 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\Maintenance en 1 clic.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]

Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]

Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-03-08 770048]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-11 41368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-11 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]

EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2008-02-28 570664]

"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]

"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]

"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]

"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-11 148888]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]

"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2005-03-14 1057280]

"EPSON TX106_TX109 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDR.EXE [2008-02-05 188928]

 

C:\Documents and Settings\S.A.R.L. KIMEDIAS\Menu Démarrer\Programmes\Démarrage

Alienware Dock.lnk - C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="wbsys.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]

C:\Program Files\AlienGUIse\fastload.dll [2001-12-21 24576]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

WgaLogon.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

nwprovau

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoBandCustomize"=0

"NoMovingBands"=0

"NoCloseDragDropBands"=0

"NoActiveDesktop"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player"

"E:\STHIW\stInstall.exe"="E:\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java Platform SE binary"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

 

======List of files/folders created in the last 1 months======

 

2009-07-04 13:16:14 ----A---- C:\TB.txt

2009-07-04 13:14:51 ----D---- C:\ToolBar SD

2009-07-02 17:05:35 ----D---- C:\rsit

2009-07-02 15:34:06 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\Malwarebytes

2009-07-02 15:34:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-07-02 15:33:59 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-07-01 02:05:49 ----D---- C:\Program Files\Registry Easy

2009-07-01 01:40:49 ----A---- C:\WINDOWS\system32\TUProgSt.exe

2009-07-01 01:40:48 ----A---- C:\WINDOWS\system32\uxtuneup.dll

2009-07-01 01:40:47 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe

2009-07-01 01:40:46 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\TuneUp Software

2009-07-01 01:40:17 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2009-07-01 01:40:14 ----D---- C:\Program Files\TuneUp Utilities 2009

2009-07-01 01:39:53 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2009-07-01 01:33:20 ----D---- C:\Program Files\Trend Micro

2009-06-26 14:46:18 ----D---- C:\Program Files\Tweak-XP Pro 4

2009-06-26 14:39:07 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\Auslogics

2009-06-26 14:39:01 ----D---- C:\Program Files\Auslogics

2009-06-26 00:35:29 ----D---- C:\Program Files\AskSearch

2009-06-22 11:37:04 ----D---- C:\Documents and Settings\All Users\Application Data\UDL

2009-06-22 11:36:34 ----D---- C:\Program Files\Epson Software

2009-06-22 11:35:41 ----D---- C:\Program Files\ABBYY FineReader 6.0 Sprint

2009-06-22 11:33:52 ----A---- C:\WINDOWS\system32\PICSDK2.dll

2009-06-22 11:33:52 ----A---- C:\WINDOWS\system32\PICSDK.ini

2009-06-22 11:33:52 ----A---- C:\WINDOWS\system32\PICSDK.dll

2009-06-22 11:33:52 ----A---- C:\WINDOWS\system32\PICEntry.dll

2009-06-22 11:33:52 ----A---- C:\WINDOWS\system32\EpPicPrt.dll

2009-06-22 11:33:52 ----A---- C:\WINDOWS\system32\EPPicMgr.dll

2009-06-22 11:33:07 ----A---- C:\WINDOWS\system32\E_DCINST.DLL

2009-06-22 11:33:06 ----A---- C:\WINDOWS\system32\E_FLBEDR.DLL

2009-06-22 11:33:06 ----A---- C:\WINDOWS\system32\E_FD4BEDR.DLL

2009-06-22 11:32:51 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON

2009-06-22 11:32:41 ----A---- C:\WINDOWS\system32\escwiad.dll

2009-06-22 11:32:36 ----D---- C:\Program Files\epson

2009-06-22 11:32:02 ----A---- C:\WINDOWS\CDETX106109ERUkAr.ini

2009-06-21 00:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$

2009-06-21 00:27:10 ----N---- C:\WINDOWS\system32\spmsg.dll

2009-06-21 00:27:08 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$

2009-06-17 14:07:53 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\ENJOY Plus!

2009-06-17 14:07:53 ----D---- C:\Documents and Settings\All Users\Application Data\ENJOY Plus!

2009-06-17 14:07:50 ----D---- C:\Program Files\ENJOY Plus!

2009-06-11 18:04:23 ----A---- C:\WINDOWS\system32\javaws.exe

2009-06-11 18:04:23 ----A---- C:\WINDOWS\system32\javaw.exe

2009-06-11 18:04:23 ----A---- C:\WINDOWS\system32\java.exe

2009-06-09 18:05:32 ----D---- C:\Program Files\Avira

2009-06-09 18:05:32 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-06-06 13:24:00 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll

2009-06-06 13:23:58 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL

2009-06-06 13:23:57 ----D---- C:\Program Files\PDFCreator

2009-06-06 13:23:57 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL

2009-06-06 13:23:57 ----A---- C:\WINDOWS\system32\MSCC2FR.DLL

2009-06-05 23:09:11 ----RA---- C:\WINDOWS\system32\igfxres.dll

2009-06-05 23:05:12 ----D---- C:\WINDOWS\Prefetch

2009-06-05 22:58:27 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest

2009-06-05 22:48:27 ----A---- C:\WINDOWS\system32\spxcoins.dll

2009-06-05 22:48:27 ----A---- C:\WINDOWS\system32\irclass.dll

2009-06-05 22:48:07 ----RA---- C:\WINDOWS\SET99.tmp

2009-06-05 22:48:05 ----RA---- C:\WINDOWS\SET8D.tmp

2009-06-05 22:48:04 ----RA---- C:\WINDOWS\SET8A.tmp

2009-06-05 18:18:17 ----A---- C:\WINDOWS\system32\setb5.tmp

2009-06-05 18:17:06 ----D---- C:\WINDOWS\RegisteredPackages

2009-06-05 14:27:26 ----D---- C:\Program Files\LimeWire

2009-06-05 13:38:03 ----A---- C:\WINDOWS\wininit.ini

2009-06-05 13:28:38 ----A---- C:\WINDOWS\ModemLog_Câble de communication entre deux ordinateurs.txt

2009-06-05 13:26:58 ----D---- C:\WINDOWS\IIS Temporary Compressed Files

2009-06-05 13:07:54 ----RA---- C:\WINDOWS\SETC3.tmp

2009-06-05 13:07:50 ----RA---- C:\WINDOWS\SETB7.tmp

2009-06-05 13:07:49 ----RA---- C:\WINDOWS\SETB4.tmp

2009-06-05 12:49:59 ----A---- C:\WINDOWS\UPGRADE.TXT

2009-06-05 12:41:41 ----D---- C:\WINDOWS\system32\Cache

2009-06-05 12:41:32 ----A---- C:\WINDOWS\system32\snprfdll.dll

2009-06-05 12:41:32 ----A---- C:\WINDOWS\system32\smtpctrs.ini

2009-06-05 12:41:32 ----A---- C:\WINDOWS\system32\smtpctrs.dll

2009-06-05 12:41:32 ----A---- C:\WINDOWS\system32\regtrace.exe

2009-06-05 12:41:32 ----A---- C:\WINDOWS\system32\ntfsdrct.ini

2009-06-05 12:41:32 ----A---- C:\WINDOWS\system32\fcachdll.dll

2009-06-05 12:41:32 ----A---- C:\WINDOWS\system32\adsiisex.dll

2009-06-05 12:41:07 ----A---- C:\WINDOWS\system32\w3svapi.dll

2009-06-05 12:41:07 ----A---- C:\WINDOWS\system32\w3ctrs.ini

2009-06-05 12:41:07 ----A---- C:\WINDOWS\system32\w3ctrs.dll

2009-06-05 12:41:07 ----A---- C:\WINDOWS\system32\axperf.ini

2009-06-05 12:41:07 ----A---- C:\WINDOWS\system32\aspperf.dll

2009-06-05 12:41:06 ----A---- C:\WINDOWS\system32\wamregps.dll

2009-06-05 12:41:06 ----A---- C:\WINDOWS\system32\iisrstap.dll

2009-06-05 12:41:06 ----A---- C:\WINDOWS\system32\iisreset.exe

2009-06-05 12:41:06 ----A---- C:\WINDOWS\system32\ftpsapi2.dll

2009-06-05 12:41:05 ----A---- C:\WINDOWS\system32\infoctrs.ini

2009-06-05 12:41:05 ----A---- C:\WINDOWS\system32\infoctrs.dll

2009-06-05 12:41:05 ----A---- C:\WINDOWS\system32\inetsloc.dll

2009-06-05 12:41:05 ----A---- C:\WINDOWS\system32\iismui.dll

2009-06-05 12:41:05 ----A---- C:\WINDOWS\system32\convlog.exe

2009-06-05 12:41:05 ----A---- C:\WINDOWS\system32\admxprox.dll

2009-06-05 12:41:01 ----A---- C:\WINDOWS\system32\smtpapi.dll

2009-06-05 12:41:00 ----A---- C:\WINDOWS\system32\rwnh.dll

2009-06-05 12:40:59 ----A---- C:\WINDOWS\system32\infoadmn.dll

2009-06-05 12:40:59 ----A---- C:\WINDOWS\system32\iismap.dll

2009-06-05 12:40:59 ----A---- C:\WINDOWS\system32\iisext.dll

2009-06-05 12:40:59 ----A---- C:\WINDOWS\system32\exstrace.dll

2009-06-05 12:40:59 ----A---- C:\WINDOWS\system32\adsiis.dll

2009-06-05 12:40:59 ----A---- C:\WINDOWS\system32\admwprox.dll

2009-06-05 12:40:58 ----A---- C:\WINDOWS\system32\iisRtl.dll

2009-06-05 12:40:55 ----A---- C:\WINDOWS\system32\staxmem.dll

 

======List of files/folders modified in the last 1 months======

 

2009-07-04 13:19:51 ----RD---- C:\Program Files

2009-07-04 13:19:41 ----D---- C:\WINDOWS

2009-07-04 13:19:17 ----D---- C:\WINDOWS\Temp

2009-07-04 13:04:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-07-04 13:01:05 ----D---- C:\WINDOWS\system32\inetsrv

2009-07-04 12:57:20 ----D---- C:\WINDOWS\system32\CatRoot2

2009-07-04 12:56:44 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-07-03 22:29:50 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\uTorrent

2009-07-02 17:12:14 ----A---- C:\WINDOWS\NeroDigital.ini

2009-07-02 16:52:27 ----D---- C:\WINDOWS\system32\drivers

2009-07-02 12:33:52 ----D---- C:\WINDOWS\system32

2009-07-02 00:42:05 ----D---- C:\Program Files\Mozilla Firefox

2009-07-01 17:48:56 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\LimeWire

2009-07-01 16:14:33 ----D---- C:\WINDOWS\security

2009-07-01 02:57:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-07-01 02:47:37 ----SHD---- C:\System Volume Information

2009-07-01 02:47:37 ----D---- C:\WINDOWS\system32\Restore

2009-07-01 02:42:08 ----SD---- C:\WINDOWS\Tasks

2009-07-01 01:40:51 ----SHD---- C:\WINDOWS\Installer

2009-07-01 01:40:51 ----SHD---- C:\Config.Msi

2009-07-01 01:40:50 ----D---- C:\WINDOWS\system32\config

2009-06-29 01:40:40 ----D---- C:\WINDOWS\Minidump

2009-06-26 15:21:43 ----D---- C:\WINDOWS\system32\LogFiles

2009-06-26 14:46:20 ----HD---- C:\WINDOWS\inf

2009-06-26 14:04:36 ----A---- C:\WINDOWS\win.ini

2009-06-26 14:04:08 ----D---- C:\Program Files\Windows Media Player

2009-06-26 14:01:36 ----D---- C:\WINDOWS\WinSxS

2009-06-26 13:58:28 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-06-26 13:58:22 ----D---- C:\WINDOWS\Help

2009-06-26 13:58:21 ----D---- C:\Program Files\Windows Media Connect 2

2009-06-25 21:02:28 ----D---- C:\Program Files\FreeUndelete

2009-06-25 12:55:01 ----D---- C:\Program Files\Google

2009-06-22 11:36:34 ----HD---- C:\Program Files\InstallShield Installation Information

2009-06-22 11:36:15 ----D---- C:\Program Files\Fichiers communs\InstallShield

2009-06-22 11:32:54 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-06-22 11:32:36 ----D---- C:\WINDOWS\twain_32

2009-06-21 02:12:51 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\dvdcss

2009-06-21 01:34:27 ----D---- C:\WINDOWS\AppPatch

2009-06-21 00:29:16 ----D---- C:\WINDOWS\system32\CatRoot

2009-06-16 23:39:40 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\Skype

2009-06-16 22:28:03 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\skypePM

2009-06-11 18:04:04 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-06-11 18:04:00 ----D---- C:\Program Files\Java

2009-06-06 23:13:02 ----D---- C:\Documents and Settings\S.A.R.L. KIMEDIAS\Application Data\vlc

2009-06-06 16:25:10 ----HD---- C:\WINDOWS\$hf_mig$

2009-06-06 12:03:15 ----D---- C:\WINDOWS\SoftwareDistribution

2009-06-06 03:33:45 ----D---- C:\WINDOWS\Debug

2009-06-06 00:45:13 ----D---- C:\WINDOWS\system

2009-06-06 00:45:12 ----D---- C:\WINDOWS\system32\Setup

2009-06-06 00:45:03 ----D---- C:\WINDOWS\system32\usmt

2009-06-06 00:44:53 ----D---- C:\WINDOWS\ime

2009-06-06 00:44:53 ----D---- C:\WINDOWS\ehome

2009-06-06 00:44:51 ----RSD---- C:\WINDOWS\Fonts

2009-06-06 00:44:51 ----D---- C:\WINDOWS\Media

2009-06-06 00:44:40 ----D---- C:\WINDOWS\PeerNet

2009-06-06 00:44:28 ----D---- C:\WINDOWS\system32\npp

2009-06-06 00:44:22 ----D---- C:\WINDOWS\msagent

2009-06-06 00:42:34 ----D---- C:\WINDOWS\system32\1036

2009-06-06 00:42:13 ----D---- C:\WINDOWS\system32\icsxml

2009-06-06 00:41:44 ----D---- C:\WINDOWS\system32\1033

2009-06-06 00:40:49 ----D---- C:\WINDOWS\Driver Cache

2009-06-05 23:09:34 ----D---- C:\WINDOWS\Registration

2009-06-05 22:59:16 ----A---- C:\WINDOWS\ODBCINST.INI

2009-06-05 22:58:53 ----D---- C:\WINDOWS\system32\ias

2009-06-05 22:58:29 ----RD---- C:\WINDOWS\Web

2009-06-05 22:58:23 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest

2009-06-05 22:58:09 ----D---- C:\WINDOWS\system32\oobe

2009-06-05 22:57:06 ----D---- C:\WINDOWS\system32\Com

2009-06-05 22:56:15 ----D---- C:\WINDOWS\system32\wbem

2009-06-05 22:54:34 ----SH---- C:\boot.ini

2009-06-05 22:48:47 ----A---- C:\WINDOWS\system.ini

2009-06-05 22:48:20 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini

2009-06-05 16:22:55 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-06-05 14:21:58 ----SHD---- C:\RECYCLER

2009-06-05 13:18:03 ----D---- C:\Program Files\Outlook Express

2009-06-05 13:18:03 ----D---- C:\Program Files\Fichiers communs\System

2009-06-05 13:17:59 ----D---- C:\Program Files\Internet Explorer

2009-06-05 12:42:05 ----D---- C:\InetPub

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40320]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]

R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-03 223616]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-04 12032]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]

R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2008-11-21 15781]

R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]

R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-04 63232]

R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-04 55936]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]

R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2004-08-03 163584]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-04 5888]

R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-19 12416]

R3 USB_RNDIS;Thomson ST Remote NDIS Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 12672]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]

S3 DIGIRPS;Pilote PortServer Digi; C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-08-23 42656]

S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []

S3 msloop;Pilote de carte de bouclage Microsoft; C:\WINDOWS\system32\DRIVERS\loop.sys [2001-10-04 4992]

S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\Ndisprot.sys []

S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]

S3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-06-10 185089]

R2 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]

R2 IISADMIN;Administration IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 15872]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-11 152984]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]

R2 NWCWorkstation;Service client pour NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 15872]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-07-01 603904]

R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]

R2 W3SVC;Publication World Wide Web; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-19 15872]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]

S2 gupdate1c991c198633948;Service Google Update (gupdate1c991c198633948); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-18 133104]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe []

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-07-01 360192]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

 

-----------------EOF-----------------

[Thanos]

Salut

 

Ok, le dernier rapport ne montre pas d'infection. Une petite suppression supplémentaire à faire >>

 

Démarre Hijackthis, clique sur "Do a system scan only", et coche les lignes suivantes :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirec...p;gc=1&q=%s

 

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

-Ferme tous les programmes et clique sur "Fix Checked"

 

Désinstalle ToolBar SD

Supprime les dossiers suivants >> C:\Program Files\AskSearch et C:\ToolBar SD

 

amen je t'ai posé une question dans mon précédent message, mais tu n'as pas répondu >>

amen, je te demandais de refaire le scan avec MBAM et de "Supprimer la sélection": l'as tu fait ?

 

Note importante!

 

Une détection faite par Toolbar S&D >>

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\SARL~1.KIM\Application Data\uTorrent\2 in 1 pack - Kaspersky Internet Security & AntiVirus Anti-Virus 2009 v8.0.0.357 crack + serial + Keygen.rar.torrent

Ne jamais utiliser de cracks/keygens/serials etc...

Ce qui suit n'est pas pour faire la morale, mais vise plutôt à te faire prendre conscience des risques liés à l'utilisation des cracks/Keygen/serials et des logiciels P2P!! Pour t'en convaincre, lis ces topics très clairs:

 

*Article de Malekal concernant les cracks => http://forum.malekal.com/viewtopic.php?f=33&t=893

*Article de Ogu sur les fausses idées concernant le peer to peer => (clique sur l'image).

 

Les infections véhiculées pas le peer to peer sont une menace réelle!! par exemple le vers Worm.Win32_Sumom-A qui est un ver de messagerie instantanée et de réseaux peer-to-peer,se met dans le dossier incoming/Shared afin d'être expédié à toutes les personnes qui partagent tes téléchargements...=> http://www.virustraq.com/info_virus/10134/details/

Maintenant que tu sais, c'est à toi de voir... est ce que ca vaut le coup de risquer une grosse infection(et mettre tes données en peril)? La plupart des logiciels payants ont un équivalent en freeware (tu as installé Antivir à la place de Kaspersky par ex!)

[amen]

salut!

merci beacoup,

en fait concernant l'analyse avec MBAM je l'ai refaite!

mais j'ai un petit souci ( c'est un peu bete!!) je n'arrive pas a desinstaller toolbarsd, je ne l ai pas trouver dans ajouter ou supprimer des programmes??!!

[Thanos]

en fait concernant l'analyse avec MBAM je l'ai refaite!

Ok! par contre tu as bien supprimé les éléments trouvés ?

 

Pour ToolBar SD supprime simplement le dossier du même nom dans le répertoire C:\

 

Comment fonctionne le pc ?