[Résolu] Infections multiples

[Le sioux]

Bonjour Pat

 

Bien joué, on avance.

 

* Pour le mode sans échec:

 

Télécharge System Repair Engineer - SREng de Smallfrogs sur ton Bureau.

• Extrais tout son contenu sur ton Bureau(Clic droit sur le fichier .zip >> "Extraire tout...")
  
• Double-clique sur SREngPS.exe afin de lancer l'outil
  
• Clique sur le bouton [systeme Repair] puis sur l'onglet Advanced Repair
  
• Clique à présent sur [Repair Safemode]
  
• Laisse travailler l'outil puis quand terminé, ferme le.
  
• On testera le mode sans échec par la suite, voir s'il est bien "réparé"
  

* Pour les mises à jour d'Antivir

Elles doivent être bloquées par le malware, une fois celui-ci détruit, cela devrait aller, en attendant, tu peux les faire en manuelle, elles sont téléchargeables ici , regarde comment faire la .

 

* On continu le nettoyage :

(J'ai hésité à virer protect.dll de peur que ce soit en rapport avec un de tes jeux, mais apparamment, c'est ce qui doit relancer l'infection, on shooter cela )

• Double clique sur OTM.exe sur ton Bureau afin de lancer l'outil.
  
• Copie la liste qui se trouve en citation ci-dessous :
  

:services

vkvuwdwzoswrfl

a5nltbem

 

:files

C:\WINDOWS\system32\drivers\a5nltbem.sys

C:\WINDOWS\system32\drivers\zbtxkizipt.sys

C:\DOCUME~1\LOCALS~1\protect.dll

C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@0

C:\windows\system32\paduzebe.dll

 

:reg

[HKEY-USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"autochk"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"=""

 

:commands

[emptytemp]

[reboot]

• et colle-la dans le cadre de gauche de OTM : "Paste instructions for item to be moved".
  
• Clique sur le bouton MoveIt!
  
• Attends la fin du travail de l'outil puis ferme OTM.
  

Note: Un redémarrage du PC pourra être nécessaire, clique sur Oui/Yes quand cela te sera demandé.

 

--> Poste en réponse :

 

* Le rapport de OTM (contenu du fichier Lecteur\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure) [Lecteur représente la partition depuis laquelle OTM a été lancé, généralement C:]

 

* Un nouveau rapport RSIT.

 

@ suivre.

Modifié le 19 septembre 2009 par Le sioux

[PatOtj]

--> SRENG excécuté mais pas testé

--> Antivir mis à jour ; la date est bonne mais l'alerte de sécurité Windows me signale toujours un soucis au niveau des mises à jour ainsi que du pare-feu (pour info je suis derrière un routeur et c'est ce dernier qui sert de 1er rempart contre l'extérieur par contre je ne sais pas ce qu'il en est vis à vis des autres users de mon réseau (un pc sous win98se, un autre sous XP, un autre sous UBUNTU) ?

--> pour les fichiers éventuellement liés aux jeux, pas de soucis, je ne joue plus à la plupart et éventuellement je réinstallerais au besoin => précise juste les risques que je m'en rappelle par la suite si je constate une anomalie

--> et voici les logs demandés :

 

All processes killed

========== SERVICES/DRIVERS ==========

 

Service\Driver vkvuwdwzoswrfl deleted successfully.

Service\Driver a5nltbem not found.

Service\Driver a5nltbem not found.

========== FILES ==========

File/Folder C:\WINDOWS\system32\drivers\a5nltbem.sys not found.

File/Folder C:\WINDOWS\system32\drivers\zbtxkizipt.sys not found.

File/Folder C:\DOCUME~1\LOCALS~1\protect.dll not found.

File/Folder C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@0 not found.

File/Folder C:\windows\system32\paduzebe.dll not found.

========== REGISTRY ==========

Registry key HKEY-USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Babel

->Temp folder emptied: 1078953 bytes

File delete failed. C:\Documents and Settings\Babel\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 6875036 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 52269857 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

File delete failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be deleted on reboot.

%systemroot% .tmp files removed: 24 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 699087 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 58,16 mb

 

 

OTM by OldTimer - Version 3.0.0.6 log created on 09192009_104116

 

Files moved on Reboot...

File move failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

--> et le second :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Babel at 2009-09-19 10:58:08

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 45 GB (29%) free of 156 GB

Total RAM: 2046 MB (76% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:58:11, on 19/09/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\notepad.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe

C:\Documents and Settings\Babel\Bureau\RSIT.exe

D:\Download\HiJackThis\Babel.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@0 (User 'Default user')

O4 - .DEFAULT Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')

O4 - .DEFAULT Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe (User 'Default user')

O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://www.mediapluspro.com/mediaplus66/do...geinstaller.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe

O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 7596 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]

"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-20 520024]

"QuickTime Task"=C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe [2009-01-05 413696]

"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog []

 

C:\Documents and Settings\Babel\Menu Démarrer\Programmes\Démarrage

OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

PrintKey 2000 Fr.lnk - C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=scecli

wenunuve.dll

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"

"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe"="C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire Demo"

"C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"

"C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe:*:Enabled:FileZilla Server Interface"

"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"

"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"

"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"

"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"

"C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Documents and Settings\Babel\Local Settings\Temp\Blizzard Launcher Temporary - bbbb3828\Launcher.exe"="C:\Documents and Settings\Babel\Local Settings\Temp\Blizzard Launcher Temporary - bbbb3828\Launcher.exe:*:Enabled:Blizzard Launcher"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

"C:\Program Files\GUILD WARS\Gw.exe"="C:\Program Files\GUILD WARS\Gw.exe:*:Enabled:Gw"

"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"

"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{067fa21a-147e-11de-b63b-001d9204db8e}]

shell\AutoRun\command - G:\start.exe

shell\FramaKey\command - G:\start.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{576c6175-6f5e-11dd-b53c-001d9204db8e}]

shell\AutoRun\command - L:\umenu.exe

 

 

======List of files/folders created in the last 1 months======

 

2009-09-18 20:13:37 ----D---- C:\_OTM

2009-09-18 15:43:37 ----D---- C:\rsit

2009-09-12 14:55:08 ----A---- C:\WINDOWS\system32\vuins32.dll

2009-09-12 14:17:30 ----D---- C:\Program Files\NVIDIA Corporation

2009-09-12 14:17:25 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

2009-09-12 14:06:59 ----A---- C:\WINDOWS\system32\vusetup.dll

2009-09-12 13:57:53 ----D---- C:\Program Files\ma-config.com

2009-09-12 13:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2009-09-10 07:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$

2009-09-10 07:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

2009-09-07 06:43:17 ----D---- C:\spoolerlogs

2009-09-06 20:59:54 ----D---- C:\Program Files\Avira

2009-09-06 20:59:54 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-09-06 20:42:01 ----D---- C:\Documents and Settings\Babel\Application Data\Malwarebytes

2009-09-06 20:41:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-09-06 20:41:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmn6.dll

2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmi6.dll

2009-08-30 08:21:20 ----D---- C:\Program Files\Softland

2009-08-28 04:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$

 

======List of files/folders modified in the last 1 months======

 

2009-09-19 10:43:49 ----D---- C:\Program Files\Mozilla Firefox

2009-09-19 10:43:23 ----D---- C:\WINDOWS\Temp

2009-09-19 10:43:13 ----D---- C:\WINDOWS\system32\CatRoot2

2009-09-19 10:41:35 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-09-19 10:41:18 ----D---- C:\WINDOWS\Prefetch

2009-09-19 10:33:55 ----D---- C:\WINDOWS\repair

2009-09-19 10:31:50 ----HD---- C:\WINDOWS\inf

2009-09-19 10:31:50 ----D---- C:\WINDOWS\system32\drivers

2009-09-19 10:31:50 ----D---- C:\WINDOWS\system32

2009-09-19 10:31:50 ----D---- C:\WINDOWS

2009-09-18 20:21:57 ----ASH---- C:\boot.ini

2009-09-18 20:21:57 ----A---- C:\WINDOWS\win.ini

2009-09-18 20:21:57 ----A---- C:\WINDOWS\system.ini

2009-09-18 20:21:56 ----D---- C:\WINDOWS\pss

2009-09-18 20:14:09 ----RD---- C:\Program Files

2009-09-17 18:57:28 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-09-17 06:50:42 ----SHD---- C:\RECYCLER

2009-09-17 06:43:21 ----A---- C:\WINDOWS\ntbtlog.txt

2009-09-13 23:28:51 ----D---- C:\Documents and Settings\Babel\Application Data\Skype

2009-09-12 15:56:23 ----SHD---- C:\WINDOWS\Installer

2009-09-12 15:30:02 ----D---- C:\WINDOWS\system32\CatRoot

2009-09-12 14:55:08 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-09-12 14:19:17 ----A---- C:\WINDOWS\system32\svchost.exe

2009-09-12 14:18:45 ----D---- C:\WINDOWS\Help

2009-09-12 14:18:13 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

2009-09-12 14:18:01 ----D---- C:\Program Files\AGEIA Technologies

2009-09-12 14:16:38 ----D---- C:\NVIDIA

2009-09-10 19:41:42 ----D---- C:\Program Files\Microsoft Silverlight

2009-09-10 07:33:45 ----A---- C:\WINDOWS\imsins.BAK

2009-09-10 07:33:42 ----HD---- C:\WINDOWS\$hf_mig$

2009-09-10 07:33:27 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2009-09-07 21:01:47 ----D---- C:\WINDOWS\WinSxS

2009-09-05 16:58:20 ----D---- C:\Warhammer Online - Age of Reckoning

2009-09-01 19:57:48 ----D---- C:\WINDOWS\Microsoft.NET

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2008-10-26 2915944]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-18 279712]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-16 25888]

R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]

R3 fet5x86v;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-16 46592]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856]

R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]

R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]

S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803]

S3 az7qxoov;az7qxoov; C:\WINDOWS\system32\drivers\az7qxoov.sys []

S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]

S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]

S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]

S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]

S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder Audio Edition\SysInfo.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2009-04-12 27136]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]

S3 RT73;Topcom Skyr@cer USB 4001g Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296]

R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-01 66872]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336]

S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2008-10-26 304528]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-20 1029456]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-01 234864]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[Le sioux]

Re

 

Le rapport RSIT parait correct, quand est il du fonctionnement du PC (mis à part Mode sans échec que nous essaierons plus tard et mises à jour d'Antivir qui bloquent) ?

 

* Désinstalle Ad aware , il ne sert à rien, MalwareByte's Antimalware est bien plus efficace.

 

* Tu as "chopé" cette infection car la console Java n'était pas à jour, de plus, il subsiste des failles de sécurité dues aux anciennes versions non désinstallées :

 

=> Il faut mettre à jour la console Java

 

Rends toi sur http://www.java.com/fr/download/manual.jsp et télécharge la dernière version de la console Java ou ici http://www.filehippo.com/download_java_run...d_java_runtime/

Installe la, puis désinstalle les anciennes versions (la console Java) afin d’éliminer les failles de sécurité présentes dans celles-ci et de libérer, par la même occasion de l'espace disque.

via Démarrer / Paramètres / Panneau de configuration / et dans Ajout/suppression de programmes navigue jusqu'aux anciennes versions de la console Java qui s'y trouvent, puis Supprimer, suis les invites de commandes dans la boîte de dialogue qui va s'ouvrir afin de mener la désinstallation à son terme.

Fais cela pour chacune d'elles, une à une, fais redémarrer ton PC quand cela te sera demandé .

Retourne ensuite chez Java ci-dessus et clique sur le bouton "Vérifier l'installation" pour t'assurer que tout est en ordre.

 

* On peut optimiser ton démarrage en évitant que les programmes qui s'y lancent inutilement, accaparent des ressources du système. Cela désactive du démarrage des programmes qui ne sont pas primordiaux. Un programme utilise des ressources quand il est en cours d'exécution. Trop de programmes qui tournent utilisent beaucoup de ressources qui peuvent conduire au ralentissement de l'ordinateur.

 

=> Télécharge et installe CCleaner

http://www.ccleaner.com/download/builds.aspx

• Choisis de préférence la version SLIM-No Toolbar.
  
• Installe-le en prenant soin de décocher les diverses options dont la barre Yahoo et la mise à jour.
  
• Lance CCleaner puis Clique sur Outils / Démarrage
  
• Clique un à un sur les programmes correspondant à ces lignes O4 d'HijackThis
  

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@0 (User 'Default user')

O4 - .DEFAULT Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe (User 'Default user') => ®PrintKey 2000

O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe

et pour chacune d'elles, clique sur "Désactiver".

 

Ferme CCleaner une fois cela fait et redémarre ton PC.

 

@ suivre.

[PatOtj]

--> Fonctionnement du PC : j'ai toujours l'ouverture de Firefox sur une fenêtre de pub intempestive au démarrage de firefox mais plus celles qui s'ouvraient par la suite !

 

--> AD aware désinstallé

 

--> Console Java à jour et 1 ancienne version désinstallée

 

--> désactivation via CCleaner OK

[Le sioux]

Re

 

--> Fonctionnement du PC : j'ai toujours l'ouverture de Firefox sur une fenêtre de pub intempestive au démarrage de firefox mais plus celles qui s'ouvraient par la suite !

Tu veux dire par la que ta page d'accueil n'est pas celle souhaitée ?

 

Auquel cas, lance FireFox et dans Outils / Options / Onglet Général à Page d'accueil remplace par http://fr.start3.mozilla.com/firefox?clien...lla:fr:official ou http://google.fr/ puis clique sur OK pour valider.

Relance FireFox et dis moi ce que cela donne.

 

@ suivre.

[PatOtj]

Ma page d'accueil est bien www.google.be, mais la 1ère fois que j'ouvre firefox après un redémarrage du PC, il m'ouvre 2 sessions : la 1ère avec la page d'accueil et la seconde avec une page non désirée (exemple : )

[Le sioux]

Bonsoir PatOtj

 

Je ne vois pas trop à quoi cela est du...

 

* Télécharge LOP S&D d'Eric71 sur ton Bureau.

• Double-clique dessus pour lancer l'installation.
  
• Puis double-clique sur le raccourci LOP S&D présent sur ton Bureau.
  
• Sélectionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
  
• Patiente jusqu'à la fin du scan.
  

--> Poste le rapport généré (situé aussi ici C:\ lopR.txt )

 

* Peux tu poster un nouveau rapport RSIT mais cette fois , à l'écran Disclaimer , change 1 month par 3 months

 

@ suivre.

[PatOtj]

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU E4500 @ 2.20GHz )

BIOS : Default System BIOS

USER : Babel ( Administrator )

BOOT : Normal boot

Antivirus : AntiVir Desktop 9.0.1.32 (Activated)

C:\ (Local Disk) - NTFS - Total:152 Go (Free:56 Go)

D:\ (Local Disk) - NTFS - Total:145 Go (Free:33 Go)

E:\ (CD or DVD)

F:\ (CD or DVD)

 

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 20/09/2009|11:07 )

 

--------------------\\ Listing des dossiers dans APPLIC~1

 

[18/02/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe

[18/03/2008|21:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3

[18/04/2009|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple

[18/04/2009|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer

[06/09/2009|20:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira

[30/01/2009|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard

[18/08/2009|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canneverbe Limited

[17/02/2009|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite

[23/11/2008|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fallout3

[27/06/2009|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames

[26/06/2009|22:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations

[29/05/2008|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

[12/09/2009|14:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com

[06/09/2009|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes

[12/04/2009|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft

[10/09/2009|07:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help

[12/04/2009|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound

[12/09/2009|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA Corporation

[25/06/2009|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite

[30/06/2009|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst

[29/08/2008|11:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

[25/07/2009|15:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft

[17/01/2008|01:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia

[24/07/2008|11:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[17/02/2008|17:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[27/06/2009|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

 

[13/08/2009|14:38] C:\DOCUME~1\Babel\APPLIC~1\.#

[18/02/2008|19:16] C:\DOCUME~1\Babel\APPLIC~1\Adobe

[16/07/2009|12:42] C:\DOCUME~1\Babel\APPLIC~1\ArcSoft

[01/05/2008|23:19] C:\DOCUME~1\Babel\APPLIC~1\Bioshock

[11/04/2009|10:06] C:\DOCUME~1\Babel\APPLIC~1\Broad Intelligence

[22/08/2008|11:02] C:\DOCUME~1\Babel\APPLIC~1\Canneverbe_Limited

[17/02/2009|22:56] C:\DOCUME~1\Babel\APPLIC~1\DAEMON Tools

[29/06/2009|18:31] C:\DOCUME~1\Babel\APPLIC~1\DAEMON Tools Lite

[17/02/2009|23:00] C:\DOCUME~1\Babel\APPLIC~1\DAEMON Tools Pro

[22/08/2008|11:02] C:\DOCUME~1\Babel\APPLIC~1\DeepBurner

[29/03/2009|15:14] C:\DOCUME~1\Babel\APPLIC~1\dvdcss

[10/06/2008|18:12] C:\DOCUME~1\Babel\APPLIC~1\GARMIN

[24/12/2008|17:24] C:\DOCUME~1\Babel\APPLIC~1\gtk-2.0

[17/01/2008|20:59] C:\DOCUME~1\Babel\APPLIC~1\Help

[30/06/2009|17:30] C:\DOCUME~1\Babel\APPLIC~1\Identities

[02/07/2008|15:54] C:\DOCUME~1\Babel\APPLIC~1\InstallShield

[19/01/2008|12:03] C:\DOCUME~1\Babel\APPLIC~1\Macromedia

[06/09/2009|20:42] C:\DOCUME~1\Babel\APPLIC~1\Malwarebytes

[04/08/2009|23:05] C:\DOCUME~1\Babel\APPLIC~1\Media Player Classic

[20/12/2008|15:51] C:\DOCUME~1\Babel\APPLIC~1\Microsoft

[19/06/2008|18:28] C:\DOCUME~1\Babel\APPLIC~1\Mozilla

[17/01/2008|01:14] C:\DOCUME~1\Babel\APPLIC~1\My Games

[13/04/2009|08:21] C:\DOCUME~1\Babel\APPLIC~1\NCH Swift Sound

[25/06/2009|18:18] C:\DOCUME~1\Babel\APPLIC~1\Nokia

[13/03/2008|21:23] C:\DOCUME~1\Babel\APPLIC~1\PC Suite

[30/06/2009|17:30] C:\DOCUME~1\Babel\APPLIC~1\PlayFirst

[12/04/2009|18:36] C:\DOCUME~1\Babel\APPLIC~1\Recordpad

[22/04/2008|23:40] C:\DOCUME~1\Babel\APPLIC~1\SecuROM

[13/09/2009|23:28] C:\DOCUME~1\Babel\APPLIC~1\Skype

[29/08/2008|16:05] C:\DOCUME~1\Babel\APPLIC~1\skypePM

[31/05/2008|11:00] C:\DOCUME~1\Babel\APPLIC~1\Sun

[31/10/2008|19:31] C:\DOCUME~1\Babel\APPLIC~1\SystemRequirementsLab

[17/01/2008|00:33] C:\DOCUME~1\Babel\APPLIC~1\Talkback

[11/05/2008|10:55] C:\DOCUME~1\Babel\APPLIC~1\teamspeak2

[28/05/2008|00:10] C:\DOCUME~1\Babel\APPLIC~1\TigerPlayer

[14/03/2008|21:07] C:\DOCUME~1\Babel\APPLIC~1\vlc

[24/12/2008|17:02] C:\DOCUME~1\Babel\APPLIC~1\XnView

[26/10/2008|13:49] C:\DOCUME~1\Babel\APPLIC~1\XRay Engine

[30/06/2009|17:30] C:\DOCUME~1\Babel\APPLIC~1\Zylom

 

[16/01/2008|23:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

 

[06/09/2009|21:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe

[16/01/2008|23:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[30/08/2009|08:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\Softland

 

[16/01/2008|23:56] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

 

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

 

[19/09/2009 21:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[07/09/2009 08:30][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[20/09/2009 10:40][--ah-----] C:\WINDOWS\tasks\SA.DAT

[30/08/2002 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

 

--------------------\\ Listing des dossiers dans C:\Program Files

 

[25/07/2008|01:47] C:\Program Files\Adobe

[12/09/2009|14:18] C:\Program Files\AGEIA Technologies

[17/01/2008|00:51] C:\Program Files\Alwil Software

[11/08/2009|19:51] C:\Program Files\American Conquest

[11/08/2009|19:52] C:\Program Files\American Conquest - Fight Back

[18/04/2009|07:56] C:\Program Files\Apple Software Update

[16/07/2009|12:33] C:\Program Files\ArcSoft

[22/08/2008|11:02] C:\Program Files\Astonsoft

[06/09/2009|20:59] C:\Program Files\Avira

[23/11/2008|19:24] C:\Program Files\Bethesda Softworks

[19/09/2009|13:22] C:\Program Files\CCleaner

[18/08/2009|21:13] C:\Program Files\CDBurnerXP

[25/04/2009|12:47] C:\Program Files\CDex_150

[16/01/2008|23:53] C:\Program Files\ComPlus Applications

[29/06/2009|18:29] C:\Program Files\DAEMON Tools Lite

[26/10/2008|13:50] C:\Program Files\Deep Silver

[16/07/2009|19:04] C:\Program Files\DIFX

[23/02/2009|13:29] C:\Program Files\Editions ENI

[17/02/2009|23:10] C:\Program Files\EGOSOFT

[01/04/2008|11:57] C:\Program Files\Electronic Arts

[19/09/2009|13:11] C:\Program Files\Fichiers communs

[03/06/2008|17:12] C:\Program Files\FileZilla Server

[02/07/2008|15:32] C:\Program Files\Firaxis Games

[10/06/2008|18:12] C:\Program Files\Garmin GPS Plugin

[01/03/2008|12:47] C:\Program Files\GUILD WARS

[19/09/2009|13:19] C:\Program Files\InstallShield Installation Information

[10/08/2009|07:29] C:\Program Files\Internet Explorer

[19/09/2009|13:06] C:\Program Files\Java

[04/08/2009|23:05] C:\Program Files\K-Lite Codec Pack

[13/02/2009|19:38] C:\Program Files\Kluwer

[17/01/2008|00:48] C:\Program Files\Lavalys

[19/09/2009|13:15] C:\Program Files\Lavasoft

[12/07/2008|17:09] C:\Program Files\Lexmark 1200 Series

[12/09/2009|14:44] C:\Program Files\ma-config.com

[19/09/2009|00:00] C:\Program Files\Malwarebytes' Anti-Malware

[16/07/2009|19:04] C:\Program Files\Mars

[25/08/2008|10:04] C:\Program Files\Mass Effect

[04/09/2008|23:10] C:\Program Files\Messenger

[12/04/2009|18:30] C:\Program Files\Microsoft

[08/05/2008|18:33] C:\Program Files\Microsoft Baseline Security Analyzer 2

[16/01/2008|23:57] C:\Program Files\microsoft frontpage

[23/03/2008|20:04] C:\Program Files\Microsoft Games

[17/01/2008|00:27] C:\Program Files\Microsoft IntelliPoint

[20/12/2008|12:44] C:\Program Files\Microsoft Office

[10/09/2009|19:41] C:\Program Files\Microsoft Silverlight

[12/04/2009|18:31] C:\Program Files\Microsoft SQL Server Compact Edition

[20/12/2008|12:44] C:\Program Files\Microsoft Visual Studio

[20/12/2008|12:39] C:\Program Files\Microsoft Visual Studio 8

[20/12/2008|12:44] C:\Program Files\Microsoft Works

[20/12/2008|12:43] C:\Program Files\Microsoft.NET

[04/09/2008|23:08] C:\Program Files\Movie Maker

[20/09/2009|10:50] C:\Program Files\Mozilla Firefox

[28/05/2008|00:10] C:\Program Files\MpcStar

[23/11/2008|19:22] C:\Program Files\MSBuild

[17/01/2008|20:00] C:\Program Files\MSI

[16/01/2008|23:52] C:\Program Files\MSN

[16/01/2008|23:53] C:\Program Files\MSN Gaming Zone

[17/03/2008|01:27] C:\Program Files\MSXML 4.0

[17/01/2008|00:27] C:\Program Files\MSXML 6.0

[13/04/2009|08:20] C:\Program Files\NCH Software

[13/04/2009|08:21] C:\Program Files\NCH Swift Sound

[04/09/2008|23:06] C:\Program Files\NetMeeting

[17/01/2008|00:21] C:\Program Files\NFO viewer

[26/06/2009|22:23] C:\Program Files\Nokia

[12/09/2009|14:17] C:\Program Files\NVIDIA Corporation

[16/01/2008|23:53] C:\Program Files\Online Services

[13/08/2009|14:10] C:\Program Files\Outlook Express

[12/04/2008|10:15] C:\Program Files\Packard Bell Data Secure

[25/06/2009|18:12] C:\Program Files\PC Connectivity Solution

[14/03/2008|20:47] C:\Program Files\PowerISO

[17/01/2008|20:56] C:\Program Files\PowerQuest

[10/11/2008|13:31] C:\Program Files\PrintKey 2000 Fr

[17/01/2008|01:02] C:\Program Files\Realtek

[23/11/2008|19:20] C:\Program Files\Reference Assemblies

[04/04/2008|13:44] C:\Program Files\Seagate

[16/01/2008|23:55] C:\Program Files\Services en ligne

[17/01/2008|20:02] C:\Program Files\Setup Files

[22/08/2008|10:59] C:\Program Files\Sierra

[17/08/2008|21:28] C:\Program Files\Sierra On-Line

[29/08/2008|11:04] C:\Program Files\Skype

[25/07/2009|15:50] C:\Program Files\SlySoft

[30/08/2009|08:21] C:\Program Files\Softland

[31/05/2008|11:00] C:\Program Files\Sun

[03/04/2008|11:12] C:\Program Files\SWAT 4

[31/10/2008|19:31] C:\Program Files\SystemRequirementsLab

[17/01/2008|01:07] C:\Program Files\Take Two

[11/05/2008|10:55] C:\Program Files\Teamspeak2_RC2

[04/08/2009|23:13] C:\Program Files\The KMPlayer FR

[30/03/2008|21:38] C:\Program Files\THQ

[11/08/2009|19:57] C:\Program Files\TomTom HOME

[19/09/2009|10:36] C:\Program Files\TOPCOM

[22/05/2008|20:38] C:\Program Files\TSO

[25/12/2008|13:12] C:\Program Files\Ubisoft

[17/01/2008|00:01] C:\Program Files\Uninstall Information

[17/01/2008|00:38] C:\Program Files\VIA

[14/03/2008|21:06] C:\Program Files\VideoLAN

[23/06/2009|18:56] C:\Program Files\Winamp

[12/04/2009|18:31] C:\Program Files\Windows Live

[12/04/2009|18:30] C:\Program Files\Windows Live SkyDrive

[24/07/2008|10:57] C:\Program Files\Windows Media Connect 2

[04/09/2008|23:06] C:\Program Files\Windows Media Player

[04/09/2008|23:06] C:\Program Files\Windows NT

[13/01/2009|01:02] C:\Program Files\WindowsUpdate

[22/08/2008|11:06] C:\Program Files\winLAME

[17/01/2008|00:40] C:\Program Files\Winrar

[25/03/2009|21:21] C:\Program Files\X Plugin Manager

[16/01/2008|23:57] C:\Program Files\xerox

[14/12/2008|21:06] C:\Program Files\XnView

[02/01/2009|14:18] C:\Program Files\Zeb-Utility

 

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

 

[18/02/2008|19:15] C:\Program Files\Fichiers communs\Adobe

[01/09/2008|22:51] C:\Program Files\Fichiers communs\BioWare

[02/07/2008|12:28] C:\Program Files\Fichiers communs\Blizzard Entertainment

[20/12/2008|13:05] C:\Program Files\Fichiers communs\DESIGNER

[23/02/2009|13:29] C:\Program Files\Fichiers communs\Editions ENI

[16/07/2009|12:33] C:\Program Files\Fichiers communs\InstallShield

[06/03/2009|20:52] C:\Program Files\Fichiers communs\Microsoft Shared

[16/01/2008|23:54] C:\Program Files\Fichiers communs\MSSoap

[17/01/2008|06:25] C:\Program Files\Fichiers communs\ODBC

[16/01/2008|23:54] C:\Program Files\Fichiers communs\Services

[29/08/2008|11:04] C:\Program Files\Fichiers communs\Skype

[17/01/2008|06:25] C:\Program Files\Fichiers communs\SpeechEngines

[13/08/2009|14:35] C:\Program Files\Fichiers communs\SWF Studio

[20/12/2008|12:43] C:\Program Files\Fichiers communs\System

[12/04/2009|18:22] C:\Program Files\Fichiers communs\Windows Live

[17/02/2008|18:00] C:\Program Files\Fichiers communs\WindowsLiveInstaller

[12/09/2009|14:18] C:\Program Files\Fichiers communs\Wise Installation Wizard

[13/02/2009|19:39] C:\Program Files\Fichiers communs\WKB shared

 

--------------------\\ Process

 

( 43 Processes )

 

... OK !

 

--------------------\\ Recherche avec S_Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Recherche de Fichiers / Dossiers Lop

 

Aucun fichier / dossier Lop trouvé !

 

--------------------\\ Verification du Registre

 

..... OK !

 

--------------------\\ Verification du fichier Hosts

 

Fichier Hosts PROPRE

 

 

--------------------\\ Recherche de fichiers avec Catchme

 

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-20 11:08:12

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden files ...

scan completed successfully

hidden processes: 0

hidden files: 0

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

[F:37][D:2]-> C:\DOCUME~1\Babel\LOCALS~1\Temp

[F:3][D:0]-> C:\DOCUME~1\Babel\Cookies

[F:67][D:4]-> C:\DOCUME~1\Babel\LOCALS~1\TEMPOR~1\content.IE5

 

1 - "C:\Lop SD\LopR_1.txt" - 20/09/2009|11:09 - Option : [1]

 

--------------------\\ Fin du rapport a 11:09:16

 

 

--> et la suite :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Babel at 2009-09-20 11:12:20

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 58 GB (37%) free of 156 GB

Total RAM: 2046 MB (74% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:12:23, on 20/09/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Babel\Bureau\RSIT.exe

D:\Download\HiJackThis\Babel.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@0 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')

O4 - .DEFAULT Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')

O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [java_sun] Java (Sun)

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://www.mediapluspro.com/mediaplus66/do...geinstaller.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe

O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 7146 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497bb-d6f0-462c-b6eb-d4daf1d92d43}]

SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-09-19 321312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-19 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-19 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]

"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-19 149280]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher]

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr]

C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools lite]

C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nokia.pcsync]

C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon]

C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter]

C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task]

C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe -atboottime []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rthdcpl]

C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^printkey 2000 fr.lnk]

C:\PROGRA~1\PRINTK~1\PRINTK~1.EXE [2001-06-17 869888]

 

C:\Documents and Settings\Babel\Menu Démarrer\Programmes\Démarrage

OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=scecli

wenunuve.dll

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"

"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe"="C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire Demo"

"C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"

"C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe:*:Enabled:FileZilla Server Interface"

"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"

"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"

"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"

"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"

"C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Documents and Settings\Babel\Local Settings\Temp\Blizzard Launcher Temporary - bbbb3828\Launcher.exe"="C:\Documents and Settings\Babel\Local Settings\Temp\Blizzard Launcher Temporary - bbbb3828\Launcher.exe:*:Enabled:Blizzard Launcher"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

"C:\Program Files\GUILD WARS\Gw.exe"="C:\Program Files\GUILD WARS\Gw.exe:*:Enabled:Gw"

"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"

"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{067fa21a-147e-11de-b63b-001d9204db8e}]

shell\AutoRun\command - G:\start.exe

shell\FramaKey\command - G:\start.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{576c6175-6f5e-11dd-b53c-001d9204db8e}]

shell\AutoRun\command - L:\umenu.exe

 

 

======List of files/folders created in the last 3 months======

 

2009-09-20 11:07:28 ----A---- C:\lopR.txt

2009-09-20 11:06:42 ----D---- C:\Lop SD

2009-09-19 22:33:12 ----SHD---- C:\Config.Msi

2009-09-19 13:22:50 ----D---- C:\Program Files\CCleaner

2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaws.exe

2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaw.exe

2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\java.exe

2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-09-18 20:13:37 ----D---- C:\_OTM

2009-09-18 15:43:37 ----D---- C:\rsit

2009-09-12 14:55:08 ----A---- C:\WINDOWS\system32\vuins32.dll

2009-09-12 14:17:30 ----D---- C:\Program Files\NVIDIA Corporation

2009-09-12 14:17:25 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

2009-09-12 14:06:59 ----A---- C:\WINDOWS\system32\vusetup.dll

2009-09-12 13:57:53 ----D---- C:\Program Files\ma-config.com

2009-09-12 13:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2009-09-10 07:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$

2009-09-10 07:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

2009-09-07 06:43:17 ----D---- C:\spoolerlogs

2009-09-06 20:59:54 ----D---- C:\Program Files\Avira

2009-09-06 20:59:54 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-09-06 20:42:01 ----D---- C:\Documents and Settings\Babel\Application Data\Malwarebytes

2009-09-06 20:41:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-09-06 20:41:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmn6.dll

2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmi6.dll

2009-08-30 08:21:20 ----D---- C:\Program Files\Softland

2009-08-28 04:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$

2009-08-18 21:13:28 ----D---- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

2009-08-17 03:04:24 ----A---- C:\WINDOWS\system32\nvcpluir.dll

2009-08-17 03:04:24 ----A---- C:\WINDOWS\system32\nvcplui.exe

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrszht.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrszhc.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrstr.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsth.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrssv.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrssl.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrssk.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsru.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsptb.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrspt.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrspl.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsno.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsnl.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsko.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsja.dll

2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrsit.dll

2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrshu.dll

2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrshe.dll

2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrsfr.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsfi.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsesm.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrses.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrseng.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsel.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsde.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsda.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrscs.dll

2009-08-17 03:04:08 ----A---- C:\WINDOWS\system32\nvwddi.dll

2009-08-17 03:04:08 ----A---- C:\WINDOWS\system32\nvrsar.dll

2009-08-17 03:03:50 ----A---- C:\WINDOWS\system32\nvwssr.dll

2009-08-17 03:03:44 ----A---- C:\WINDOWS\system32\nvwss.dll

2009-08-17 03:03:40 ----A---- C:\WINDOWS\system32\nvvitvsr.dll

2009-08-17 03:03:38 ----A---- C:\WINDOWS\system32\nvvitvs.dll

2009-08-17 03:03:32 ----A---- C:\WINDOWS\system32\nvmoblsr.dll

2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmobls.dll

2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmccssr.dll

2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmccss.dll

2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvgamesr.dll

2009-08-17 03:03:22 ----A---- C:\WINDOWS\system32\nvgames.dll

2009-08-17 03:03:18 ----A---- C:\WINDOWS\system32\nvdispsr.dll

2009-08-17 03:03:02 ----A---- C:\WINDOWS\system32\nvdisps.dll

2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe

2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvmctray.dll

2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvcpl.dll

2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvcolor.exe

2009-08-17 03:02:52 ----A---- C:\WINDOWS\system32\nvmccs.dll

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuvenc.dll

2009-08-14 13:36:18 ----A---- C:\WINDOWS\system32\PhysXLoader.dll

2009-08-13 14:35:34 ----D---- C:\Warhammer Online - Age of Reckoning

2009-08-13 14:35:17 ----D---- C:\Program Files\Fichiers communs\SWF Studio

2009-08-13 14:35:16 ----SHD---- C:\Documents and Settings\Babel\Application Data\.#

2009-08-13 14:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

2009-08-13 14:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$

2009-08-13 14:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$

2009-08-13 14:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$

2009-08-13 14:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

2009-08-13 14:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

2009-08-13 14:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$

2009-08-13 14:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$

2009-08-13 14:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

2009-08-11 20:00:32 ----D---- C:\WINDOWS\system32\appmgmt

2009-08-11 19:31:47 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$

2009-08-10 07:30:36 ----D---- C:\WINDOWS\SxsCaPendDel

2009-08-04 23:13:46 ----D---- C:\Program Files\The KMPlayer FR

2009-08-04 23:05:16 ----D---- C:\Documents and Settings\Babel\Application Data\Media Player Classic

2009-08-04 23:04:30 ----A---- C:\WINDOWS\system32\unrar.dll

2009-08-04 23:04:30 ----A---- C:\WINDOWS\avisplitter.ini

2009-08-04 23:04:29 ----A---- C:\WINDOWS\system32\yv12vfw.dll

2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\xvidvfw.dll

2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\xvidcore.dll

2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\qt-dx331.dll

2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\dpl100.dll

2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\divx.dll

2009-08-04 23:04:27 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest

2009-08-04 23:04:27 ----A---- C:\WINDOWS\system32\ff_vfw.dll

2009-08-04 23:04:25 ----D---- C:\Program Files\K-Lite Codec Pack

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\PhysXDevice.dll

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\PhysXCplUI.exe

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\PhysXCompatCplUI.exe

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelSwedish.dll

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelSpanish.dll

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelPortugese.dll

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelKorean.dll

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelJapanese.dll

2009-08-03 00:21:52 ----A---- C:\WINDOWS\system32\AgCPanelGerman.dll

2009-08-03 00:21:52 ----A---- C:\WINDOWS\system32\AgCPanelFrench.dll

2009-07-25 15:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft

2009-07-25 15:50:32 ----SH---- C:\WINDOWS\S96DCFBA0.tmp

2009-07-25 15:50:20 ----D---- C:\Program Files\SlySoft

2009-07-16 22:58:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$

2009-07-16 22:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$

2009-07-16 22:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

2009-07-16 19:04:33 ----D---- C:\Program Files\Mars

2009-07-16 12:41:46 ----D---- C:\Documents and Settings\Babel\Application Data\ArcSoft

2009-07-16 12:39:12 ----A---- C:\WINDOWS\system32\vfwwdm32.dll

2009-07-16 12:35:40 ----D---- C:\WINDOWS\Setup533

2009-07-16 12:35:40 ----A---- C:\WINDOWS\system32\SP5X_32.DLL

2009-07-16 12:35:40 ----A---- C:\WINDOWS\ShowBmp.exe

2009-07-16 12:35:40 ----A---- C:\WINDOWS\Remove.ini

2009-07-16 12:35:40 ----A---- C:\WINDOWS\CA533A.INI

2009-07-16 12:35:40 ----A---- C:\WINDOWS\amcap533.exe

2009-07-16 12:33:33 ----A---- C:\WINDOWS\PCDLIB32.DLL

2009-07-16 12:33:31 ----D---- C:\Program Files\ArcSoft

2009-06-30 17:30:31 ----D---- C:\Documents and Settings\Babel\Application Data\PlayFirst

2009-06-30 17:30:31 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst

2009-06-28 09:00:18 ----D---- C:\Program Files\DAEMON Tools Lite

2009-06-27 10:18:58 ----D---- C:\Documents and Settings\All Users\Application Data\FreshGames

2009-06-27 10:18:54 ----D---- C:\Documents and Settings\Babel\Application Data\Zylom

2009-06-27 10:00:12 ----D---- C:\Documents and Settings\All Users\Application Data\Zylom

2009-06-25 18:16:41 ----HDC---- C:\WINDOWS\$NtUninstallWudf01007$

2009-06-25 18:12:47 ----D---- C:\Program Files\PC Connectivity Solution

2009-06-25 18:11:35 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$

2009-06-24 18:03:23 ----D---- C:\WINDOWS\ie8updates

2009-06-24 18:02:28 ----D---- C:\WINDOWS\WBEM

2009-06-24 18:01:23 ----HDC---- C:\WINDOWS\ie8

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\vxblock.dll

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxwave.dll

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxsfs.dll

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxmas.dll

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxinsa64.exe

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxhpinst.exe

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxdrv.dll

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxcpya64.exe

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxafs.dll

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\px.dll

 

======List of files/folders modified in the last 3 months======

 

2009-09-20 11:08:22 ----D---- C:\WINDOWS\Prefetch

2009-09-20 10:50:51 ----D---- C:\Program Files\Mozilla Firefox

2009-09-20 10:41:21 ----D---- C:\WINDOWS\Temp

2009-09-20 10:40:41 ----D---- C:\WINDOWS\system32\CatRoot2

2009-09-20 00:48:26 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-09-19 22:33:35 ----SHD---- C:\WINDOWS\Installer

2009-09-19 22:33:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

2009-09-19 13:29:13 ----D---- C:\WINDOWS\pss

2009-09-19 13:22:50 ----RD---- C:\Program Files

2009-09-19 13:19:09 ----HD---- C:\Program Files\InstallShield Installation Information

2009-09-19 13:15:33 ----D---- C:\Program Files\Lavasoft

2009-09-19 13:15:22 ----D---- C:\WINDOWS\system32

2009-09-19 13:11:45 ----D---- C:\Program Files\Fichiers communs

2009-09-19 13:06:59 ----D---- C:\Program Files\Java

2009-09-19 10:36:04 ----D---- C:\Program Files\TOPCOM

2009-09-19 10:33:55 ----D---- C:\WINDOWS\repair

2009-09-19 10:31:50 ----HD---- C:\WINDOWS\inf

2009-09-19 10:31:50 ----D---- C:\WINDOWS\system32\drivers

2009-09-19 10:31:50 ----D---- C:\WINDOWS

2009-09-18 20:21:57 ----ASH---- C:\boot.ini

2009-09-18 20:21:57 ----A---- C:\WINDOWS\win.ini

2009-09-18 20:21:57 ----A---- C:\WINDOWS\system.ini

2009-09-17 18:57:28 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-09-17 06:50:42 ----SHD---- C:\RECYCLER

2009-09-17 06:43:21 ----A---- C:\WINDOWS\ntbtlog.txt

2009-09-13 23:28:51 ----D---- C:\Documents and Settings\Babel\Application Data\Skype

2009-09-12 15:30:02 ----D---- C:\WINDOWS\system32\CatRoot

2009-09-12 14:55:08 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-09-12 14:19:17 ----A---- C:\WINDOWS\system32\svchost.exe

2009-09-12 14:18:45 ----D---- C:\WINDOWS\Help

2009-09-12 14:18:13 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

2009-09-12 14:18:01 ----D---- C:\Program Files\AGEIA Technologies

2009-09-12 14:16:38 ----D---- C:\NVIDIA

2009-09-10 19:41:42 ----D---- C:\Program Files\Microsoft Silverlight

2009-09-10 07:33:45 ----A---- C:\WINDOWS\imsins.BAK

2009-09-10 07:33:42 ----HD---- C:\WINDOWS\$hf_mig$

2009-09-10 07:33:27 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2009-09-07 21:01:47 ----D---- C:\WINDOWS\WinSxS

2009-09-01 19:57:48 ----D---- C:\WINDOWS\Microsoft.NET

2009-08-18 21:13:15 ----D---- C:\Program Files\CDBurnerXP

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvudisp.exe

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuda.dll

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcodins.dll

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcod.dll

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvapi.dll

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll

2009-08-13 14:10:26 ----D---- C:\Program Files\Outlook Express

2009-08-12 07:08:46 ----D---- C:\Downloads

2009-08-11 19:57:13 ----D---- C:\Program Files\TomTom HOME

2009-08-11 19:54:13 ----A---- C:\WINDOWS\SIERRA.INI

2009-08-11 19:52:10 ----D---- C:\Program Files\American Conquest - Fight Back

2009-08-11 19:51:26 ----D---- C:\Program Files\American Conquest

2009-08-11 12:35:08 ----A---- C:\WINDOWS\system32\NVUNINST.EXE

2009-08-10 19:06:07 ----RSD---- C:\WINDOWS\assembly

2009-08-10 07:34:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-08-10 07:31:38 ----D---- C:\WINDOWS\system32\XPSViewer

2009-08-10 07:31:35 ----D---- C:\WINDOWS\system32\en-us

2009-08-10 07:31:30 ----RSD---- C:\WINDOWS\Fonts

2009-08-10 07:29:21 ----D---- C:\Program Files\Internet Explorer

2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll

2009-07-19 18:45:00 ----A---- C:\WINDOWS\system32\ieframe.dll

2009-07-19 15:15:02 ----A---- C:\WINDOWS\system32\mshtml.dll

2009-07-17 21:03:33 ----A---- C:\WINDOWS\system32\atl.dll

2009-07-16 19:04:35 ----D---- C:\Program Files\DIFX

2009-07-16 12:39:12 ----D---- C:\WINDOWS\system

2009-07-16 12:33:09 ----D---- C:\Program Files\Fichiers communs\InstallShield

2009-07-14 13:03:14 ----N---- C:\WINDOWS\system32\tzchange.exe

2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll

2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll

2009-07-04 19:47:11 ----D---- C:\WINDOWS\system32\DirectX

2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\wininet.dll

2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\occache.dll

2009-07-03 18:57:50 ----A---- C:\WINDOWS\system32\urlmon.dll

2009-07-03 18:57:46 ----N---- C:\WINDOWS\system32\jsproxy.dll

2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeedsbs.dll

2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeeds.dll

2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\iertutil.dll

2009-07-03 18:57:44 ----A---- C:\WINDOWS\system32\iepeers.dll

2009-07-03 18:57:41 ----N---- C:\WINDOWS\system32\iedkcs32.dll

2009-07-03 13:01:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe

2009-06-30 17:30:30 ----D---- C:\Documents and Settings\Babel\Application Data\Identities

2009-06-29 18:31:15 ----D---- C:\Documents and Settings\Babel\Application Data\DAEMON Tools Lite

2009-06-26 22:23:37 ----D---- C:\Documents and Settings\All Users\Application Data\Installations

2009-06-26 22:23:28 ----D---- C:\Program Files\Nokia

2009-06-25 18:18:11 ----D---- C:\Documents and Settings\Babel\Application Data\Nokia

2009-06-25 18:14:52 ----D---- C:\WINDOWS\security

2009-06-25 18:13:51 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-06-25 18:10:54 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite

2009-06-24 18:05:44 ----D---- C:\WINDOWS\system32\fr-fr

2009-06-24 18:02:21 ----D---- C:\WINDOWS\Media

2009-06-23 18:56:53 ----D---- C:\Program Files\Winamp

2009-06-23 18:51:14 ----A---- C:\WINDOWS\winamp.ini

2009-06-22 08:47:13 ----A---- C:\WINDOWS\system32\jscript.dll

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2008-10-26 2915944]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-18 279712]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-16 25888]

R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]

R3 fet5x86v;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-16 46592]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856]

R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]

R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]

S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803]

S3 ai4z6bj1;ai4z6bj1; C:\WINDOWS\system32\drivers\ai4z6bj1.sys []

S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]

S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]

S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]

S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]

S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder Audio Edition\SysInfo.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2009-04-12 27136]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]

S3 RT73;Topcom Skyr@cer USB 4001g Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296]

R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-01 66872]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336]

S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2008-10-26 304528]

S2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-19 153376]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-01 234864]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[Le sioux]

Bonsoir PatOjt

 

Pas grand chose à se mettre sous la dent ... (il y a un driver avec nom aléatoire qui revient à chaque fois, je me demande si cela n'est pas du à DaemonTool ou Alcohool)

 

• Double clique sur OTM.exe sur ton Bureau afin de lancer l'outil.
  
• Copie la liste qui se trouve en citation ci-dessous :
  

:services

ai4z6bj1

 

:files

C:\Documents and Settings\Babel\Application Data\.#

C:\WINDOWS\S96DCFBA0.tmp

C:\WINDOWS\system32\drivers\ai4z6bj1.sys

 

:commands

[emptytemp]

[reboot]

• et colle-la dans le cadre de gauche de OTM : "Paste instructions for item to be moved".
  
• Clique sur le bouton MoveIt!
  
• Attends la fin du travail de l'outil puis ferme OTM.
  

Note: Un redémarrage du PC pourra être nécessaire, clique sur Oui/Yes quand cela te sera demandé.

 

--> Poste en réponse :

 

* Le rapport de OTM (contenu du fichier Lecteur\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure) [Lecteur représente la partition depuis laquelle OTM a été lancé, généralement C:]

 

* Un nouveau rapport RSIT

Dis moi aussi si tu as toujours cette page de pub au lancement de FireFox

 

@ suivre.

[PatOtj]

Je n'utilise pas Daemon ou Alcohool de ces temps ci donc ou peut le désactiver voire le désinstaller si nécessaire pour s'assurer qu'ils ne sont pas en cause

 

et malheureusement j'ai toujours l'ouverture de cette page de pub mais contrairement à ce que je disais elle n'apparait pas systématiquement à l'ouverture de firefox mais parfois avant -> je penserais que c'est lors de la 1ère tentative d'accès au net par n'importe quel programme !

 

voici mes logs :

 

All processes killed

========== SERVICES/DRIVERS ==========

Service\Driver ai4z6bj1 not found.

Service\Driver key ai4z6bj1 deleted successfully.

========== FILES ==========

C:\Documents and Settings\Babel\Application Data\.# moved successfully.

File move failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be moved on reboot.

File/Folder C:\WINDOWS\system32\drivers\ai4z6bj1.sys not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Babel

->Temp folder emptied: 2132563 bytes

->Temporary Internet Files folder emptied: 699197 bytes

->Java cache emptied: 25495466 bytes

->FireFox cache emptied: 71256212 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

File delete failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be deleted on reboot.

%systemroot% .tmp files removed: 24 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 1290737 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 96,26 mb

 

 

OTM by OldTimer - Version 3.0.0.6 log created on 09202009_225124

 

Files moved on Reboot...

File move failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

et le second :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Babel at 2009-09-20 22:59:32

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 58 GB (37%) free of 156 GB

Total RAM: 2046 MB (76% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:59:36, on 20/09/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\notepad.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Lexmark 1200 Series\lxczbmon.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Babel\Bureau\RSIT.exe

D:\Download\HiJackThis\Babel.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@0 (User 'Default user')

O4 - .DEFAULT Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')

O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [java_sun] Java (Sun)

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://www.mediapluspro.com/mediaplus66/do...geinstaller.ocx

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe

O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 6915 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497bb-d6f0-462c-b6eb-d4daf1d92d43}]

SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-09-19 321312]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-19 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-19 73728]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]

"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-19 149280]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher]

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr]

C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools lite]

C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nokia.pcsync]

C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon]

C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter]

C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task]

C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe -atboottime []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rthdcpl]

C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^printkey 2000 fr.lnk]

C:\PROGRA~1\PRINTK~1\PRINTK~1.EXE [2001-06-17 869888]

 

C:\Documents and Settings\Babel\Menu Démarrer\Programmes\Démarrage

OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=scecli

wenunuve.dll

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"

"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"

"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe"="C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire Demo"

"C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"

"C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe:*:Enabled:FileZilla Server Interface"

"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"

"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"

"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"

"C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"

"C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Documents and Settings\Babel\Local Settings\Temp\Blizzard Launcher Temporary - bbbb3828\Launcher.exe"="C:\Documents and Settings\Babel\Local Settings\Temp\Blizzard Launcher Temporary - bbbb3828\Launcher.exe:*:Enabled:Blizzard Launcher"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"

"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

"C:\Program Files\GUILD WARS\Gw.exe"="C:\Program Files\GUILD WARS\Gw.exe:*:Enabled:Gw"

"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"

"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{067fa21a-147e-11de-b63b-001d9204db8e}]

shell\AutoRun\command - G:\start.exe

shell\FramaKey\command - G:\start.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{576c6175-6f5e-11dd-b53c-001d9204db8e}]

shell\AutoRun\command - L:\umenu.exe

 

 

======List of files/folders created in the last 3 months======

 

2009-09-20 11:07:28 ----A---- C:\lopR.txt

2009-09-20 11:06:42 ----D---- C:\Lop SD

2009-09-19 22:33:12 ----SHD---- C:\Config.Msi

2009-09-19 13:22:50 ----D---- C:\Program Files\CCleaner

2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaws.exe

2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaw.exe

2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\java.exe

2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-09-18 20:13:37 ----D---- C:\_OTM

2009-09-18 15:43:37 ----D---- C:\rsit

2009-09-12 14:55:08 ----A---- C:\WINDOWS\system32\vuins32.dll

2009-09-12 14:17:30 ----D---- C:\Program Files\NVIDIA Corporation

2009-09-12 14:17:25 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

2009-09-12 14:06:59 ----A---- C:\WINDOWS\system32\vusetup.dll

2009-09-12 13:57:53 ----D---- C:\Program Files\ma-config.com

2009-09-12 13:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2009-09-10 07:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$

2009-09-10 07:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$

2009-09-07 06:43:17 ----D---- C:\spoolerlogs

2009-09-06 20:59:54 ----D---- C:\Program Files\Avira

2009-09-06 20:59:54 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2009-09-06 20:42:01 ----D---- C:\Documents and Settings\Babel\Application Data\Malwarebytes

2009-09-06 20:41:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-09-06 20:41:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmn6.dll

2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmi6.dll

2009-08-30 08:21:20 ----D---- C:\Program Files\Softland

2009-08-28 04:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$

2009-08-18 21:13:28 ----D---- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

2009-08-17 03:04:24 ----A---- C:\WINDOWS\system32\nvcpluir.dll

2009-08-17 03:04:24 ----A---- C:\WINDOWS\system32\nvcplui.exe

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrszht.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrszhc.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrstr.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsth.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrssv.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrssl.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrssk.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsru.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsptb.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrspt.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrspl.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsno.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsnl.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsko.dll

2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsja.dll

2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrsit.dll

2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrshu.dll

2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrshe.dll

2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrsfr.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsfi.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsesm.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrses.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrseng.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsel.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsde.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsda.dll

2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrscs.dll

2009-08-17 03:04:08 ----A---- C:\WINDOWS\system32\nvwddi.dll

2009-08-17 03:04:08 ----A---- C:\WINDOWS\system32\nvrsar.dll

2009-08-17 03:03:50 ----A---- C:\WINDOWS\system32\nvwssr.dll

2009-08-17 03:03:44 ----A---- C:\WINDOWS\system32\nvwss.dll

2009-08-17 03:03:40 ----A---- C:\WINDOWS\system32\nvvitvsr.dll

2009-08-17 03:03:38 ----A---- C:\WINDOWS\system32\nvvitvs.dll

2009-08-17 03:03:32 ----A---- C:\WINDOWS\system32\nvmoblsr.dll

2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmobls.dll

2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmccssr.dll

2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmccss.dll

2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvgamesr.dll

2009-08-17 03:03:22 ----A---- C:\WINDOWS\system32\nvgames.dll

2009-08-17 03:03:18 ----A---- C:\WINDOWS\system32\nvdispsr.dll

2009-08-17 03:03:02 ----A---- C:\WINDOWS\system32\nvdisps.dll

2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe

2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvmctray.dll

2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvcpl.dll

2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvcolor.exe

2009-08-17 03:02:52 ----A---- C:\WINDOWS\system32\nvmccs.dll

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuvenc.dll

2009-08-14 13:36:18 ----A---- C:\WINDOWS\system32\PhysXLoader.dll

2009-08-13 14:35:34 ----D---- C:\Warhammer Online - Age of Reckoning

2009-08-13 14:35:17 ----D---- C:\Program Files\Fichiers communs\SWF Studio

2009-08-13 14:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$

2009-08-13 14:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$

2009-08-13 14:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$

2009-08-13 14:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$

2009-08-13 14:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$

2009-08-13 14:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$

2009-08-13 14:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$

2009-08-13 14:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$

2009-08-13 14:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$

2009-08-11 20:00:32 ----D---- C:\WINDOWS\system32\appmgmt

2009-08-11 19:31:47 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$

2009-08-10 07:30:36 ----D---- C:\WINDOWS\SxsCaPendDel

2009-08-04 23:13:46 ----D---- C:\Program Files\The KMPlayer FR

2009-08-04 23:05:16 ----D---- C:\Documents and Settings\Babel\Application Data\Media Player Classic

2009-08-04 23:04:30 ----A---- C:\WINDOWS\system32\unrar.dll

2009-08-04 23:04:30 ----A---- C:\WINDOWS\avisplitter.ini

2009-08-04 23:04:29 ----A---- C:\WINDOWS\system32\yv12vfw.dll

2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\xvidvfw.dll

2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\xvidcore.dll

2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\qt-dx331.dll

2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\dpl100.dll

2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\divx.dll

2009-08-04 23:04:27 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest

2009-08-04 23:04:27 ----A---- C:\WINDOWS\system32\ff_vfw.dll

2009-08-04 23:04:25 ----D---- C:\Program Files\K-Lite Codec Pack

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\PhysXDevice.dll

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\PhysXCplUI.exe

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\PhysXCompatCplUI.exe

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelSwedish.dll

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelSpanish.dll

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelPortugese.dll

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelKorean.dll

2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelJapanese.dll

2009-08-03 00:21:52 ----A---- C:\WINDOWS\system32\AgCPanelGerman.dll

2009-08-03 00:21:52 ----A---- C:\WINDOWS\system32\AgCPanelFrench.dll

2009-07-25 15:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft

2009-07-25 15:50:32 ----ASH---- C:\WINDOWS\S96DCFBA0.tmp

2009-07-25 15:50:20 ----D---- C:\Program Files\SlySoft

2009-07-16 22:58:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$

2009-07-16 22:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$

2009-07-16 22:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

2009-07-16 19:04:33 ----D---- C:\Program Files\Mars

2009-07-16 12:41:46 ----D---- C:\Documents and Settings\Babel\Application Data\ArcSoft

2009-07-16 12:39:12 ----A---- C:\WINDOWS\system32\vfwwdm32.dll

2009-07-16 12:35:40 ----D---- C:\WINDOWS\Setup533

2009-07-16 12:35:40 ----A---- C:\WINDOWS\system32\SP5X_32.DLL

2009-07-16 12:35:40 ----A---- C:\WINDOWS\ShowBmp.exe

2009-07-16 12:35:40 ----A---- C:\WINDOWS\Remove.ini

2009-07-16 12:35:40 ----A---- C:\WINDOWS\CA533A.INI

2009-07-16 12:35:40 ----A---- C:\WINDOWS\amcap533.exe

2009-07-16 12:33:33 ----A---- C:\WINDOWS\PCDLIB32.DLL

2009-07-16 12:33:31 ----D---- C:\Program Files\ArcSoft

2009-06-30 17:30:31 ----D---- C:\Documents and Settings\Babel\Application Data\PlayFirst

2009-06-30 17:30:31 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst

2009-06-28 09:00:18 ----D---- C:\Program Files\DAEMON Tools Lite

2009-06-27 10:18:58 ----D---- C:\Documents and Settings\All Users\Application Data\FreshGames

2009-06-27 10:18:54 ----D---- C:\Documents and Settings\Babel\Application Data\Zylom

2009-06-27 10:00:12 ----D---- C:\Documents and Settings\All Users\Application Data\Zylom

2009-06-25 18:16:41 ----HDC---- C:\WINDOWS\$NtUninstallWudf01007$

2009-06-25 18:12:47 ----D---- C:\Program Files\PC Connectivity Solution

2009-06-25 18:11:35 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$

2009-06-24 18:03:23 ----D---- C:\WINDOWS\ie8updates

2009-06-24 18:02:28 ----D---- C:\WINDOWS\WBEM

2009-06-24 18:01:23 ----HDC---- C:\WINDOWS\ie8

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\vxblock.dll

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxwave.dll

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxsfs.dll

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxmas.dll

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxinsa64.exe

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxhpinst.exe

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxdrv.dll

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxcpya64.exe

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxafs.dll

2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\px.dll

 

======List of files/folders modified in the last 3 months======

 

2009-09-20 22:53:48 ----D---- C:\WINDOWS\Temp

2009-09-20 22:53:39 ----D---- C:\WINDOWS\system32\CatRoot2

2009-09-20 22:53:38 ----D---- C:\Program Files\Mozilla Firefox

2009-09-20 22:51:41 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-09-20 19:02:36 ----D---- C:\WINDOWS\Prefetch

2009-09-19 22:33:35 ----SHD---- C:\WINDOWS\Installer

2009-09-19 22:33:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

2009-09-19 13:29:13 ----D---- C:\WINDOWS\pss

2009-09-19 13:22:50 ----RD---- C:\Program Files

2009-09-19 13:19:09 ----HD---- C:\Program Files\InstallShield Installation Information

2009-09-19 13:15:33 ----D---- C:\Program Files\Lavasoft

2009-09-19 13:15:22 ----D---- C:\WINDOWS\system32

2009-09-19 13:11:45 ----D---- C:\Program Files\Fichiers communs

2009-09-19 13:06:59 ----D---- C:\Program Files\Java

2009-09-19 10:36:04 ----D---- C:\Program Files\TOPCOM

2009-09-19 10:33:55 ----D---- C:\WINDOWS\repair

2009-09-19 10:31:50 ----HD---- C:\WINDOWS\inf

2009-09-19 10:31:50 ----D---- C:\WINDOWS\system32\drivers

2009-09-19 10:31:50 ----D---- C:\WINDOWS

2009-09-18 20:21:57 ----ASH---- C:\boot.ini

2009-09-18 20:21:57 ----A---- C:\WINDOWS\win.ini

2009-09-18 20:21:57 ----A---- C:\WINDOWS\system.ini

2009-09-18 15:34:43 ----D---- C:\WINDOWS\Minidump

2009-09-17 18:57:28 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-09-17 06:50:42 ----SHD---- C:\RECYCLER

2009-09-17 06:43:21 ----A---- C:\WINDOWS\ntbtlog.txt

2009-09-13 23:28:51 ----D---- C:\Documents and Settings\Babel\Application Data\Skype

2009-09-12 15:30:02 ----D---- C:\WINDOWS\system32\CatRoot

2009-09-12 14:55:08 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-09-12 14:19:17 ----A---- C:\WINDOWS\system32\svchost.exe

2009-09-12 14:18:45 ----D---- C:\WINDOWS\Help

2009-09-12 14:18:13 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

2009-09-12 14:18:01 ----D---- C:\Program Files\AGEIA Technologies

2009-09-12 14:16:38 ----D---- C:\NVIDIA

2009-09-10 19:41:42 ----D---- C:\Program Files\Microsoft Silverlight

2009-09-10 07:33:45 ----A---- C:\WINDOWS\imsins.BAK

2009-09-10 07:33:42 ----HD---- C:\WINDOWS\$hf_mig$

2009-09-10 07:33:27 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2009-09-07 21:01:47 ----D---- C:\WINDOWS\WinSxS

2009-09-01 19:57:48 ----D---- C:\WINDOWS\Microsoft.NET

2009-08-18 21:13:15 ----D---- C:\Program Files\CDBurnerXP

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvudisp.exe

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuda.dll

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcodins.dll

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcod.dll

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvapi.dll

2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll

2009-08-13 14:10:26 ----D---- C:\Program Files\Outlook Express

2009-08-12 07:08:46 ----D---- C:\Downloads

2009-08-11 19:57:13 ----D---- C:\Program Files\TomTom HOME

2009-08-11 19:54:13 ----A---- C:\WINDOWS\SIERRA.INI

2009-08-11 19:52:10 ----D---- C:\Program Files\American Conquest - Fight Back

2009-08-11 19:51:26 ----D---- C:\Program Files\American Conquest

2009-08-11 12:35:08 ----A---- C:\WINDOWS\system32\NVUNINST.EXE

2009-08-10 19:06:07 ----RSD---- C:\WINDOWS\assembly

2009-08-10 07:34:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-08-10 07:31:38 ----D---- C:\WINDOWS\system32\XPSViewer

2009-08-10 07:31:35 ----D---- C:\WINDOWS\system32\en-us

2009-08-10 07:31:30 ----RSD---- C:\WINDOWS\Fonts

2009-08-10 07:29:21 ----D---- C:\Program Files\Internet Explorer

2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll

2009-07-19 18:45:00 ----A---- C:\WINDOWS\system32\ieframe.dll

2009-07-19 15:15:02 ----A---- C:\WINDOWS\system32\mshtml.dll

2009-07-17 21:03:33 ----A---- C:\WINDOWS\system32\atl.dll

2009-07-16 19:04:35 ----D---- C:\Program Files\DIFX

2009-07-16 12:39:12 ----D---- C:\WINDOWS\system

2009-07-16 12:33:09 ----D---- C:\Program Files\Fichiers communs\InstallShield

2009-07-14 13:03:14 ----N---- C:\WINDOWS\system32\tzchange.exe

2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll

2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll

2009-07-04 19:47:11 ----D---- C:\WINDOWS\system32\DirectX

2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\wininet.dll

2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\occache.dll

2009-07-03 18:57:50 ----A---- C:\WINDOWS\system32\urlmon.dll

2009-07-03 18:57:46 ----N---- C:\WINDOWS\system32\jsproxy.dll

2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeedsbs.dll

2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeeds.dll

2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\iertutil.dll

2009-07-03 18:57:44 ----A---- C:\WINDOWS\system32\iepeers.dll

2009-07-03 18:57:41 ----N---- C:\WINDOWS\system32\iedkcs32.dll

2009-07-03 13:01:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe

2009-06-30 17:30:30 ----D---- C:\Documents and Settings\Babel\Application Data\Identities

2009-06-29 18:31:15 ----D---- C:\Documents and Settings\Babel\Application Data\DAEMON Tools Lite

2009-06-26 22:23:37 ----D---- C:\Documents and Settings\All Users\Application Data\Installations

2009-06-26 22:23:28 ----D---- C:\Program Files\Nokia

2009-06-25 18:18:11 ----D---- C:\Documents and Settings\Babel\Application Data\Nokia

2009-06-25 18:14:52 ----D---- C:\WINDOWS\security

2009-06-25 18:13:51 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-06-25 18:10:54 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite

2009-06-24 18:05:44 ----D---- C:\WINDOWS\system32\fr-fr

2009-06-24 18:02:21 ----D---- C:\WINDOWS\Media

2009-06-23 18:56:53 ----D---- C:\Program Files\Winamp

2009-06-23 18:51:14 ----A---- C:\WINDOWS\winamp.ini

2009-06-22 08:47:13 ----A---- C:\WINDOWS\system32\jscript.dll

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2008-10-26 2915944]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]

R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-18 279712]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-16 25888]

R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]

R3 fet5x86v;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-16 46592]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856]

R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]

R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]

S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803]

S3 ak2aqkrs;ak2aqkrs; C:\WINDOWS\system32\drivers\ak2aqkrs.sys []

S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]

S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]

S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]

S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]

S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder Audio Edition\SysInfo.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2009-04-12 27136]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]

S3 RT73;Topcom Skyr@cer USB 4001g Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys []

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336]

R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-19 153376]

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296]

R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-01 66872]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336]

S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2008-10-26 304528]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-01 234864]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------