Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

problème de Modification du registre et gestionnaire de tache

eva-chan

Par eva-chan
dans Analyses et éradication malwares

 Partager

Messages recommandés

eva-chan Member

eva-chan

Posté(e)
Posté(e)

Bonsoir ,

j'ai un gros problème ! à chaque fois que je veux installer un fichier .reg , il y a le message : La modification du registre a été désactivé par votre administrateur , or je suis administrateur et j'ai jamais désactivé ceci ! et de même pour le gestionnaire des tâches !

s'il vous plait , aidez moi !

Merci d'avance !

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Bonjour, bienvenue. :P

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau. Cet outil va faire un état des lieux, lire la configuration, comme HijackThis, mais en plus détaillé.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    Ca fait deux rapports donc. Comme ils sont longs, tu peux faire 2 réponses, une par rapport. :P

eva-chan Member

eva-chan

Posté(e)
  • Auteur
Posté(e)

Au fait , j'ai deux ordi qui ont le même problème , je commence par réparer celui ci puis j'ouvrirai un autre sujet pour l'autre =)

 

Rapport 1 =) :

Logfile of random's system information tool 1.06 (written by random/random)

Run by Administrateur at 2010-03-27 22:01:57

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 68 GB (59%) free of 114 GB

Total RAM: 503 MB (17% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:01:58, on 27/03/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20861)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\FFDS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\WINDOWS\PixArt\PAC207\Monitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Hama\Hama Digital Software Suite\Media Card Companion\MCC Monitor.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\lotus\wordpro\ltsstart.exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kylte.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Notepad++\notepad++.exe

C:\Program Files\Notepad++\notepad++.exe

C:\Program Files\Notepad++\notepad++.exe

C:\Program Files\Notepad++\notepad++.exe

C:\Documents and Settings\Administrateur\Bureau\RSIT.exe

C:\Program Files\HijackThis\HiJackThis\Administrateur.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2102473

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll

R3 - URLSearchHook: Online Sharing Toolbar - {8567a644-e36c-470c-86cf-9c5b4f37db81} - C:\Program Files\Online_Sharing\tbOnli.dll

R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Online Sharing Toolbar - {8567a644-e36c-470c-86cf-9c5b4f37db81} - C:\Program Files\Online_Sharing\tbOnli.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll

O3 - Toolbar: Online Sharing Toolbar - {8567a644-e36c-470c-86cf-9c5b4f37db81} - C:\Program Files\Online_Sharing\tbOnli.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

O4 - HKLM\..\Run: [YouCam Mirror Tray icon] "C:\Program Files\CyberLink\YouCam\YouCamTray.exe" /s

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\FFDS\explorer.exe

O4 - HKCU\..\Run: [WinMover] "C:\Program Files\WinMover\WinMover.exe" /q

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\WebcamMax.exe" -a

O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\FFDS\explorer.exe

O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\FFDS\explorer.exe

O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\FFDS\explorer.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [sweetRegistry] rundll32 advpack.dll,LaunchINFSection SweetReg.inf,PerUserStub (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\RunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [JkDefrag] rundll32 advpack.dll,LaunchINFSection JKDEFRAG.INF,RunOnce,1,N (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe

O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe

O4 - Global Startup: Monitor.lnk = C:\Program Files\Hama\Hama Digital Software Suite\Media Card Companion\MCC Monitor.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - Unknown owner - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

 

--

End of file - 9331 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}]

PHPNukeFR Toolbar - C:\Program Files\PHPNukeFR\tbPHPN.dll [2009-12-31 2349080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8567a644-e36c-470c-86cf-9c5b4f37db81}]

Online Sharing Toolbar - C:\Program Files\Online_Sharing\tbOnli.dll [2009-12-31 2349080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\tbVuze.dll [2010-03-17 2355224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-10-27 1196936]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]

FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-10-27 1196936]

{1c491116-c175-45e1-a570-6fb14fea8b7b} - PHPNukeFR Toolbar - C:\Program Files\PHPNukeFR\tbPHPN.dll [2009-12-31 2349080]

{8567a644-e36c-470c-86cf-9c5b4f37db81} - Online Sharing Toolbar - C:\Program Files\Online_Sharing\tbOnli.dll [2009-12-31 2349080]

{ba14329e-9550-4989-b3f2-9732e92d17cc} - Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\tbVuze.dll [2010-03-17 2355224]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 163840]

"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 151552]

"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]

"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2008-06-29 52168]

"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]

"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-02-18 49152]

"QuickTime Task"=C:\Program Files\QT Lite\QTTask.exe [2009-11-10 417792]

"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 397312]

"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]

"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 296232]

"YouCam Mirror Tray icon"=C:\Program Files\CyberLink\YouCam\YouCamTray.exe [2009-06-11 232544]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608]

"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2010-02-17 255296]

"HKLM"=C:\WINDOWS\FFDS\explorer.exe [2010-03-19 287232]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"Policies"=C:\WINDOWS\FFDS\explorer.exe [2010-03-19 287232]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"WinMover"=C:\Program Files\WinMover\WinMover.exe [2005-12-02 10240]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-09-27 209408]

"WebcamMaxAutoRun"=C:\Program Files\WebcamMax\WebcamMax.exe [2009-12-30 5946000]

"HKCU"=C:\WINDOWS\FFDS\explorer.exe [2010-03-19 287232]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"Policies"=C:\WINDOWS\FFDS\explorer.exe [2010-03-19 287232]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Monitor.lnk - C:\Program Files\Hama\Hama Digital Software Suite\Media Card Companion\MCC Monitor.exe

 

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage

LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe

Lotus QuickStart.lnk - C:\lotus\wordpro\ltsstart.exe

Lotus SuiteStart 97.lnk - C:\lotus\smartctr\suitest.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

C:\WINDOWS\system32\avgrsstx.dll [2010-03-19 12464]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2006-02-07 139264]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 200064]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"=C:\WINDOWS\system32\ieframe.dll [2008-09-27 7634944]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableRegistryTools"=1

"DisableTaskMgr"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=1

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLUA"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"ForceClassicControlPanel"=1

"NoDesktopCleanupWizard"=1

"NoInstrumentation"=1

"NoResolveSearch"=1

"NoResolveTrack"=1

"NoSMBalloonTip"=1

"NoSMConfigurePrograms"=1

"NoSMHelp"=1

"NoStartMenuMFUprogramsList"=1

"NoStrCmpLogical"=0

"NoWelcomeScreen"=1

"NoDrives"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"HideRunAsVerb"=

"NoActiveDesktop"=

"NoDriveTypeAutoRun"=

"NoInstrumentation"=

"NoResolveTrack"=

"NoSetActiveDesktop"=

"NoStartMenuMFUprogramsList"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:ipsec"

"C:\Program Files\Flyff\Flyff.exe"="C:\Program Files\Flyff\Flyff.exe:*:Enabled:ipsec"

"C:\Program Files\iTunes\iTunesHelper.exe"="C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqatl.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqatl.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windwrgo.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windwrgo.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\conk.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\conk.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ydyab.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ydyab.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ratfeu.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ratfeu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vspjx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vspjx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmeuk.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmeuk.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmepxbb.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmepxbb.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvqldnq.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvqldnq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lpsp.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lpsp.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winadqt.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winadqt.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ipyo.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ipyo.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windsedc.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windsedc.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\slfd.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\slfd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\btrqek.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\btrqek.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winplca.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winplca.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvxqv.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvxqv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuclbm.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuclbm.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsdmbow.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsdmbow.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qlly.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qlly.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxhfyl.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxhfyl.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mqux.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mqux.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:ipsec"

"C:\Program Files\HP\hpcoretech\soln\HPOSM.exe"="C:\Program Files\HP\hpcoretech\soln\HPOSM.exe:*:Enabled:ipsec"

"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingxgy.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingxgy.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbqmvm.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbqmvm.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkrlc.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkrlc.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwwvck.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwwvck.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlflwn.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlflwn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxfvwh.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxfvwh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fpoq.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fpoq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmgqj.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmgqj.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwdhav.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwdhav.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\krdbb.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\krdbb.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaabryt.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaabryt.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\utcu.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\utcu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqggmh.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqggmh.exe:*:Enabled:ipsec"

"C:\Program Files\McAfee Security Scan\1.0.150\McUICnt.exe"="C:\Program Files\McAfee Security Scan\1.0.150\McUICnt.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjxdsdh.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjxdsdh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ryhd.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ryhd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wineckshb.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wineckshb.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincvtb.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincvtb.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dgvfyv.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dgvfyv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mkyn.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mkyn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingacd.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingacd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pidwiu.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pidwiu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windeiklo.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windeiklo.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\padn.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\padn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuywyco.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuywyco.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winukyvtv.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winukyvtv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gyptoh.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gyptoh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvubpe.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvubpe.exe:*:Enabled:ipsec"

"C:\WINDOWS\PixArt\PAC7302\Monitor.exe"="C:\WINDOWS\PixArt\PAC7302\Monitor.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmcknar.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmcknar.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjryfoe.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjryfoe.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingjxyrr.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingjxyrr.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrojn.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrojn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lssmf.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lssmf.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkpxu.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkpxu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pnvs.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pnvs.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windsle.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windsle.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wkkdy.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wkkdy.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\doysj.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\doysj.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ibric.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ibric.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ttpuo.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ttpuo.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfjaf.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfjaf.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nyhshk.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nyhshk.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbctr.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbctr.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dnolt.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dnolt.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbthbat.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbthbat.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uctvx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uctvx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nxicx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nxicx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winullwl.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winullwl.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wccx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wccx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avqglv.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avqglv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkbgpjg.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkbgpjg.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsrdsih.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsrdsih.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhgufbm.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhgufbm.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmxhsj.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmxhsj.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfevup.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfevup.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cdcxs.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cdcxs.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjxqp.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjxqp.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxmwky.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxmwky.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhijaw.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhijaw.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nhugsh.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nhugsh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gayumx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gayumx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\glcsb.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\glcsb.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintpqvqx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintpqvqx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\omubkd.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\omubkd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winiypvh.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winiypvh.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmycvk.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmycvk.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfyphx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfyphx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingonqol.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingonqol.exe:*:Enabled:ipsec"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c714161-1106-11df-a888-0016d4bf6d27}]

shell\AutopLaY\command - E:\qbwiix.pif

shell\AutoRun\command - E:\qbwiix.pif

shell\explore\command - E:\qbwiix.pif

shell\Open\command - E:\qbwiix.pif

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{511b0e66-23de-11df-a8aa-0016d4bf6d27}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7362bfee-0a6d-11df-a879-0016d4bf6d27}]

shell\Autoplay\command - D:\vtcwd.pif

shell\AutoRun\command - D:\vtcwd.pif

shell\ExplORE\command - D:\vtcwd.pif

shell\Open\command - D:\vtcwd.pif

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8603fe32-93b3-11de-a860-0016d4bf6d27}]

shell\??\command - taipingtianguov1.1.exe

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca07290-9b5e-11de-a865-0016d4bf6d27}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bouha_diable.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b387b82-1240-11df-a88b-0016d4bf6d27}]

shell\AutopLaY\command - D:\qbwiix.pif

shell\AutoRun\command - D:\qbwiix.pif

shell\explore\command - D:\qbwiix.pif

shell\Open\command - D:\qbwiix.pif

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9d68339-92f1-11de-a85d-0016d4bf6d27}]

shell\AutoRun\command - F:\photos.exe

shell\explore\command - F:\photos.exe

shell\open\command - F:\photos.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbed0a2c-9055-11de-bfa1-806d6172696f}]

shell\AutoRun\command - D:\LGInstaller.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dcca1924-14da-11df-a892-0016d4bf6d27}]

shell\auToPlaY\command - D:\nctwv.exe

shell\AutoRun\command - D:\nctwv.exe

shell\ExploRE\command - D:\nctwv.exe

shell\OpeN\command - D:\nctwv.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e23245e4-38c5-11df-add5-0016d4bf6d27}]

shell\autoPlay\command - D:\epskp.pif

shell\AutoRun\command - D:\epskp.pif

shell\eXpLore\command - D:\epskp.pif

shell\oPeN\command - D:\epskp.pif

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea90d756-09b2-11df-a878-0016d4bf6d27}]

shell\AutoRun\command - fbak.exe

shell\open\command - fbak.exe

 

 

======List of files/folders created in the last 1 months======

 

2010-03-27 22:00:55 ----D---- C:\rsit

2010-03-27 16:14:35 ----D---- C:\Program Files\HijackThis

2010-03-27 14:18:40 ----A---- C:\WINDOWS\system32\XAudio2_6.dll

2010-03-27 14:18:40 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll

2010-03-27 14:18:40 ----A---- C:\WINDOWS\system32\xactengine3_6.dll

2010-03-27 14:18:39 ----A---- C:\WINDOWS\system32\XAudio2_5.dll

2010-03-27 14:18:39 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll

2010-03-27 14:18:38 ----A---- C:\WINDOWS\system32\xactengine3_5.dll

2010-03-27 14:18:37 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll

2010-03-27 14:18:36 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll

2010-03-27 14:18:35 ----A---- C:\WINDOWS\system32\d3dx11_42.dll

2010-03-27 14:18:35 ----A---- C:\WINDOWS\system32\d3dx10_42.dll

2010-03-27 14:18:34 ----A---- C:\WINDOWS\system32\D3DX9_42.dll

2010-03-27 14:18:33 ----A---- C:\WINDOWS\system32\D3DX9_41.dll

2010-03-27 14:18:33 ----A---- C:\WINDOWS\system32\d3dx10_41.dll

2010-03-27 14:18:33 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll

2010-03-27 14:18:31 ----A---- C:\WINDOWS\system32\XAudio2_4.dll

2010-03-27 14:18:31 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll

2010-03-27 14:18:30 ----A---- C:\WINDOWS\system32\xactengine3_4.dll

2010-03-27 14:18:30 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll

2010-03-27 14:16:34 ----D---- C:\WINDOWS\Logs

2010-03-27 12:30:38 ----D---- C:\files system

2010-03-26 02:12:45 ----D---- C:\Program Files\Vuze_Remote

2010-03-23 22:00:44 ----A---- C:\WINDOWS\regedit.com

2010-03-20 17:30:58 ----D---- C:\Documents and Settings\Administrateur\Application Data\DAEMON Tools Lite

2010-03-20 17:30:51 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

2010-03-19 19:47:06 ----D---- C:\Program Files\Total Uninstall 5

2010-03-19 19:46:52 ----D---- C:\Documents and Settings\All Users\Application Data\Martau

2010-03-19 19:05:02 ----HD---- C:\WINDOWS\system32\GroupPolicy

2010-03-19 18:58:20 ----D---- C:\Program Files\Panda Security

2010-03-19 18:47:42 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2010-03-19 13:01:12 ----HD---- C:\$AVG

2010-03-19 13:00:09 ----A---- C:\WINDOWS\system32\avgrsstx.dll

2010-03-19 12:57:44 ----D---- C:\Documents and Settings\All Users\Application Data\avg9

2010-03-19 12:11:01 ----D---- C:\Program Files\Google

2010-03-19 10:16:07 ----D---- C:\Documents and Settings\All Users\Application Data\ZA_PreservedFiles

2010-03-19 10:08:10 ----D---- C:\Program Files\CCleaner

2010-03-19 09:43:35 ----D---- C:\Program Files\CheckPoint

2010-03-18 11:17:50 ----D---- C:\Documents and Settings\Administrateur\Application Data\DMCache

2010-03-16 13:48:46 ----D---- C:\Program Files\iPod

2010-03-16 13:48:28 ----D---- C:\Program Files\iTunes

2010-03-16 13:31:16 ----D---- C:\Program Files\Safari

2010-03-05 09:50:14 ----D---- C:\Program Files\LimeWire

2010-03-04 19:58:39 ----D---- C:\Program Files\Online_Sharing

2010-03-04 19:58:29 ----D---- C:\Program Files\LimeWire Acceleration Patch

2010-03-04 19:46:47 ----D---- C:\Documents and Settings\Administrateur\Application Data\LimeWire

 

======List of files/folders modified in the last 1 months======

 

2010-03-27 19:15:11 ----D---- C:\Program Files\Mozilla Firefox

2010-03-27 19:13:24 ----D---- C:\WINDOWS\system32\drivers

2010-03-27 18:51:55 ----D---- C:\WINDOWS

2010-03-27 16:15:01 ----RD---- C:\Program Files

2010-03-27 15:44:47 ----D---- C:\WINDOWS\Temp

2010-03-27 14:18:58 ----D---- C:\WINDOWS\system32\CatRoot

2010-03-27 14:18:41 ----D---- C:\WINDOWS\system32\DirectX

2010-03-27 14:18:40 ----HD---- C:\WINDOWS\inf

2010-03-27 14:18:40 ----D---- C:\WINDOWS\system32

2010-03-27 14:16:56 ----D---- C:\WINDOWS\system32\CatRoot2

2010-03-27 13:05:04 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc

2010-03-26 19:39:19 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss

2010-03-26 19:21:41 ----A---- C:\WINDOWS\NeroDigital.ini

2010-03-26 12:06:29 ----D---- C:\WINDOWS\Album

2010-03-24 23:20:38 ----D---- C:\Program Files\Flyff

2010-03-23 21:57:13 ----SHD---- C:\System Volume Information

2010-03-23 21:57:13 ----D---- C:\WINDOWS\system32\Restore

2010-03-22 22:56:33 ----D---- C:\WINDOWS\Minidump

2010-03-19 19:54:48 ----SHD---- C:\WINDOWS\Installer

2010-03-19 19:07:09 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft

2010-03-19 18:47:42 ----SD---- C:\WINDOWS\Tasks

2010-03-19 13:18:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-03-19 12:57:42 ----D---- C:\WINDOWS\WinSxS

2010-03-19 12:36:24 ----DC---- C:\WINDOWS\system32\DRVSTORE

2010-03-17 14:37:44 ----D---- C:\Program Files\KaraFun

2010-03-16 13:48:45 ----D---- C:\Program Files\Fichiers communs\Apple

2010-03-16 13:44:46 ----D---- C:\Documents and Settings\Administrateur\Application Data\Apple Computer

2010-03-09 19:14:06 ----D---- C:\Program Files\Common Files

2010-03-09 11:00:18 ----D---- C:\WINDOWS\SoftwareDistribution

2010-03-05 11:36:07 ----D---- C:\Program Files\CyberLink

2010-03-05 11:32:48 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink

2010-03-05 11:31:48 ----HD---- C:\Program Files\InstallShield Installation Information

2010-03-05 11:31:21 ----RSD---- C:\WINDOWS\Fonts

2010-03-05 11:29:22 ----D---- C:\Documents and Settings\All Users\Application Data\Temp

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-19 333192]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-19 28424]

R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-19 360584]

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-09-27 14720]

R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-09-27 8832]

R2 rspndr;Répondeur de découverte de topologie de la couche de liaison; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2008-05-29 62848]

R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\qtpqnl.sys []

R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-09-27 13952]

R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496]

R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-20 21248]

R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\system32\DRIVERS\serscan.sys [2008-09-27 6912]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-24 30336]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-09-27 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-09-27 20608]

R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-07-17 28672]

R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-09-20 207488]

R3 w29n51;Pilote de carte de connexion réseau Intel® PRO/Wireless 2200BG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-09-27 17024]

S3 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]

S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]

S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-09-27 10368]

S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys []

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-09-27 12288]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-09-27 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-09-27 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-09-27 10880]

S3 PAC207;PC Camera; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-10-25 616064]

S3 PAC7302;Eye 312; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-09-27 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-09-27 15232]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-09-27 60032]

S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-09-27 32128]

S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]

S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-09-27 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-09-27 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-09-27 26368]

S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-09-27 121984]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-09-13 38528]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-09-27 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-09-13 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]

S2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent []

S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 139264]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-02-24 3411964]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S4 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2008-09-13 918016]

 

-----------------EOF-----------------

 

 

2éme rapport : =)

info.txt logfile of random's system information tool 1.06 2010-03-27 22:01:07

 

======Uninstall list======

 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}

Adobe Shockwave Player-->MsiExec.exe /X{54E4B63C-D252-454C-BE4F-468F102B331C}

Alabama Smith - Escape from Pompeii Cracked by Cryptic-->"C:\Program Files\Alabama Smith - Escape from Pompeii\unins000.exe"

Apple Application Support-->MsiExec.exe /I{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

ClearType Tuning-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,ClearTypeCPL.Uninstall

Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"

Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}

CPU-Z-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,CPUZ.Uninstall

CurrPorts-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,CurrPorts.Uninstall

CyberLink PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall

CyberLink PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall

CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe" /z-uninstall

CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe" /z-uninstall

DAMN NFO Viewer Setup-->MsiExec.exe /I{D5DE2E28-2BA1-4CF8-A4C5-D3D2AE0A9E38}

Eye 312-->"C:\Program Files\InstallShield Installation Information\{6EA3A8A6-4B6B-4288-B8FB-3EB11A403ED3}\setup.exe" -runfromtemp -l0x040c -removeonly

FaceGen Modeller 3.1-->MsiExec.exe /I{332B1B33-D0EE-4A0A-AB2F-12BF56BCE1C3}

FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u

GoRC-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,GoRC.Uninstall

GPU-Z-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,GPUZ.Uninstall

Hama Digital Software Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3898C20-7186-499F-8CCC-A57C3F13B13C}\Setup.exe" -l0x40c

HD Tune-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,HDTune.Uninstall

HijackThis 2.0.2-->"C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\HijackThis.exe" /uninstall

HP Deskjet 3840-->msiexec /x{B1591C79-1C35-4E09-AA15-F7D6923AFB96}

HP Software Update-->MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}

HWMonitor-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,HWMonitor.Uninstall

ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592

iTunes-->MsiExec.exe /I{81063354-9060-42B2-A000-1EBE96778AA9}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

JkDefrag-->rundll32.exe advpack.dll,LaunchINFSection JKDEFRAG.INF,JkDefrag.Uninstall

KaraFun Studio 1.10a-->"C:\Program Files\KaraFun\unins000.exe"

L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall

LG MC USB Modem driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6059C682-4C5F-4106-8487-943E98225D3B}\setup.exe" -l0x40c -removeonly

LG USB Modem Drivers-->MsiExec.exe /I{FA02ACAC-9E14-4878-A257-92A22A647C2C}

LimeWire PRO 5.4.8-->"C:\Program Files\LimeWire\uninstall.exe"

Lotus SmartSuite 97-->C:\WINDOWS\lunin10.exe /T SmartSuite /V 97.0 /I "c:\lotus\suit.inf" /C "c:\lotus\cinstall.ini" /O /L FR

Mega Bloc Notes 5.2.0-->C:\Program Files\Mega Bloc Notes\desinstall.exe

MemTest-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,MemTest.Uninstall

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft DirectX Control Panel 9.0c-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,DirectXCPL.Uninstall

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

MiroViewExpress-->"C:\WINDOWS\IFinst27.exe" -UC:\Program Files\MiroView Express\IFU40.inf

MobileMe Control Panel-->MsiExec.exe /I{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe

Mozilla Firefox (3.5.:P-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

Nero 8 Lite 8.3.6.0-->"C:\Program Files\Nero\unins000.exe"

Nero Info Tool-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,InfoTool.Uninstall

Notepad++-->C:\Program Files\Notepad++\uninstall.exe

Online_Sharing Toolbar-->C:\PROGRA~1\ONLINE~1\UNWISE.EXE /U C:\PROGRA~1\ONLINE~1\INSTALL.LOG

Open Command Prompt Shell Extension-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,CmdOpen.Uninstall

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe

PC Camera-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{C679F9B9-C65D-4C65-BD6C-BF90B859E281} /l1036

PhotoInstrument 2.0-->"C:\Program Files\PhotoInstrument\unins000.exe"

PHPNukeFR Toolbar-->C:\PROGRA~1\PHPNUK~1\UNWISE.EXE /U C:\PROGRA~1\PHPNUK~1\INSTALL.LOG

Pserv-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,Pserv.Uninstall

PuTTY-->rundll32.exe advpack.dll,LaunchINFSection PuTTY.inf,PuTTY.Uninstall

QT Lite 2.7.0-->"C:\Program Files\QT Lite\unins000.exe"

QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe

Quicksys RegDefrag-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,RegDefrag.Uninstall

QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}

Real Alternative 1.8.4 Lite-->"C:\Program Files\Real Alternative\unins000.exe"

RegScanner-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,RegScanner.Uninstall

SABnzbd (remove only)-->"C:\Program Files\SABnzbd\uninstall.exe"

SABnzbOpen v1.0-->"C:\Program Files\SABnzbOpen\unins000.exe"

Safari-->MsiExec.exe /I{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}

Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26}

Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Sysinternals Suite-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,Sysinternals.Uninstall

Total Uninstall 5.5.1-->"C:\Program Files\Total Uninstall 5\unins000.exe"

Tweak UI-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,TweakUI.Uninstall

Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456}

Utilitaires Gnu Unix-->rundll32.exe advpack.dll,LaunchINFSection KALUNIX.INF,Uninstall

VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"

Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Vuze_Remote Toolbar-->C:\PROGRA~1\VUZE_R~1\UNWISE.EXE /U C:\PROGRA~1\VUZE_R~1\INSTALL.LOG

WebcamMax-->"C:\Program Files\WebcamMax\uninst.exe"

WebMate-->"C:\Program Files\InstallShield Installation Information\{40B6D0B4-301A-4020-869F-2E3936E02299}\setup.exe" -runfromtemp -l0x040c -removeonly

Windows Installer CleanUp-->rundll32.exe advpack.dll,LaunchINFSection SWTUTILS.INF,MSI.Uninstall

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Live Safety Scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

WinMover 3.2.0.6-->"C:\Program Files\WinMover\unins000.exe"

XnView 1.94-->"C:\Program Files\XnView\unins000.exe"

XnView Shell Extension 2.4.0-->"C:\Program Files\XnView\ShellEx\unins000.exe"

 

======System event log======

 

Computer Name: SWEET-57CB51F8B

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free.

 

Record Number: 2743

Source Name: EventLog

Time Written: 20100301195648.000000+060

Event Type: Informations

User:

 

Computer Name: SWEET-57CB51F8B

Event Code: 6006

Message: Le service d'Enregistrement d'événement a été arrêté.

 

Record Number: 2742

Source Name: EventLog

Time Written: 20100228232200.000000+060

Event Type: Informations

User:

 

Computer Name: SWEET-57CB51F8B

Event Code: 4201

Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{E74EE560-5424-42DB-8CAD-B54CACF6D473} était connectée au réseau,

et a lancé une opération normale sur la carte réseau.

 

Record Number: 2741

Source Name: Tcpip

Time Written: 20100228231624.000000+060

Event Type: Informations

User:

 

Computer Name: SWEET-57CB51F8B

Event Code: 1002

Message: Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse réseau est 00166FC7FA4B

a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK).

 

Record Number: 2740

Source Name: Dhcp

Time Written: 20100228231623.000000+060

Event Type: erreur

User:

 

Computer Name: SWEET-57CB51F8B

Event Code: 1003

Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir

du serveur DHCP) pour la carte réseau dont l'adresse réseau est 00166FC7FA4B. Il s'est

produit l'erreur suivante :

L'opération a été annulée par l'utilisateur.

.

Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du

serveur d'adresse réseau (DHCP).

 

Record Number: 2739

Source Name: Dhcp

Time Written: 20100228231623.000000+060

Event Type: Avertissement

User:

 

=====Application event log=====

 

Computer Name: SWEET-57CB51F8B

Event Code: 1000

Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés.

Les données d'enregistrement contiennent les nouvelles valeurs d'index

assignées à ce service.

 

Record Number: 5

Source Name: LoadPerf

Time Written: 20090824025414.000000+120

Event Type: Informations

User:

 

Computer Name: SWEET-57CB51F8B

Event Code: 1000

Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.

Les données d'enregistrement contiennent les nouvelles valeurs d'index

assignées à ce service.

 

Record Number: 4

Source Name: LoadPerf

Time Written: 20090824025410.000000+120

Event Type: Informations

User:

 

Computer Name: SWEET-57CB51F8B

Event Code: 1000

Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.

Les données d'enregistrement contiennent les nouvelles valeurs d'index

assignées à ce service.

 

Record Number: 3

Source Name: LoadPerf

Time Written: 20090824025227.000000+120

Event Type: Informations

User:

 

Computer Name: SWEET-57CB51F8B

Event Code: 1000

Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.

Les données d'enregistrement contiennent les nouvelles valeurs d'index

assignées à ce service.

 

Record Number: 2

Source Name: LoadPerf

Time Written: 20090824025208.000000+120

Event Type: Informations

User:

 

Computer Name: SWEET-57CB51F8B

Event Code: 1000

Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.

Les données d'enregistrement contiennent les nouvelles valeurs d'index

assignées à ce service.

 

Record Number: 1

Source Name: LoadPerf

Time Written: 20090824025112.000000+120

Event Type: Informations

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\GnuWin32;C:\Program Files\QT Lite\QTSystem\;C:\Program Files\CheckPoint\fde

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel

"PROCESSOR_REVISION"=0d08

"NUMBER_OF_PROCESSORS"=1

"LANG"=EN

"LANGUAGE"=EN

"WGETRC"=C:\WINDOWS\system32\GnuWin32\etc\wgetrc

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

"tvdumpflags"=8

 

-----------------EOF-----------------

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Il y en a partout, et de tout. Les clés USB sont peut-être infectées également.

 

Branche tes supports amovibles, clés USB, disques externes, tout ce que tu peux (et laisse-les branchés) avant ce qui suit.

Laisse-les bvranchés (sans aller spécialement dedans) le temps de toutes ces manips, et après redémarrage de combofix.

 

Tu vas utiliser Combofix. Ce logiciel n'est à utiliser que prescrit et piloté par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  • On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  • Le bureau disparaît, c'est normal, et il va revenir.
  • Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

 

Tu peux voir ces opérations dans le guide officiel (seul autorisé) :

http://www.bleepingcomputer.com/combofix/f...iliser-combofix

eva-chan Member

eva-chan

Posté(e)
  • Auteur
Posté(e)

voiçi le rapport =) !

ComboFix 10-03-26.02 - Administrateur 27/03/2010 23:06:59.2.1 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.503.212 [GMT 1:00]

Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Administrateur\Application Data\logs.dat

.

---- Exécution préalable -------

.

c:\documents and settings\Administrateur\Application Data\logs.dat

C:\InfoSat.txt

c:\windows\regedit.com

c:\windows\system32\Msglixgrx.dll

c:\windows\winhelp.ini

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ABP470N5

-------\Service_abp470n5

-------\Service_poof

-------\Legacy_ABP470N5

-------\Service_abp470n5

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-02-27 au 2010-03-27 ))))))))))))))))))))))))))))))))))))

.

 

2010-03-27 21:12 . 2010-03-27 21:14 -------- d-----w- C:\FyK

2010-03-27 21:00 . 2010-03-27 21:01 -------- d-----w- C:\rsit

2010-03-27 13:16 . 2010-03-27 13:16 -------- d-----w- c:\windows\Logs

2010-03-27 11:30 . 2010-03-27 12:47 -------- d-----w- C:\files system

2010-03-26 01:12 . 2010-03-27 14:47 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Vuze_Remote

2010-03-26 01:12 . 2010-03-26 01:12 -------- d-----w- c:\program files\Vuze_Remote

2010-03-25 21:29 . 2008-09-27 00:58 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2010-03-20 16:33 . 2010-03-20 16:33 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-03-20 16:30 . 2010-03-20 17:46 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DAEMON Tools Lite

2010-03-20 16:30 . 2010-03-20 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2010-03-19 18:47 . 2010-03-19 18:47 -------- d-----w- c:\program files\Total Uninstall 5

2010-03-19 18:46 . 2010-03-19 18:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Martau

2010-03-19 18:05 . 2010-03-19 18:05 -------- d--h--w- c:\windows\system32\GroupPolicy

2010-03-19 17:59 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2010-03-19 17:58 . 2010-03-19 17:58 -------- d-----w- c:\program files\Panda Security

2010-03-19 12:01 . 2010-03-19 12:01 -------- d-----w- C:\$AVG

2010-03-19 12:00 . 2010-03-19 12:00 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-03-19 12:00 . 2010-03-19 12:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-03-19 11:59 . 2010-03-20 00:20 -------- d-----w- c:\windows\system32\drivers\Avg

2010-03-19 11:58 . 2010-03-19 11:58 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys

2010-03-19 11:58 . 2010-03-19 11:58 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2010-03-19 11:58 . 2010-03-19 11:58 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-03-19 11:58 . 2010-03-19 11:58 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-03-19 11:57 . 2010-03-19 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-03-19 11:20 . 2010-03-19 11:20 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-03-19 11:11 . 2010-03-19 16:17 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp

2010-03-19 11:11 . 2010-03-19 11:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-03-19 11:11 . 2010-03-19 17:47 -------- d-----w- c:\program files\Google

2010-03-19 11:11 . 2010-03-19 17:47 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google

2010-03-19 09:16 . 2010-03-19 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ZA_PreservedFiles

2010-03-19 09:08 . 2010-03-19 09:08 -------- d-----w- c:\program files\CCleaner

2010-03-19 08:43 . 2010-03-19 09:18 -------- d-----w- c:\program files\CheckPoint

2010-03-19 08:43 . 2010-03-19 08:43 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-03-19 08:43 . 2009-10-12 17:15 128016 ----a-w- c:\windows\system32\drivers\kl1.sys

2010-03-18 10:17 . 2010-03-25 02:00 -------- d-----w- c:\documents and settings\Administrateur\Application Data\DMCache

2010-03-16 12:48 . 2010-03-16 12:48 -------- d-----w- c:\program files\iPod

2010-03-16 12:48 . 2010-03-16 12:49 -------- d-----w- c:\program files\iTunes

2010-03-16 12:31 . 2010-03-16 12:31 -------- d-----w- c:\program files\Safari

2010-03-09 18:15 . 2005-01-04 09:43 4682 ----a-w- c:\windows\system32\npptNT2.sys

2010-03-05 10:32 . 2010-03-05 10:32 -------- d-----w- c:\documents and settings\All Users\CyberLink

2010-03-05 08:50 . 2010-03-05 08:50 -------- d-----w- c:\program files\LimeWire

2010-03-04 18:58 . 2010-03-05 08:43 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Online_Sharing

2010-03-04 18:58 . 2010-03-04 18:58 -------- d-----w- c:\program files\Online_Sharing

2010-03-04 18:58 . 2010-03-04 19:21 -------- d-----w- c:\program files\LimeWire Acceleration Patch

2010-03-04 18:46 . 2010-03-27 21:59 -------- d-----w- c:\documents and settings\Administrateur\Application Data\LimeWire

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-27 12:05 . 2010-02-01 19:01 -------- d-----w- c:\documents and settings\Administrateur\Application Data\vlc

2010-03-26 18:39 . 2010-02-06 10:29 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss

2010-03-24 22:20 . 2010-01-25 13:11 -------- d-----w- c:\program files\Flyff

2010-03-19 12:18 . 2008-04-14 12:00 73166 ----a-w- c:\windows\system32\perfc00C.dat

2010-03-19 12:18 . 2008-04-14 12:00 464690 ----a-w- c:\windows\system32\perfh00C.dat

2010-03-19 12:16 . 2010-01-18 20:43 62560 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-17 13:37 . 2010-02-07 17:27 -------- d-----w- c:\program files\KaraFun

2010-03-16 12:48 . 2010-01-20 19:18 -------- d-----w- c:\program files\Fichiers communs\Apple

2010-03-16 12:44 . 2010-01-20 19:19 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Apple Computer

2010-03-16 12:36 . 2010-03-16 12:36 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2010-03-16 12:24 . 2010-03-16 12:24 152872 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

2010-03-09 18:14 . 2010-01-31 19:33 -------- d-----w- c:\program files\Common Files

2010-03-09 11:33 . 2010-01-21 21:31 40592 ---ha-w- c:\windows\system32\mlfcache.dat

2010-03-05 10:36 . 2010-02-07 17:08 -------- d-----w- c:\program files\CyberLink

2010-03-05 10:32 . 2010-02-07 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink

2010-03-05 10:31 . 2010-01-22 20:15 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-03-05 10:29 . 2010-02-07 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp

2010-03-05 10:29 . 2010-03-05 10:29 114688 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe

2010-02-22 18:40 . 2010-02-22 18:40 2131336 ----a-w- c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe

2010-02-19 21:18 . 2010-02-19 21:18 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-02-09 10:00 . 2010-02-09 10:00 132274 ----a-w- c:\documents and settings\Administrateur\Application Data\Facebook\uninstall.exe

2010-02-09 10:00 . 2010-02-09 10:00 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Facebook

2010-02-07 19:43 . 2010-02-07 19:43 -------- d-----w- c:\documents and settings\Administrateur\Application Data\PhotoFiltre

2010-02-07 19:43 . 2010-02-07 19:43 -------- d-----w- c:\program files\PhotoFiltre

2010-02-07 19:25 . 2010-02-07 17:07 110592 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe

2010-02-07 17:11 . 2010-02-07 17:11 -------- d-----w- c:\documents and settings\Administrateur\Application Data\CyberLink

2010-02-07 15:38 . 2010-02-07 15:38 -------- d-----w- c:\program files\Conduit

2010-02-07 15:38 . 2010-02-07 15:38 -------- d-----w- c:\program files\PHPNukeFR

2010-02-07 15:38 . 2010-02-07 15:38 -------- d-----w- c:\program files\Ilusion Software

2010-02-07 15:15 . 2009-08-24 01:19 -------- d-----w- c:\program files\Notepad++

2010-02-07 15:02 . 2010-02-07 15:02 -------- d-----w- c:\program files\Mega Bloc Notes

2010-02-07 15:01 . 2010-02-07 15:01 73728 ----a-w- c:\windows\unacev2.dll

2010-02-06 18:44 . 2010-02-06 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Alawar Stargaze

2010-02-06 18:42 . 2010-02-06 18:42 -------- d-----w- c:\program files\Alabama Smith - Escape from Pompeii

2010-02-04 09:01 . 2010-03-27 13:18 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll

2010-02-04 09:01 . 2010-03-27 13:18 528216 ----a-w- c:\windows\system32\XAudio2_6.dll

2010-02-04 09:01 . 2010-03-27 13:18 238936 ----a-w- c:\windows\system32\xactengine3_6.dll

2010-02-04 09:01 . 2010-03-27 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2010-02-03 20:56 . 2010-02-03 20:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ArcSoft

2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\Administrateur\Application Data\Facebook\axfbootloader.dll

2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\Administrateur\Application Data\Facebook\npfbplugin_1_0_1.dll

2010-02-01 21:01 . 2009-08-24 00:57 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-01 20:54 . 2010-02-01 20:54 -------- d-----w- c:\documents and settings\Administrateur\Application Data\InstallShield

2010-02-01 20:38 . 2010-02-01 20:32 -------- d-----w- c:\program files\DivX

2010-02-01 20:37 . 2010-02-01 20:06 -------- d-----w- c:\documents and settings\Administrateur\Application Data\LG Electronics

2010-02-01 20:34 . 2010-02-01 20:06 -------- d-----w- c:\program files\LG Electronics

2010-02-01 20:05 . 2010-01-31 18:14 -------- d-----w- c:\program files\Fichiers communs\InstallShield

2010-02-01 19:59 . 2010-02-01 19:59 -------- d-----w- c:\documents and settings\Administrateur\Application Data\LGAAS

2010-02-01 19:17 . 2010-02-01 19:16 -------- d-----w- c:\program files\Fichiers communs\ArcSoft

2010-02-01 19:16 . 2010-02-01 19:16 -------- d-----w- c:\program files\Hama

2010-02-01 19:00 . 2010-02-01 19:00 -------- d-----w- c:\program files\VideoLAN

2010-02-01 18:57 . 2010-02-01 18:57 -------- d-----w- c:\documents and settings\Administrateur\Application Data\ImgBurn

2010-02-01 18:53 . 2010-02-01 18:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Nero

2010-01-31 19:38 . 2010-01-31 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\WebcamMax

2010-01-31 19:33 . 2010-01-31 19:33 -------- d-----w- c:\program files\Fichiers communs\PAC207

2010-01-31 19:15 . 2010-01-31 19:07 -------- d-----w- c:\program files\WebcamMax

2010-01-31 19:12 . 2010-01-31 19:12 -------- d-----w- c:\program files\Ask.com

2010-01-31 19:12 . 2010-01-31 19:12 -------- d-----w- c:\documents and settings\Administrateur\Application Data\WebcamMax

2010-01-31 18:37 . 2010-01-31 18:37 -------- d-----w- c:\program files\PhotoInstrument

2010-01-31 18:20 . 2010-01-31 18:20 -------- d-----w- c:\program files\Singular Inversions

2010-01-31 11:44 . 2010-01-31 11:44 -------- d-----w- c:\documents and settings\Administrateur\Application Data\MakeUpPilot

.

 

------- Sigcheck -------

 

[-] 2008-09-27 . 4BB6301D634C857A5089E8B24C5555E4 . 593408 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

 

[-] 2008-09-27 . AAC42FD16A1976DE9A0773E740597644 . 693248 . . [5.82] . . c:\windows\system32\comctl32.dll

 

[-] 2008-09-27 . B6BC3773B01BF85B880F56C198EEA90B . 3774464 . . [7.00.6000.20861] . . c:\windows\system32\mshtml.dll

 

[-] 2008-09-27 . 65A2D2BD594EB3E670CECFFEED75FB69 . 2331008 . . [5.1.2600.5586] . . c:\windows\system32\ntoskrnl.exe

 

[-] 2008-09-27 . EF31A8266AF7996746392E4F45502536 . 517632 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll

 

[-] 2008-09-27 . 90B16FF3ACEC94B95BA95AA686442A47 . 879616 . . [7.00.6000.20861] . . c:\windows\system32\wininet.dll

 

[-] 2010-03-19 08:00 . 825BD837D372CB91D665969A7F5A88BB . 287232 . . [------] . . c:\windows\FFDS\explorer.exe

[-] 2008-09-27 . BFBBBFE0913E6C9706F97598A6588B8F . 1573888 . . [6.00.2900.5634] . . c:\windows\explorer.exe

 

[-] 2008-09-27 . B2DAB0165523BFDE558AFD51ED0E2544 . 209408 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe

 

[-] 2008-09-27 . A3CA2B158B645447964ADC84FA7E6EE6 . 2207872 . . [5.1.2600.5586] . . c:\windows\system32\ntkrnlpa.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-03-27_21.50.08 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-27 22:12 . 2010-03-27 22:12 16384 c:\windows\temp\Perflib_Perfdata_3c4.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-10-27 1196936]

"{1c491116-c175-45e1-a570-6fb14fea8b7b}"= "c:\program files\PHPNukeFR\tbPHPN.dll" [2009-12-31 2349080]

"{8567a644-e36c-470c-86cf-9c5b4f37db81}"= "c:\program files\Online_Sharing\tbOnli.dll" [2009-12-31 2349080]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]

 

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

 

[HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]

 

[HKEY_CLASSES_ROOT\clsid\{8567a644-e36c-470c-86cf-9c5b4f37db81}]

 

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1c491116-c175-45e1-a570-6fb14fea8b7b}]

2009-12-31 10:53 2349080 ----a-w- c:\program files\PHPNukeFR\tbPHPN.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8567a644-e36c-470c-86cf-9c5b4f37db81}]

2009-12-31 10:53 2349080 ----a-w- c:\program files\Online_Sharing\tbOnli.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2010-03-17 14:45 2355224 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2009-10-27 12:48 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-10-27 1196936]

"{1c491116-c175-45e1-a570-6fb14fea8b7b}"= "c:\program files\PHPNukeFR\tbPHPN.dll" [2009-12-31 2349080]

"{8567a644-e36c-470c-86cf-9c5b4f37db81}"= "c:\program files\Online_Sharing\tbOnli.dll" [2009-12-31 2349080]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]

 

[HKEY_CLASSES_ROOT\clsid\{8567a644-e36c-470c-86cf-9c5b4f37db81}]

 

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-10-27 1196936]

"{1C491116-C175-45E1-A570-6FB14FEA8B7B}"= "c:\program files\PHPNukeFR\tbPHPN.dll" [2009-12-31 2349080]

"{8567A644-E36C-470C-86CF-9C5B4F37DB81}"= "c:\program files\Online_Sharing\tbOnli.dll" [2009-12-31 2349080]

"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-03-17 2355224]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_CLASSES_ROOT\clsid\{1c491116-c175-45e1-a570-6fb14fea8b7b}]

 

[HKEY_CLASSES_ROOT\clsid\{8567a644-e36c-470c-86cf-9c5b4f37db81}]

 

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WinMover"="c:\program files\WinMover\WinMover.exe" [2005-12-02 10240]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" [2009-12-30 5946000]

"HKCU"="c:\windows\FFDS\explorer.exe" [2010-03-19 287232]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-09-27 209408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 163840]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 151552]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 323584]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 245760]

"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 122880]

"QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2009-11-10 417792]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 397312]

"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 393216]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 393216]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 296232]

"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-06-11 232544]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 255296]

"HKLM"="c:\windows\FFDS\explorer.exe" [2010-03-19 287232]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"JkDefrag"="advpack.dll" [2008-08-28 124928]

"SweetRegistry"="advpack.dll" [2008-08-28 124928]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"Policies"="c:\windows\FFDS\explorer.exe" [2010-03-19 287232]

 

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]

"Policies"="c:\windows\FFDS\explorer.exe" [2010-03-19 287232]

 

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 577536]

Lotus QuickStart.lnk - c:\lotus\wordpro\ltsstart.exe [1997-1-10 16384]

Lotus SuiteStart 97.lnk - c:\lotus\smartctr\suitest.exe [1997-2-18 109056]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Monitor.lnk - c:\program files\Hama\Hama Digital Software Suite\Media Card Companion\MCC Monitor.exe [2010-2-1 192512]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideRunAsVerb"= 1 (0x1)

"NoNetConnectDisconnect"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

"NoStrCmpLogical"= 0 (0x0)

"NoWelcomeScreen"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

"NoStrCmpLogical"= 0 (0x0)

"NoWelcomeScreen"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-19 12:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Flyff\\Flyff.exe"=

"c:\\Program Files\\iTunes\\iTunesHelper.exe"=

"c:\\Program Files\\HP\\hpcoretech\\soln\\HPOSM.exe"=

"c:\\WINDOWS\\PixArt\\PAC7302\\Monitor.exe"=

"c:\\WINDOWS\\PixArt\\PAC207\\Monitor.exe"=

"c:\\Program Files\\HP\\hpcoretech\\comp\\hptskmgr.exe"=

"c:\\WINDOWS\\system32\\netsh.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Hama\\Hama Digital Software Suite\\Media Card Companion\\MCC Monitor.exe"=

"c:\\WINDOWS\\system32\\igfxtray.exe"=

"c:\\lotus\\smartctr\\suitest.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\CyberLink\\YouCam\\YouCamTray.exe"=

"c:\\lotus\\wordpro\\ltsstart.exe"=

"c:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe"=

"c:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\SyncServer.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\scrnsave.scr"=

"c:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe"=

"c:\\Program Files\\CyberLink\\YouCam\\MUITransfer\\MUIStartMenu.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"=

"c:\\WINDOWS\\system32\\hkcmd.exe"=

"c:\\Program Files\\Movie Maker\\moviemk.exe"=

"c:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\winhuyil.exe"=

 

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [19/03/2010 12:58 25608]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [19/03/2010 12:58 161800]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [19/03/2010 18:59 28552]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20/03/2010 17:33 691696]

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [06/02/2010 18:21 149376]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19/03/2010 12:58 333192]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [19/03/2010 12:58 360584]

S2 AVGIDSAgent;AVG9IDSAgent;"c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe" AVGIDSAgent --> c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 PAC207;PC Camera;c:\windows\system32\drivers\PFC027.SYS [25/10/2007 18:31 616064]

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - ABP470N5

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]

2008-08-28 14:35 124928 ----a-w- c:\windows\system32\advpack.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5R031VK4-131F-5R31-O2K6-437T170R7688}]

2010-03-19 08:00 287232 --sh--r- c:\windows\FFDS\explorer.exe

.

Contenu du dossier 'Tâches planifiées'

 

2010-01-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2009-10-27 12:48]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2102473

mStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

ucustomizesearch = hxxp://www.google.com/ie

usearchassistant = hxxp://www.google.com/ie

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://google.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CLM&o=15427&locale=fr_US&q=

FF - plugin: c:\documents and settings\Administrateur\Application Data\Facebook\npfbplugin_1_0_1.dll

.

.

------- Associations de fichier -------

.

.

- - - - ORPHELINS SUPPRIMES - - - -

 

AddRemove-HijackThis - c:\documents and settings\Administrateur\Mes documents\Téléchargements\HijackThis.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-27 23:13

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

c:\program files\Internet Explorer\iexplore.exe [1644] 0x81F7EDA0

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spyf.sys >>UNKNOWN [0x82DCB938]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf865ff28

\Driver\ACPI -> ACPI.sys @ 0xf83e6cb8

\Driver\atapi -> atapi.sys @ 0xf835db40

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022

ParseProcedure -> ntkrnlpa.exe @ 0x80577c84

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022

ParseProcedure -> ntkrnlpa.exe @ 0x80577c84

NDIS: Intel® PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf8240bb0

PacketIndicateHandler -> NDIS.sys @ 0xf822fa0d

SendHandler -> NDIS.sys @ 0xf8243b40

user & kernel MBR OK

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

"scansk"=hex(0):42,bd,fb,3a,63,f6,e9,4b,71,f0,c9,3e,67,c5,99,7d,6d,ad,d8,8d,7b,

77,f6,3b,60,39,99,de,16,94,91,1e,6d,fe,e1,c7,7b,59,10,73,00,00,00,00,00,00,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c57df69a-8b20-48ae-bab5-5aad5cdc8f03}]

@Denied: (Full) (Everyone)

"Model"=dword:00000052

"Therad"=dword:00000007

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(1476)

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\COMRes.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(1756)

c:\windows\system32\scecli.dll

c:\windows\system32\SETUPAPI.dll

 

- - - - - - - > 'explorer.exe'(8212)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\msi.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\wscntfy.exe

c:\docume~1\ADMINI~1\LOCALS~1\Temp\winhuyil.exe

c:\windows\system32\scrnsave.scr

.

**************************************************************************

.

Heure de fin: 2010-03-27 23:21:40 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-03-27 22:21

 

Avant-CF: 71 893 352 448 octets libres

Après-CF: 71 873 892 352 octets libres

 

- - End Of File - - 645F0886BEDC6BB507AC0DF7D10C9059

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

ComboFix a déjà supprimé des nuisibles, mais on va continuer avec un script sur-mesure.

 

Rend toi sur cette page afin de télécharger le fichier CFScript.txt sur le Bureau :

http://senduit.com/0a788d

Note 1 : Le script proposé est spécifique au cas de cet utilisateur : vous ne devez en aucun cas l'utiliser sur votre pc!

Patiente quelques secondes : le téléchargement va se lancer automatiquement.

 

  • Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture :
    img-191202xzrpd.gif
  • Patiente le temps du scan. Le Bureau va disparaitre à plusieurs reprises : c'est normal !
    Ne touche à rien tant que le scan n'est pas terminé.
  • Quand Combofix finit de travailler, il affiche ceci :
    autosubmitfrdt7.png
  • Cliquer sur OK va faire débuter l'envoi automatique du fichier zip, pour améliorer les futures détections.
    cfuploadsuccessfulfrwn3.gif
  • Une fois le scan achevé, le PC va certainement redémarrer: un rapport va s'afficher, poste son contenu.
  • Si le fichier n'apparait pas, il se trouve ici : C:\ComboFix.txt

 

Note 2 : un fichier qui se trouve sur le pc va être expédié au créateur de ComboFix pour analyse.

Dans le cas où le site de téléchargement se trouve hors ligne, tu verras ce message :

cfuploadfailedfrrf5.gif

Il te suffira seulement de faire un double-clic sur le fichier CF-Submit.htm qui se trouve dans le répertoire C:\ pour envoyer le fichier.

Le rapport de ComboFix ne s'affichera qu'après la fin de l'envoi.

eva-chan Member

eva-chan

Posté(e)
  • Auteur
Posté(e) (modifié)
Comment se traduit le non fonctionnement ? Concrètement ça dit quoi ? :P

 

 

ben heu au début quand j'ai essayé il m'a tout simplement dit "accés refusé"

et quand j'ai essayer la 2éme fois et la 3éme ; il y avait un message ou s'était écrit un truc externe ou interne , j'avais pas noté , mais la 4éme fois , il s'est ouvert mais mais c'était juste comme la 1er étape , il y avait pas les fentre que tu avais mentionné dans ton message =)

j'espère que cela va t'aider , je suis pas vraiment doué pour l'informatique , mais je m'en sors =)

 

et heu j'ai oublié , quand j'essaie plusieurs fois , il me dit que c'est un logiciel dangereux qu'il y a un virus qui modifie les données qui s'appelle "virut" puis l'application se supprime toute seule !

Modifié par eva-chan

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...