High-Tech Santé Médecine Droit-Finances

Réalisation

vidéo numérique

Rechercher : dans
Par :

Désinstaller system security virus

Dernière réponse le 28 mai 2009 à 02:38:14 lion.d, le 12 mai 2009 à 23:56:10 
 Signaler ce message aux modérateurs

Bonjour,
Je suis infecter par le virus " System Security 4.51", avec des pop-ups et des lancements de pub intempestives.
mon pc refuse de lancer mon antivirus avast qui se ferme directement.
J'ai essayer d'installer de nouveau antivirus et anti spyware mais ils sont tous systematiquement bloquer; donc impossible de les installer.
je ne sais que faire; alors si quelqu'un peu m'aider ca serait tres tres sympa!!!

Merci

Configuration: Windows XP Internet Explorer 7.0

Meilleures réponses pour « Désinstaller system security virus » dans :
[Virus] System Volume Information VoirSommaire Explications Exemple Supprimer un virus logé dans le dossier System Volume Information sous Windows XP Informations supplémentaires Explications Le dossier System Volume Information est utilisé par Windows XP pour...
[Virus] Que faire quand on est infecté ? VoirSi vous savez ou vous pensez être infecté par un virus Si vous savez ou vous pensez être infecté par un virus, il faut s'en occuper le plus rapidement possible car l'infection peut inviter d'autres infections dans votre PC et votre système risque...
[Spywares] Méthodes de désinfection Voir
Virus - Introduction aux virus VoirVirus Un virus est un petit programme informatique situé dans le corps d'un autre, qui, lorsqu'on l'exécute, se charge en mémoire et exécute les instructions que son auteur a programmé. La définition d'un virus pourrait être la suivante : « Tout...
Posez votre question Répondre

1

V-X, le 12 mai 2009 à 23:57:22

Salut,

Télécharge OTViewIt (de OldTimer) sur ton Bureau.

/!\ Désactive ton Antivirus,antispyware,pare-feu /!\

Double clique sur le raccourci présent sur le Bureau)

]Coche la case "Scan All User"

Sous "File Age" en haut, clique sur le menu déroulant et sélectionne "90 days".

Clique sur "Run Scan"

/!\ Laisse Travailler l'outil /!\

2 rapports s'afficheront sur ton bureau OTViewIt ainsi que Extra.TxT.

Poste le rapport OTViewIt l'alcool tue lentement ,on s'en fout on est pas presser......

   
Répondre à V-X

2

lion.d, le 13 mai 2009 à 00:04:53

Salut V-X et merci pour te reponse. J'ai telecharger OTViewIt mais impossible de l'installer; l'installation est bloquer (sasn doute par le virus).
que dois-je faire maintenant

   
Répondre à lion.d

3

lion.d, le 13 mai 2009 à 00:06:46

Heu!!! desoler pour les erreurs de frappe et pour le manque d'acces (j'ai un clavier coerty)...

   
Répondre à lion.d

4

V-X, le 13 mai 2009 à 00:07:23

Re,

Inscrit toi sur le forum , ensuite tu me MP , pour la suite car je pense que je devrait te passer une manip et le lien ne passe pas sur le forum ;).

merci

Essai ce log :Renomme le au téléchargement au besoin:

télécharge ZHPDiag :ZHP DIAG

▶ Une fois le téléchargement achevé, dézippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.

▶ Double-clique sur l'icône pour lancer le programme.

▶ Si tu es d'accord avec les termes du disclaimer, clique sur Continue.

▶ Vérifie que le bouton devant Last Files Created est coché.

▶ A la fin du scan, enregistre le rapport en cliquant sur Sauve.

▶ Ouvre le fichier sauvegardé avec le Bloc-Notes et copie son contenu dans ta réponse. l'alcool tue lentement ,on s'en fout on est pas presser......

   
Répondre à V-X

5

lion.d, le 13 mai 2009 à 00:48:53

Re
ca y es je msuis inscrit sur le forum.
J'ai essayer d'installer ZHP Diag mais il et bloquer comme les autres. impossible de le lancer...
ca devient dure, je ne peux meme plus ouvrir le gestionnaire de tache ni meme une console....

   
Répondre à lion.d

6

V-X, le 13 mai 2009 à 00:51:43

Re,

Je t'ai MP et donner une procédure a faire.

Poste moi le rapport . l'alcool tue lentement ,on s'en fout on est pas presser.....­.

   
Répondre à V-X

7

lion.d, le 13 mai 2009 à 01:11:38

Re
merci pour ton aide.
j'ai essayer en suivant tes instruction mais rien ni fait; ce logiciel non plus ne se lance pas.
ca devient dure car je ne peut meme plus lancer le gestionnaire de tache ni meme une console....

   
Répondre à lion.d

8

V-X, le 13 mai 2009 à 01:12:44

Re,

Télécharge Rooter de l'équipe IDN

Sur ton bureau

/!\ Déconnecte toi d'internet et ferme toutes applications en cours /!\

▶ Exécute Rooter et laisse travailler l'outil .

▶ Une fois terminé, poste le rapport obtenu pour analyse

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune. l'alcool tue lentement ,on s'en fout on est pas presser......

   
Répondre à V-X

9

lion.d, le 13 mai 2009 à 01:20:54

Re,
meme resultat impossible de lancer quelconque programme...

   
Répondre à lion.d

10

V-X, le 13 mai 2009 à 01:22:04

Re,

As tu accès au mode sans échec ?

Si oui , as tu télécharger "Combofix "?

Si toujours oui , fait combofix en mode sans échec. l'alcool tue lentement ,on s'en fout on est pas presser......

   
Répondre à V-X

11

lion.d, le 13 mai 2009 à 01:23:48

Je ne sais pas si j'ai acces au mode sans echec. j'ai telecharger combofix. J'essai ca tout de suite

   
Répondre à lion.d

12

lion.d, le 13 mai 2009 à 01:58:53

Voila:

ComboFix 09-05-12.04 - Hugues Miere 13/05/2009 0:49.2 - [color=red][b]FAT32/b/colorx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.991.748 [GMT 1:00]
Running from: c:\documents and settings\Hugues Miere\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\recycled\Recycled
c:\windows\hosts
c:\windows\opuwulaq.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\l_intlc.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\ovfsthlfoobyfwbxwpuvqxyhitnqlltsrqxaqx.d­at
c:\windows\system32\ovfsthqckjfmpgiyaaexcmsdaqctwtspnypjrk.d­at
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\xbox.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ROXMEDIADBSPOOLER
-------\Service_RoxMediaDBSpooler


((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.

2009-05-12 23:44 . 2009-05-12 23:44 -------- d-----w c:\documents and settings\Administrator
2009-05-12 23:14 . 2009-05-12 23:14 -------- d-----w C:\Rooter$
2009-05-12 03:59 . 2009-05-12 13:56 32 --s-a-w c:\windows\system32\2023729596.dat
2009-05-12 03:37 . 2009-05-12 03:37 -------- d-----w c:\documents and settings\All Users\Application Data\10955314
2009-05-12 03:37 . 2009-05-12 03:37 -------- d-----w c:\documents and settings\All Users\Application Data\60975309
2009-05-12 00:56 . 2009-04-15 20:25 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-05-12 00:56 . 2009-04-15 20:25 118520 ------w c:\windows\system32\pxinsi64.exe
2009-05-12 00:56 . 2009-04-15 20:25 129784 ------w c:\windows\system32\pxafs.dll
2009-05-12 00:56 . 2009-05-12 00:56 -------- d-----w c:\program files\Common Files\DivX Shared
2009-05-12 00:56 . 2009-05-12 00:56 -------- d-----w c:\program files\DivX
2009-05-09 11:41 . 2009-05-09 11:41 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-05-02 03:48 . 2009-05-02 03:48 -------- d-----w c:\documents and settings\Hugues Miere\Application Data\vlc
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 20:25 . 2005-11-03 11:00 43528 ------w c:\windows\system32\drivers\pxhelp20.sys­
2009-04-06 19:58 . 2009-04-06 19:58 -------- d-----w c:\program files\VoipDiscount.com
2009-04-04 23:01 . 2009-04-04 23:01 0 ----a-w c:\windows\nsreg.dat
2009-03-20 23:55 . 2009-03-20 23:55 -------- d-----w c:\program files\Shareaza
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-11-04 1687552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-11-04 163840]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"10955314"="c:\documents and settings\All Users\Application Data\10955314\10955314.exe" [2009-05-12 356901]
"60975309"="c:\documents and settings\All Users\Application Data\60975309\60975309.exe" [2009-05-12 13861]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-05-14 67072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VoipCheap\\VoipCheap.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
S2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [21/04/2009 15:36 216232]
S3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver;c:\windows\system32\drivers\netr73.sys [31/03/2008 21:11 256000]
.
Contents of the 'Scheduled Tasks' folder

2007-06-15 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-11 16:17]

2009-05-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RavAV - c:\documents and settings\Hugues Miere\Start Menu\Programs\Startup\RavMonE.exe
HKLM-Run-Userinit - c:\windows\system32\cologsver.exe
HKLM-Run-Hsekihumevixi - c:\windows\Kmasirumecahal.dll
HKLM-Run-90965306 - c:\documents and settings\All Users\Application Data\90965306\90965306.exe
HKLM-Run-NWEReboot - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://fr.yahoo.com/
FF - ProfilePath - c:\documents and settings\Hugues Miere\Application Data\Mozilla\Firefox\Profiles\92s12rw1.default\
FF - plugin: c:\documents and settings\Hugues Miere\Application Data\Mozilla\Firefox\Profiles\92s12rw1.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 00:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(452)
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\AC3ACM.acm

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\scg726.acm
c:\windows\system32\alf2cd.acm
c:\windows\system32\AC3ACM.acm
.
Completion time: 2009-05-12 0:51
ComboFix-quarantined-files.txt 2009-05-12 23:51

Pre-Run: 8,292,827,136 bytes free
Post-Run: 8,287,551,488 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

166 --- E O F --- 2009-05-01 11:46

   
Répondre à lion.d

13

V-X, le 13 mai 2009 à 01:58:55
  • +1

Re,

fait otweiwit. l'alcool tue lentement ,on s'en fout on est pas presser.....­.

   
Répondre à V-X

14

lion.d, le 13 mai 2009 à 02:02:02

Voici le rapport OTViewlt:


OTViewIt logfile created on: 13/05/2009 00:59:41 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Hugues Miere\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

991.48 Mb Total Physical Memory | 731.71 Mb Available Physical Memory | 73.80% Memory free
1.21 Gb Paging File | 1.03 Gb Available in Paging File | 84.82% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 7.73 Gb Free Space | 20.75% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIMBOULI
Current User Name: Hugues Miere
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Whitelist: On
File Age = 90 Days

[color=orange]========== Processes ==========/color

[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
[2007/12/06 11:01:26 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
[2009/05/13 00:57:54 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hugues Miere\Desktop\OTViewIt.exe

[color=orange]========== (O23) Win32 Services ==========/color

[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.e­xe -- (aspnet_state [On_Demand | Stopped])
[2007/06/26 21:32:56 | 00,068,608 | ---- | M] () -- C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service [Auto | Stopped])
[2004/03/29 16:08:16 | 00,049,152 | ---- | M] () -- C:\Program Files\Belkin\F5D7051\WLService.exe -- (Belkin High-Speed Mode Wireless G USB Network Adapter Service [Auto | Stopped])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2009/04/21 15:36:50 | 00,216,232 | ---- | M] (CybelSoft) -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2005/11/04 10:21:52 | 00,229,376 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe -- (RoxLiveShare [Auto | Stopped])
[2005/11/04 10:20:00 | 00,864,256 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe -- (RoxMediaDB [On_Demand | Stopped])
[2005/11/04 10:16:58 | 00,155,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe -- (RoxWatch [Auto | Stopped])
[2007/10/12 09:33:38 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk [Auto | Stopped])
[2007/08/02 14:42:16 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [On_Demand | Stopped])
[2004/11/02 16:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Stopped])
[2007/08/02 14:42:14 | 00,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk [Auto | Stopped])
[2008/12/10 00:10:14 | 00,024,636 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache [On_Demand | Stopped])
[2009/02/15 00:22:12 | 06,558,336 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe -- (wampmysqld [On_Demand | Stopped])
[2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=orange]========== Driver Services ==========/color

[2004/06/29 09:07:18 | 01,268,204 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Stopped])
[2003/12/08 11:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\system32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Stopped])
[2003/12/08 11:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\system32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Stopped])
[2004/02/24 11:08:52 | 00,400,384 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Stopped])
[2004/05/14 23:24:10 | 00,622,172 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])
[2004/08/04 05:00:00 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\amdk7.sys -- (AmdK7 [System | Stopped])
File not found -- -- (catchme [Disabled | Running])
[2005/10/22 16:05:00 | 00,311,680 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp [System | Stopped])
[2009/04/21 15:39:26 | 00,014,336 | ---- | M] (CybelSoft) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2 [On_Demand | Stopped])
[2005/10/22 16:05:00 | 00,027,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2005/10/22 16:05:00 | 00,027,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
[2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
[2007/01/31 09:01:16 | 00,256,000 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\netr73.sys -- (netr73 [On_Demand | Stopped])
[2005/05/11 03:49:44 | 00,006,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
[2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
[2005/10/22 16:05:00 | 00,119,168 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k [System | Running])
[2009/04/15 21:25:42 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2005/11/04 09:49:30 | 00,050,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DRIVERS\RxFilter.sys -- (RxFilter [System | Stopped])
[2006/05/01 13:16:22 | 00,061,600 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys -- (SE2Ebus [On_Demand | Stopped])
[2006/05/01 13:17:12 | 00,009,360 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys -- (SE2Emdfl [On_Demand | Stopped])
[2006/05/01 13:17:16 | 00,097,184 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys -- (SE2Emdm [On_Demand | Stopped])
[2007/11/13 10:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/07/08 20:12:00 | 00,217,600 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisgrp.sys -- (SiS315 [On_Demand | Stopped])
[2004/02/28 10:58:42 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP [Boot | Running])
[2003/03/25 17:50:46 | 00,004,096 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide [Boot | Running])
[2002/10/17 15:14:46 | 00,049,024 | R--- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex [Boot | Running])
[2004/07/08 20:11:00 | 00,012,416 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\srvkp.sys -- (SiSkp [System | Stopped])
[2004/02/28 10:57:14 | 00,032,256 | ---- | M] (SiS Corporation) -- C:\WINDOWS\system32\DRIVERS\sisnic.sys -- (SISNIC [On_Demand | Running])
[2002/08/20 17:19:08 | 00,009,472 | R--- | M] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf [Boot | Running])
[2004/08/04 05:00:00 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])

[color=orange]========== (R ) Internet Explorer ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://fr.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://GLOBAL.ACER.COM/

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"=http://GLOBAL.ACER.COM/

[HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://fr.yahoo.com/

[HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://GLOBAL.ACER.COM/

[HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-500\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[color=orange]========== (O1) Hosts File ==========/color

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

[color=orange]========== (O2) BHO's ==========/color

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

[color=orange]========== (O3) Toolbars ==========/color

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[color=orange]========== (O4) Run Keys ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"10955314"=C:\Documents and Settings\All Users\Application Data\10955314\10955314.exe ()
"60975309"=C:\Documents and Settings\All Users\Application Data\60975309\60975309.exe ()
"AGRSMMSG"=AGRSMMSG.exe (Agere Systems)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" (Sonic Solutions)
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" ()
"SoundMan"=SOUNDMAN.EXE (Realtek Semiconductor Corp.)
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon (THOMSON Telecom Belgium)
"TalkTalk"="C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk (SupportSoft, Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)

[color=orange]========== (O4) Startup Folders ==========/color

[1999/02/17 21:05:56 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

[color=orange]========== (O6 & O7) Current Version Policies ==========/color

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"nosplash"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[color=orange]========== (O9) IE Extensions ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-681764103-436321949-3341562259-1005\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:38 | 01,694,208 | ---- | M] (Microsoft Corporation)

[color=orange]========== (O12) Internet Explorer Plugins ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

[color=orange]========== (O13) Default Prefixes ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[color=orange]========== (O15) Trusted Sites ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[color=orange]========== (O16) DPF ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool
{4871A87A-BFDD-4106-8153-FFDE2BAC2967}: http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab -- DLM Control
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/... -- MUWebControl Class
{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}: http://fichiers.touslesdrivers.com/hardwaredetection/hardwaredetection_3_1_2_0.cab -- HardwareDetection Control
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -- Shockwave Flash Object

[color=orange]========== (O17) DNS Name Servers ==========/color

{04AD6DB8-0C45-4EE2-ABF4-9AE627D6037D} (Servers: | Description: Belkin High-Speed Mode Wireless G USB Network Adapter)
{FDE6503C-1BD7-4964-BECA-E308C9B4DD72} (Servers: | Description: SiS 900 PCI Fast Ethernet Adapter)

[color=orange]========== Shell Execute Hooks ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\PROGRA~1\WIFD1F~1\MpShHook.dll (Microsoft Corporation)

[color=orange]========== Safeboot Options ==========/color

"AlternateShell"=cmd.exe

[color=orange]========== CDRom AutoRun Settings ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

[color=orange]========== Autorun Files on Drives ==========/color

AUTOEXEC.BAT []
[2004/04/09 16:42:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ FAT32 ]

[color=orange]========== Files/Folders - Created Within 90 Days ==========/color

[3 C:\WINDOWS\System32\*.tmp files]
[3 C:\Documents and Settings\Hugues Miere\My Documents\*.tmp files]
[2009/05/13 00:57:51 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hugues Miere\Desktop\OTViewIt.exe
[2009/05/13 00:51:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/13 00:47:39 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/13 00:47:37 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/13 00:47:35 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/13 00:34:07 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/13 00:34:07 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/13 00:34:07 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/13 00:34:07 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/13 00:34:07 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/13 00:34:07 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/13 00:34:07 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/13 00:34:07 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/13 00:34:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/13 00:27:25 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/13 00:14:52 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/13 00:14:20 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\Rooter.exe
[2009/05/12 23:51:05 | 03,021,595 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\lion.exe
[2009/05/12 23:16:31 | 00,020,593 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\LanguesDiag.ini
[2009/05/12 23:16:31 | 00,000,231 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\ConfigDiag.ini
[2009/05/12 21:40:43 | 03,021,595 | R--- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\ComboFix.exe
[2009/05/12 21:31:09 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Hugues Miere\Desktop\spybotsd162.exe
[2009/05/12 21:29:33 | 03,227,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Hugues Miere\Desktop\ccsetup219.exe
[2009/05/12 21:27:42 | 19,153,264 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\Lavasoft_Adaware_multi.exe
[2009/05/12 21:25:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/05/12 04:59:08 | 00,000,032 | --S- | C] () -- C:\WINDOWS\System32\2023729596.dat
[2009/05/12 04:37:54 | 00,000,003 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\os60975309.ini
[2009/05/12 04:37:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\60975309
[2009/05/12 04:37:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\10955314
[2009/05/12 01:56:59 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/05/12 01:56:52 | 00,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/05/12 01:56:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/05/12 01:56:32 | 00,001,398 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\DivX Movies.lnk
[2009/05/12 01:56:32 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/05/12 01:55:03 | 19,387,336 | ---- | C] (DivX, Inc.) -- C:\Documents and Settings\Hugues Miere\Desktop\DivXInstaller.exe
[2009/05/10 23:19:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Desktop\Unused Desktop Shortcuts
[2009/05/07 01:59:10 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\Ne pas s arreter.doc
[2009/05/03 02:20:30 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\Les Plenitudes.doc
[2009/05/02 12:35:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\My Documents\My Received Files
[2009/05/02 05:11:24 | 00,054,784 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\separation.doc
[2009/05/02 05:03:52 | 00,042,496 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\LE MYSTERE DE LA SEMENCE.doc
[2009/05/02 04:48:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\vlc
[2009/05/02 04:47:37 | 00,000,627 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/05/02 04:33:09 | 00,058,880 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\Citations.doc
[2009/05/02 00:36:39 | 16,742,799 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\vlc-0.9.9-win32.exe
[2009/04/28 01:51:34 | 00,001,408 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\eaglespace_bientot.html
[2009/04/28 01:28:07 | 01,912,320 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\voiture selection.doc
[2009/04/28 01:11:16 | 01,912,320 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\1996 MITSUBISHI SHOGUN 2.doc
[2009/04/15 21:24:40 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/04/15 21:24:38 | 00,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2009/04/15 21:24:38 | 00,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2009/04/15 21:24:38 | 00,815,104 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2009/04/15 21:24:38 | 00,802,816 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2009/04/15 21:24:38 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2009/04/14 13:31:28 | 00,483,840 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\TOYOTA SEQUOIA.doc
[2009/04/12 13:12:25 | 00,489,472 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\TOYOTA SEQUOIA 4.doc
[2009/04/06 23:16:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\My Documents\Adobe CS4
[2009/04/06 23:03:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Desktop\Adobe CS4
[2009/04/06 22:23:29 | 12,150,42899 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\ADBEFLPRCS4_LS4.7z
[2009/04/06 22:23:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\Download Manager
[2009/04/06 22:06:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\My Documents\3588
[2009/04/06 22:06:12 | 05,409,924 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\3588.zip
[2009/04/06 21:01:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\VoipDiscount
[2009/04/06 20:58:32 | 00,000,000 | ---D | C] -- C:\Program Files\VoipDiscount.com
[2009/04/06 20:56:55 | 04,116,848 | ---- | C] (Finarea S.A. Switzerland ) -- C:\Documents and Settings\Hugues Miere\My Documents\setupvoipdiscount.exe
[2009/04/05 10:57:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Local Settings\Application Data\{A63E302F-17E1-4831-A300-723481916564}
[2009/04/05 00:01:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/05 00:01:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Local Settings\Application Data\Mozilla
[2009/04/05 00:01:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\Mozilla
[2009/04/05 00:01:40 | 00,001,510 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/05 00:01:36 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/04/05 00:00:49 | 07,618,040 | ---- | C] (Mozilla) -- C:\Documents and Settings\Hugues Miere\My Documents\Firefox Setup 3.0.8.exe
[2009/03/31 05:25:36 | 00,008,102 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\3529.html
[2009/03/31 05:09:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\My Documents\images
[2009/03/29 17:08:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\My Documents\toyota
[2009/03/29 17:08:09 | 00,489,652 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\toyota.rar
[2009/03/28 14:20:09 | 00,570,368 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\Echantillon Church's.doc
[2009/03/25 23:49:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Hugues Miere\My Documents\Shareaza Downloads
[2009/03/23 02:33:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\My Documents\New Folder (2)
[2009/03/23 01:33:29 | 00,000,397 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\Desktop\WampServer.lnk
[2009/03/23 01:32:45 | 00,000,000 | ---D | C] -- C:\wamp
[2009/03/21 13:24:49 | 00,081,408 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\JEEP GRAND CHEROKEE 2002 147000 Miles.doc
[2009/03/21 00:55:35 | 00,000,000 | ---D | C] -- C:\Program Files\Shareaza
[2009/03/21 00:55:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Local Settings\Application Data\Shareaza
[2009/03/21 00:55:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\Shareaza
[2009/03/20 00:38:52 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\53-1213M.doc
[2009/03/19 01:09:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/03/18 12:22:21 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\0870.doc
[2009/03/12 17:49:45 | 00,068,608 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\lettre de Benoit 16.doc
[2009/03/04 23:55:53 | 00,000,028 | ---- | C] () -- C:\WINDOWS\bibpdfsuite.ini
[2009/02/23 00:50:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Local Settings\Application Data\Sony Ericsson
[2009/02/23 00:49:11 | 00,000,000 | ---D | C] -- C:\Program Files\Avanquest update
[2009/02/23 00:48:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/02/23 00:48:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2009/02/23 00:48:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\InstallShield
[2009/02/23 00:47:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\Sony
[2009/02/23 00:47:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/02/23 00:46:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Local Settings\Application Data\Sony
[2009/02/23 00:45:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2009/02/23 00:45:19 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/02/23 00:45:18 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson
[2009/02/23 00:44:23 | 00,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/02/23 00:43:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Local Settings\Application Data\Apple
[2009/02/23 00:43:13 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/02/23 00:43:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/02/23 00:39:37 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/02/23 00:38:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/02/23 00:37:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Application Data\Sony Setup
[2009/02/23 00:36:57 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2009/02/23 00:04:48 | 00,097,184 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\SE2Emdm.sys
[2009/02/23 00:04:48 | 00,061,600 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\SE2Ebus.sys
[2009/02/23 00:04:48 | 00,009,360 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\SE2Emdfl.sys
[2009/02/23 00:04:48 | 00,006,240 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\SE2Ecmnt.sys
[2009/02/23 00:04:48 | 00,006,240 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\SE2Ecm.sys
[2009/02/23 00:04:48 | 00,005,872 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\SE2Ewhnt.sys
[2009/02/23 00:04:48 | 00,005,872 | ---- | C] (MCCI) -- C:\WINDOWS\System32\drivers\SE2Ewh.sys
[2009/02/21 12:02:40 | 00,549,888 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\2001 51 Reg MITSUBISHI Shogun Sport 2 ORIG..doc
[2009/02/21 11:59:29 | 00,514,560 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\MITSUBISHI Shogun Sport 2.doc
[2009/02/21 10:41:50 | 00,047,104 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\LAREDO 2.doc
[2009/02/21 01:56:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Desktop\New Folder
[2009/02/20 23:57:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Desktop\Alfa Romeo
[2009/02/18 23:02:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Desktop\focus
[2009/02/18 00:20:48 | 00,072,679 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\billet.pdf
[2009/02/17 12:59:05 | 01,234,432 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\Sans titre-1.psd
[2009/02/17 00:15:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hugues Miere\Desktop\site internet
[2009/02/14 00:55:16 | 00,133,632 | ---- | C] () -- C:\Documents and Settings\Hugues Miere\My Documents\toyota pickup.doc

[color=orange]========== Files - Modified Within 90 Days ==========/color

[3 C:\WINDOWS\System32\*.tmp files]
[3 C:\Documents and Settings\Hugues Miere\My Documents\*.tmp files]
[2009/05/13 00:57:54 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hugues Miere\Desktop\OTViewIt.exe
[2009/05/13 00:50:24 | 00,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/13 00:47:40 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/13 00:47:22 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/13 00:46:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/13 00:44:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/13 00:43:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/13 00:33:40 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/13 00:14:22 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\Rooter.exe
[2009/05/12 23:51:14 | 03,021,595 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\lion.exe
[2009/05/12 21:40:50 | 03,021,595 | R--- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\ComboFix.exe
[2009/05/12 21:31:10 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Hugues Miere\Desktop\spybotsd162.exe
[2009/05/12 21:29:40 | 03,227,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Hugues Miere\Desktop\ccsetup219.exe
[2009/05/12 21:27:44 | 19,153,264 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\Lavasoft_Adaware_multi.exe
[2009/05/12 14:56:22 | 00,000,032 | --S- | M] () -- C:\WINDOWS\System32\2023729596.dat
[2009/05/12 04:58:56 | 00,000,003 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\os60975309.ini
[2009/05/12 04:37:02 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/12 01:57:00 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/05/12 01:56:54 | 00,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/05/12 01:56:34 | 00,001,398 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\DivX Movies.lnk
[2009/05/12 01:55:36 | 19,387,336 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\Hugues Miere\Desktop\DivXInstaller.exe
[2009/05/09 12:41:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/07 01:59:12 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\Ne pas s arreter.doc
[2009/05/07 01:39:10 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\Microsoft Word.lnk
[2009/05/03 02:20:32 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\Les Plenitudes.doc
[2009/05/02 14:47:18 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Application Data\AVSDVDPlayer.m3u
[2009/05/02 14:47:10 | 00,054,784 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\separation.doc
[2009/05/02 05:13:12 | 00,058,880 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\Citations.doc
[2009/05/02 05:04:28 | 00,042,496 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\LE MYSTERE DE LA SEMENCE.doc
[2009/05/02 04:47:38 | 00,000,627 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/05/02 00:37:02 | 16,742,799 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\vlc-0.9.9-win32.exe
[2009/05/01 22:50:28 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/01 15:36:48 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/28 01:51:36 | 00,001,408 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\eaglespace_bientot.html
[2009/04/28 01:28:08 | 01,912,320 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\voiture selection.doc
[2009/04/28 01:25:36 | 01,912,320 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\1996 MITSUBISHI SHOGUN 2.doc
[2009/04/27 14:46:46 | 00,020,593 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\LanguesDiag.ini
[2009/04/25 23:34:58 | 00,000,231 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\ConfigDiag.ini
[2009/04/22 09:23:28 | 00,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/15 21:24:40 | 00,090,112 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/04/15 21:24:38 | 00,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2009/04/15 21:24:38 | 00,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2009/04/15 21:24:38 | 00,815,104 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2009/04/15 21:24:38 | 00,802,816 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2009/04/15 21:24:38 | 00,684,032 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2009/04/14 13:31:30 | 00,483,840 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\TOYOTA SEQUOIA.doc
[2009/04/13 02:27:16 | 00,489,472 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\TOYOTA SEQUOIA 4.doc
[2009/04/06 22:54:20 | 12,150,42899 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\ADBEFLPRCS4_LS4.7z
[2009/04/06 22:06:14 | 05,409,924 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\3588.zip
[2009/04/06 20:56:56 | 04,116,848 | ---- | M] (Finarea S.A. Switzerland ) -- C:\Documents and Settings\Hugues Miere\My Documents\setupvoipdiscount.exe
[2009/04/05 00:01:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/04/05 00:01:42 | 00,001,510 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/05 00:01:04 | 07,618,040 | ---- | M] (Mozilla) -- C:\Documents and Settings\Hugues Miere\My Documents\Firefox Setup 3.0.8.exe
[2009/03/31 05:25:38 | 00,008,102 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\3529.html
[2009/03/29 17:08:12 | 00,489,652 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\toyota.rar
[2009/03/28 14:20:10 | 00,570,368 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\Echantillon Church's.doc
[2009/03/23 01:33:30 | 00,000,397 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\Desktop\WampServer.lnk
[2009/03/21 13:24:50 | 00,081,408 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\JEEP GRAND CHEROKEE 2002 147000 Miles.doc
[2009/03/20 01:01:04 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\53-1213M.doc
[2009/03/18 12:22:24 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\0870.doc
[2009/03/12 17:49:46 | 00,068,608 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\lettre de Benoit 16.doc
[2009/03/04 23:55:54 | 00,000,028 | ---- | M] () -- C:\WINDOWS\bibpdfsuite.ini
[2009/02/23 00:44:24 | 00,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/02/23 00:42:02 | 00,404,410 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/23 00:42:02 | 00,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/23 00:42:02 | 00,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/21 12:02:42 | 00,549,888 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\2001 51 Reg MITSUBISHI Shogun Sport 2 ORIG..doc
[2009/02/21 11:59:32 | 00,514,560 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\MITSUBISHI Shogun Sport 2.doc
[2009/02/21 10:41:52 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\LAREDO 2.doc
[2009/02/18 00:20:50 | 00,072,679 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\billet.pdf
[2009/02/17 12:59:08 | 01,234,432 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\Sans titre-1.psd
[2009/02/14 00:55:18 | 00,133,632 | ---- | M] () -- C:\Documents and Settings\Hugues Miere\My Documents\toyota pickup.doc
< End of report >

   
Répondre à lion.d

15

V-X, le 13 mai 2009 à 02:03:24
  • +2

Re,

Il faut le faire en mode normal ce rapport.

merci l'alcool tue lentement ,on s'en fout on est pas presser.....­.

   
Répondre à V-X

16

lion.d, le 13 mai 2009 à 02:10:42

Re,
en mode normal ca marche; OTViewlt est bloquer au lancement

   
Répondre à lion.d

18

lion.d, le 13 mai 2009 à 02:12:22

Re,
je voulais plutot dire en mode normal ca marche pas; OTViewlt est systematiquement bloquer au lancement

   
Répondre à lion.d

17

V-X, le 13 mai 2009 à 02:12:12

Re,

Fait le scan en mode sans échec.

Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

Mets le à jour

▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

▶ Sélectionne Exécuter un examen COMPLET si ce n'est pas déjà fait

▶ clique sur Rechercher

▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Tutoriel pour MalwareByte's

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
l'alcool tue lentement ,on s'en fout on est pas presser......

   
Répondre à V-X

19

V-X, le 13 mai 2009 à 02:13:35

Re,

Fait ce qui est indiquer ==>http://www.commentcamarche.net/forum/affich 12427025 desinstaller system security virus?#17 l'alcool tue lentement ,on s'en fout on est pas presser......

   
Répondre à V-X

20

lion.d, le 13 mai 2009 à 02:35:03

Re,
Le scan de MalwareByte's Anti-Malware est en cour...

   
Répondre à lion.d

21

lion.d, le 13 mai 2009 à 02:52:28

Voici le rapport de MalwareByte's Anti-Malware

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2118
Windows 5.1.2600 Service Pack 2

13/05/2009 01:46:40
mbam-log-2009-05-13 (01-46-40).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 183258
Temps écoulé: 16 minute(s), 56 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion­\Run\10955314 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\60975309 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\10955314 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\60975309 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\10955314\10955314.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\10955314\10955314.glu (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\10955314\pc10955314cnf (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\10955314\pc10955314ins (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\60975309\60975309.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\60975309\10959531.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.

   
Répondre à lion.d

22

V-X, le 13 mai 2009 à 02:54:01

Re,

Supprime la quarantaine de malwarebyte et retente en mode normal ZHPDiag cette fois-ci. l'alcool tue lentement ,on s'en fout on est pas presser.....­.

   
Répondre à V-X

23

lion.d, le 13 mai 2009 à 03:00:41

Ok; voici le rapport ZHPDiag:

   
Répondre à lion.d

24

lion.d, le 13 mai 2009 à 03:05:15

Il ya un souci; j'arrice ps a te send le rapport

   
Répondre à lion.d

26

lion.d, le 13 mai 2009 à 03:09:48

Comme ca marchait pas Je te le send en 2 partie. Voici donc la 2eme partie du rapport:


---\\ Contenu des dossiers Fichiers Communs (O43)
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Microsoft Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Common Files\ODBC
O43 - CFD:Common File Directory - C:\Program Files\Common Files\System
O43 - CFD:Common File Directory - C:\Program Files\Common Files\MSSoap
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory - C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Symantec Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Roxio Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Sonic Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Autodata Limited Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Ahead
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Designer
O43 - CFD:Common File Directory - C:\Program Files\Common Files\AVSMedia
O43 - CFD:Common File Directory - C:\Program Files\Common Files\eLanguage
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Cosmi
O43 - CFD:Common File Directory - C:\Program Files\Common Files\SupportSoft
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Wise Installation Wizard
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Macromedia
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Sony Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\DivX Shared

---\\ Derniers fichiers modifiés ou crées sous System32 (O44)
O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->13/05/2009 - 00:48:30
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->22/02/2009 - 23:42:02
O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->22/02/2009 - 23:42:02
O44 - LFC:Last File Created - C:\WINDOWS\System32\dpl100.dll -->15/04/2009 - 20:24:40
O44 - LFC:Last File Created - C:\WINDOWS\System32\CONFIG.NT -->12/05/2009 - 23:33:40
O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->22/04/2009 - 08:23:28
O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->22/02/2009 - 23:42:02
O44 - LFC:Last File Created - C:\WINDOWS\System32\2023729596.dat -->12/05/2009 - 13:56:22
O44 - LFC:Last File Created - C:\WINDOWS\System32\DivX.dll -->15/04/2009 - 20:24:38
O44 - LFC:Last File Created - C:\WINDOWS\System32\divx_xx0c.dll -->15/04/2009 - 20:24:38
O44 - LFC:Last File Created - C:\WINDOWS\System32\divx_xx07.dll -->15/04/2009 - 20:24:38
O44 - LFC:Last File Created - C:\WINDOWS\System32\divx_xx11.dll -->15/04/2009 - 20:24:38
O44 - LFC:Last File Created - C:\WINDOWS\System32\divx_xx0a.dll -->15/04/2009 - 20:24:38
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->06/04/2009 - 14:32:54
O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbam.sys -->06/04/2009 - 14:32:46

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32.EXE-20C463C1.pf -->05/05/2009 - 11:17:02
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf -->12/05/2009 - 23:12:34
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf -->12/05/2009 - 00:57:14
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BCONT_NM.EXE-34F3734B.pf -->12/05/2009 - 13:41:08
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IPCONFIG.EXE-2395F30B.pf -->12/05/2009 - 23:41:04
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DW20.EXE-143E02DB.pf -->12/05/2009 - 00:33:56
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-44E79D54.pf -->06/05/2009 - 21:14:44
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PCARMDRV.EXE-35D01613.pf -->13/05/2009 - 00:14:20
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ROXWATCH.EXE-03B696DD.pf -->11/05/2009 - 09:30:22
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf -->13/05/2009 - 00:15:18
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4AE849A8.pf -->06/05/2009 - 23:06:30
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPRTCMD.EXE-09E5018C.pf -->11/05/2009 - 23:12:14
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASHMAISV.EXE-12E27032.pf -->11/05/2009 - 09:30:38
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-267C5814.pf -->06/05/2009 - 23:29:38
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA2.pf -->07/05/2009 - 00:07:50
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINRAR.EXE-39C6DAD9.pf -->13/05/2009 - 00:55:34
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf -->12/05/2009 - 04:09:04
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CPSHELPRUNNER.EXE-22868065.pf -->11/05/2009 - 23:11:24
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C078A36.pf -->09/05/2009 - 03:29:28
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-29B1E5C2.pf -->09/05/2009 - 03:29:34
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SOFTWAREUPDATE.EXE-1415D1B8.pf -->09/05/2009 - 11:41:06
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DLLHOST.EXE-205D880D.pf -->09/05/2009 - 11:41:08
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ISUSPM.EXE-1ED0B23B.pf -->13/05/2009 - 00:49:54
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AGENT.EXE-10B4BAEA.pf -->13/05/2009 - 00:49:56
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ROXIO_CENTRAL.EXE-0E211AF2.pf -->10/05/2009 - 02:44:26
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9F.pf -->10/05/2009 - 02:45:16
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP_WM.EXE-3135CBD6.pf -->10/05/2009 - 02:47:56
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SERVICES.EXE-2F433351.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ROXLIVESHARE.EXE-0FF4F6F1.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPRTSVC.EXE-14187B3C.pf -->11/05/2009 - 09:30:28
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TGSRVC.EXE-04A90F7A.pf -->11/05/2009 - 09:30:28
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SYMWSC.EXE-321AAE19.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LSASS.EXE-20DB6D1B.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSMPENG.EXE-273B5E0F.pf -->13/05/2009 - 00:08:48
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASWUPDSV.EXE-040CB91E.pf -->11/05/2009 - 09:29:56
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASHSERV.EXE-3B661600.pf -->11/05/2009 - 09:29:56
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPOOLSV.EXE-282F76A7.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ADCDLICSVC.EXE-19FF9A09.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WLSERVICE.EXE-244174EE.pf -->13/05/2009 - 00:14:22
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WLANCFGG.EXE-11093D29.pf -->13/05/2009 - 00:14:50
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATER.EXE-29743DD2.pf -->12/05/2009 - 00:52:06
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPER.EXE-0415776D.pf -->12/05/2009 - 00:52:18
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DIVXINSTALLER.EXE-1B46195F.pf -->12/05/2009 - 00:56:08
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DIVXCONNECTIONTESTER.EXE-1B95EB9F.pf -->12/05/2009 - 00:56:08
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DIVXCOMPONENT.EXE-01874DCE.pf -->12/05/2009 - 00:56:18
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PXHPINST.EXE-19CAC65A.pf -->12/05/2009 - 00:56:56
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PXSETUP.EXE-082E93B7.pf -->12/05/2009 - 00:56:58
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DIVX PLAYER.EXE-2B5FB89F.pf -->12/05/2009 - 00:57:00
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4733C239.pf -->12/05/2009 - 02:47:48
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVAST.SETUP-032170A8.pf -->12/05/2009 - 11:22:30
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\INSTALL[1].EXE-0BF59420.pf -->12/05/2009 - 03:38:04
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\60975309.EXE-11BF7F4C.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\10955314.EXE-05B9BF3B.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf -->12/05/2009 - 23:17:10
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASHAVAST.EXE-12F63458.pf -->12/05/2009 - 21:47:02
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASHSIMPL.EXE-14F851AB.pf -->12/05/2009 - 21:47:16
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf -->12/05/2009 - 03:54:08
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\20959532.EXE-02261029.pf -->12/05/2009 - 03:59:00
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\L_INTLC.EXE-33C69388.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASHQUICK.EXE-2A0533AE.pf -->12/05/2009 - 21:46:44
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASHWEBSV.EXE-0548EF0A.pf -->11/05/2009 - 09:30:38
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ROXMEDIADB.EXE-2F72A026.pf -->12/05/2009 - 20:11:22
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf -->12/05/2009 - 22:30:38
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC55A4F.pf -->12/05/2009 - 19:30:08
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ASHCHEST.EXE-0FED8209.pf -->12/05/2009 - 19:30:46
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CD85FD3.pf -->12/05/2009 - 23:13:06
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-13CC3015.pf -->12/05/2009 - 19:40:44
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf -->12/05/2009 - 21:36:58
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSHTA.EXE-331DF029.pf -->12/05/2009 - 19:40:44
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINLOGON.EXE-32C57D49.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CSRSS.EXE-12B63473.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->13/05/2009 - 00:49:54
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTSD.EXE-0A9BC67B.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-40CAABC9.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf -->13/05/2009 - 00:49:54
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SOUNDMAN.EXE-19745A34.pf -->12/05/2009 - 20:11:22
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ISSCH.EXE-3ACEF8DC.pf -->12/05/2009 - 20:11:22
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DRGTODSC.EXE-17103D9D.pf -->12/05/2009 - 20:11:22
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSASCUI.EXE-08BEC8D8.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2905E326.pf -->12/05/2009 - 23:13:24
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-37BEE96E.pf -->12/05/2009 - 23:13:16
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf -->12/05/2009 - 20:45:22
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LAVASOFT_ADAWARE_MULTI.EXE-14BCBACA.pf -->12/05/2009 - 20:32:02
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OSA9.EXE-27CD7DB8.pf -->12/05/2009 - 23:41:04
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCSETUP219.EXE-123ADFB7.pf -->12/05/2009 - 20:29:46
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD162.EXE-0DAB8FD3.pf -->12/05/2009 - 20:31:30
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD162.TMP-1CD252BC.pf -->12/05/2009 - 20:31:20
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LAVASOFT_ADAWARE_MULTI.EXE-15AFC664.pf -->12/05/2009 - 22:36:04
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD162.EXE-0225C77B.pf -->12/05/2009 - 22:36:06
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD162.TMP-10FF9549.pf -->12/05/2009 - 20:36:54
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\COMBOFIX.EXE-2BF0CF56.pf -->12/05/2009 - 23:41:04
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCSETUP219.EXE-390594EF.pf -->12/05/2009 - 22:59:52
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD162.TMP-0587FE2D.pf -->12/05/2009 - 20:45:52
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM-SETUP.EXE-1D01CA32.pf -->13/05/2009 - 00:14:44
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD162.TMP-2273C599.pf -->12/05/2009 - 21:05:44
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf -->12/05/2009 - 21:11:42
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf -->11/05/2009 - 23:11:24
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2576181F.pf -->12/05/2009 - 21:13:00
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SMITFRAUDFIX.EXE-0B483E4D.pf -->12/05/2009 - 22:35:58
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SMIUPDATE.EXE-15DDCCE4.pf -->12/05/2009 - 21:24:54
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REBOOT.EXE-36952AC5.pf -->12/05/2009 - 21:25:00
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SWSC.EXE-34DB98D9.pf -->12/05/2009 - 21:25:10
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SMITFRAUDFIX.EXE-36B05EE3.pf -->12/05/2009 - 21:37:22
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPYBOTSD162.EXE-2E2DFEF0.pf -->12/05/2009 - 21:37:32
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LAVASOFT_ADAWARE_MULTI.EXE-2C688686.pf -->12/05/2009 - 21:37:34
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf -->13/05/2009 - 00:08:58
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCSETUP219.EXE-2929D5F3.pf -->12/05/2009 - 21:37:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\COMBOFIX.EXE-38E7D39A.pf -->12/05/2009 - 21:37:50
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEDW.EXE-1880380E.pf -->12/05/2009 - 22:55:10
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C7B5C4A.pf -->12/05/2009 - 23:13:12
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OTVIEWIT.EXE-2B4B9242.pf -->13/05/2009 - 00:08:48
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf -->12/05/2009 - 23:17:10
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AGRSMMSG.EXE-0034A7F7.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CSCRIPT.EXE-1C26180C.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->12/05/2009 - 04:53:18
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CHKNTFS.EXE-31921D64.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf -->12/05/2009 - 22:30:36
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MPCMDRUN.EXE-1F9D1CA1.pf -->12/05/2009 - 00:32:12
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf -->13/05/2009 - 00:55:24
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf -->11/05/2009 - 14:09:42
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DFRGFAT.EXE-03D95883.pf -->11/05/2009 - 14:09:42
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf -->12/05/2009 - 09:34:02
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf -->13/05/2009 - 00:08:48
O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINWORD.EXE-10D55173.pf -->12/05/2009 - 21:34:50

---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll

---\\ Export de clé d'application autorisée (ECAA)(O47)
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
O47 - AAKE:Key Export - "C:\Program Files\VoipCheap\VoipCheap.exe"="C:\Program Files\VoipCheap\VoipCheap.exe:*:Enabled:VoipCheap"
O47 - AAKE:Key Export - "C:\Program Files\TalkTalk\agent\bin\bcont.exe"="C:\Program Files\TalkTalk\agent\bin\bcont.exe:*:Enabled:bcont.exe"
O47 - AAKE:Key Export - "C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe"="C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe"
O47 - AAKE:Key Export - "C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe"="C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe"
O47 - AAKE:Key Export - "C:\Program Files\TalkTalk\bin\sprtcmd.exe"="C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe"
O47 - AAKE:Key Export - "C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"
O47 - AAKE:Key Export - "C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
O47 - AAKE:Key Export - "C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
O47 - AAKE:Key Export - "C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe"="C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server"
O47 - AAKE:Key Export - "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:*:Enabled:VoipDiscount"
O47 - AAKE:Key Export - "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

---\\ Déni du service (Local Security Authority) (LSA) (O48)
O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll

---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS2\Network\vgasave.sys

---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d

---\\ Trojan Driver Search Data (TDSD) (O52)
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.trspch"="tssoft32.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.I420"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv31"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv32"="ir32_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv41"="ir41_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iyuv"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.uyvy"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.yuy2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.yvu9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.yvyu"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"wave"="serwvdrv.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg723"="msg723.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M263"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.M261"="msh261.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msaudio1"="msaud32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.sl_anet"="sl_anet.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax"
O52 - TDSD:HKLM\...\Drivers32\"vidc.iv50"="ir50_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"wave1"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"msacm.voxacm160"="vct3216.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.scg726"="scg726.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.alf2cd"="alf2cd.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.ac3acm"="AC3ACM.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.dvsd"="mcdvd_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.xvid"="xvidvfw.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mpg4"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mp42"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mp43"="mpg4c32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.DIVX"="DivX.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.yv12"="DivX.dll"

---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0

---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=323
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveAutoRun"=67108863
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveAutoRun"=67108863
O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDriveTypeAutoRun"=323
O56 - MWPE:[HKLM\...\Policies\Explorer] - "NoDrives"=0


End of the scan:

   
Répondre à lion.d

25

lion.d, le 13 mai 2009 à 03:07:53

Rapport de ZHPDiag v1.20.2 par Nicolas Coolman
Enregistré le 13/05/2009 01:58:13
Platform : Microsoft Windows XP (5.1.2600) Service Pack 2
MSIE: Internet Explorer v7.0.5730.11
MFIE: Mozilla Firefox (3.0.10)

---\\ Processus lancés
AGRSMMSG.exe
SOUNDMAN.EXE
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe

---\\ Pages de démarrage d'Internet Explorer (R0)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

---\\ Pages de recherche d'Internet Explorer (R1)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

---\\ Applications démarrées automatiquement par le registre (O4)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\policies\Explorer: [NoDriveAutoRun] Data="67108863"
O4 - HKLM\..\policies\Explorer: [NoDriveTypeAutoRun] Data="323"
O4 - HKLM\..\policies\Explorer: [NoDrives] Data="0"

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/hardwaredetection/hardwaredetection_3_1_2_0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1}
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Autodata Limited License Service (Autodata Limited License Service) - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Print Spooler (Spooler) - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - C:\Program Files\TalkTalk\bin\sprtsvc.exe" /service /p TalkTalk
O23 - Service: SymWMI Service (SymWSC) - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe" /p TalkTalk
O23 - Service: Windows Defender (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe

---\\ Enumération des composants Active Desktop (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home

---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE
O40 - ASIC: Vector Graphics Rendering (VML) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file)
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file)
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Dynamic HTML Data Binding for Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file)
O40 - ASIC: Advanced Authoring - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: DirectAnimation Java Classes - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file)
O40 - ASIC: Address Book 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: (no name) - {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: Task Scheduler - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)
O40 - ASIC: .NET Framework - {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - (not file)

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: Microsoft Kernel Acoustic Echo Canceller (aec) - C:\WINDOWS\system32\drivers\aec.sys
O41 - Driver: Agere Systems Soft Modem (AgereSoftModem) - C:\WINDOWS\system32\DRIVERS\AGRSM.sys
O41 - Driver: SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) (alcan5wn) - C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
O41 - Driver: SpeedTouch ADSL Modem ATM Transport (alcaudsl) - C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
O41 - Driver: Service for WDM 3D Audio Driver (ALCXSENS) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
O41 - Driver: Service for Realtek AC97 Audio (WDM) (ALCXWDM) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
O41 - Driver: AMD K7 Processor Driver (AmdK7) - C:\WINDOWS\system32\DRIVERS\amdk7.sys
O41 - Driver: RAS Asynchronous Media Driver (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: ATM ARP Client Protocol (Atmarpc) - C:\WINDOWS\system32\DRIVERS\atmarpc.sys
O41 - Driver: Audio Stub Driver (audstub) - C:\WINDOWS\system32\DRIVERS\audstub.sys
O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys
O41 - Driver: (no object) (dmio) - C:\WINDOWS\System32\drivers\dmio.sys
O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys
O41 - Driver: DMSKSSRh (DMSKSSRh) - C:\DOCUME~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys
O41 - Driver: Microsoft Kernel DLS Syntheiszer (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys
O41 - Driver: driverhardwarev2 (driverhardwarev2) - C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
O41 - Driver: Microsoft Kernel DRM Audio Descrambler (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: FltMgr (FltMgr) - C:\WINDOWS\system32\DRIVERS\fltMgr.sys
O41 - Driver: Generic Packet Classifier (Gpc) - C:\WINDOWS\system32\DRIVERS\msgpc.sys
O41 - Driver: GTNDIS5 NDIS Protocol Driver (GTNDIS5) - C:\WINDOWS\system32\GTNDIS5.SYS
O41 - Driver: i8042 Keyboard and PS/2 Mouse Port Driver (i8042prt) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: IPv6 Windows Firewall Driver (Ip6Fw) - C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
O41 - Driver: IP Traffic Filter Driver (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP in IP Tunnel Driver (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: IPSEC driver (IPSec) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: IR Enumerator Service (IRENUM) - C:\WINDOWS\system32\DRIVERS\irenum.sys
O41 - Driver: Microsoft Kernel Wave Audio Mixer (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys
O41 - Driver: Unimodem Streaming Filter Device (MODEMCSA) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
O41 - Driver: WebDav Client Redirector (MRxDAV) - C:\WINDOWS\system32\DRIVERS\mrxdav.sys
O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: Microsoft Streaming Service Proxy (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Microsoft Streaming Clock Proxy (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Microsoft Streaming Quality Manager Proxy (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Microsoft System Management BIOS Driver (mssmbios) - C:\WINDOWS\system32\DRIVERS\mssmbios.sys
O41 - Driver: Remote Access NDIS TAPI Driver (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS Usermode I/O Protocol (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: Remote Access NDIS WAN Driver (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: NetBT (NetBT) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: D-Link DWA-111 Wireless G USB Adapter Driver (netr73) - C:\WINDOWS\system32\DRIVERS\netr73.sys
O41 - Driver: Upper Class Filter Driver (NTIDrvr) - C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
O41 - Driver: IPX Traffic Filter Driver (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: IPX Traffic Forwarder Driver (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: WAN Miniport (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: QoS Packet Scheduler (PSched) - C:\WINDOWS\system32\DRIVERS\psched.sys
O41 - Driver: Direct Parallel Link Driver (Ptilink) - C:\WINDOWS\system32\DRIVERS\ptilink.sys
O41 - Driver: PxHelp20 (PxHelp20) - C:\WINDOWS\System32\Drivers\PxHelp20.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: WAN Miniport (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Remote Access PPPOE Driver (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Direct Parallel (Raspti) - C:\WINDOWS\system32\DRIVERS\raspti.sys
O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: Digital CD Audio Playback Filter Driver (redbook) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: Sony Ericsson Device 046 Driver driver (WDM) (SE2Ebus) - C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys
O41 - Driver: Sony Ericsson Device 046 USB WMC Modem Filter (SE2Emdfl) - C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys
O41 - Driver: Sony Ericsson Device 046 USB WMC Modem Driver (SE2Emdm) - C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys
O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\system32\DRIVERS\secdrv.sys
O41 - Driver: Serenum Filter Driver (serenum) - C:\WINDOWS\system32\DRIVERS\serenum.sys
O41 - Driver: (no object) (SiS315) - C:\WINDOWS\system32\DRIVERS\sisgrp.sys
O41 - Driver: SiS AGP Filter (SISAGP) - C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
O41 - Driver: (no object) (SiSide) - C:\WINDOWS\system32\DRIVERS\siside.sys
O41 - Driver: sisidex (sisidex) - C:\WINDOWS\system32\drivers\sisidex.sys
O41 - Driver: (no object) (SiSkp) - C:\WINDOWS\system32\DRIVERS\srvkp.sys
O41 - Driver: SiS PCI Fast Ethernet Adapter Driver (SISNIC) - C:\WINDOWS\system32\DRIVERS\sisnic.sys
O41 - Driver: Add Performance Filter Driver (sisperf) - C:\WINDOWS\system32\drivers\sisperf.sys
O41 - Driver: Microsoft Kernel Audio Splitter (splitter) - C:\WINDOWS\system32\drivers\splitter.sys
O41 - Driver: System Restore Filter Driver (sr) - C:\WINDOWS\system32\DRIVERS\sr.sys
O41 - Driver: Srv (Srv) - C:\WINDOWS\system32\DRIVERS\srv.sys
O41 - Driver: Software Bus Driver (swenum) - C:\WINDOWS\system32\DRIVERS\swenum.sys
O41 - Driver: Microsoft Kernel GS Wavetable Synthesizer (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys
O41 - Driver: Microsoft Kernel System Audio Device (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys
O41 - Driver: TCP/IP Protocol Driver (Tcpip) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: Microcode Update Driver (Update) - C:\WINDOWS\system32\DRIVERS\update.sys
O41 - Driver: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys
O41 - Driver: USB2 Enabled Hub (usbhub) - C:\WINDOWS\system32\DRIVERS\usbhub.sys
O41 - Driver: Microsoft USB Open Host Controller Miniport Driver (usbohci) - C:\WINDOWS\system32\DRIVERS\usbohci.sys
O41 - Driver: USB Mass Storage Driver (usbstor) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
O41 - Driver: Belkin High-Speed Mode Wireless G USB Network Adapter Driver (USB_RNDIS) - C:\WINDOWS\system32\DRIVERS\usb8023.sys
O41 - Driver: Remote Access IP ARP Driver (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Microsoft WINMM WDM Audio Compatibility Driver (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - C:\WINDOWS\system32\DRIVERS\WudfPf.sys
O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Reflector (WudfRd) - C:\WINDOWS\system32\DRIVERS\wudfrd.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: AVS Audio Tools version 4.4
O42 - Logiciel: AVS DVD Player version 2.4
O42 - Logiciel: Adobe Flash Player 10 ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Flash Player 9 ActiveX
O42 - Logiciel: Adobe Reader 6.0
O42 - Logiciel: Agere Systems PCI Soft Modem
O42 - Logiciel: Apple Software Update
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: Avanquest update
O42 - Logiciel: Belkin High-Speed Mode Wireless G USB Network Adapter
O42 - Logiciel: Bible Suite PDF Texts
O42 - Logiciel: Bible Suite- Disk 1
O42 - Logiciel: Concise Oxford English Dictionary (Eleventh Edition)
O42 - Logiciel: DivX Codec
O42 - Logiciel: DivX Converter
O42 - Logiciel: DivX Player
O42 - Logiciel: DivX Plus DirectShow Filters
O42 - Logiciel: DivX Web Player
O42 - Logiciel: Driver Updater Pro
O42 - Logiciel: Driving Test Complete
O42 - Logiciel: English Grammar in Use
O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399)
O42 - Logiciel: Hotfix for Windows Media Player 11 (KB939683)
O42 - Logiciel: Hotfix for Windows XP (KB914440)
O42 - Logiciel: Hotfix for Windows XP (KB915865)
O42 - Logiciel: Hotfix for Windows XP (KB926239)
O42 - Logiciel: Le Message et la Sainte Bible
O42 - Logiciel: Le Monde diplomatique (remove only)
O42 - Logiciel: Learn to Speak English Deluxe 9.5
O42 - Logiciel: Letts Practise Maths Stage 1
O42 - Logiciel: LiveUpdate 1.90 (Symantec Corporation)
O42 - Logiciel: MSXML 4.0 SP2 (KB927978)
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Ma-Config.com
O42 - Logiciel: Macromedia Dreamweaver 8
O42 - Logiciel: Macromedia Extension Manager
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Microsoft .NET Framework 2.0
O42 - Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs
O42 - Logiciel: Microsoft National Language Support Downlevel APIs
O42 - Logiciel: Microsoft Office 2000 Professional
O42 - Logiciel: Microsoft Office Excel MUI (English) 2007
O42 - Logiciel: Microsoft Office Shared MUI (English) 2007
O42 - Logiciel: Microsoft Office Shared Setup Metadata MUI (English) 2007
O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
O42 - Logiciel: Mozilla Firefox (3.0.10)
O42 - Logiciel: Music Coach Player
O42 - Logiciel: My First Dictionary 2.0
O42 - Logiciel: NTI Backup NOW! 3
O42 - Logiciel: NTI CD & DVD-Maker Gold
O42 - Logiciel: Nero Suite
O42 - Logiciel: NetZero Internet and Voice Offer
O42 - Logiciel: Norton WMI Update
O42 - Logiciel: Oxford First Encyclopedia
O42 - Logiciel: Photoshop CS2
O42 - Logiciel: QuickTime
O42 - Logiciel: Realtek AC'97 Audio
O42 - Logiciel: Roxio Easy Media Creator 8 Essentials
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB929969)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB933566)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB938127)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB942615)
O42 - Logiciel: Security Update for Windows Internet Explorer 7 (KB944533)
O42 - Logiciel: Security Update for Windows Media Player (KB911564)
O42 - Logiciel: Security Update for Windows Media Player 11 (KB936782)
O42 - Logiciel: Security Update for Windows Media Player 6.4 (KB925398)
O42 - Logiciel: Security Update for Windows XP (KB890046)
O42 - Logiciel: Security Update for Windows XP (KB893756)
O42 - Logiciel: Security Update for Windows XP (KB896358)
O42 - Logiciel: Security Update for Windows XP (KB896423)
O42 - Logiciel: Security Update for Windows XP (KB896428)
O42 - Logiciel: Security Update for Windows XP (KB899587)
O42 - Logiciel: Security Update for Windows XP (KB899591)
O42 - Logiciel: Security Update for Windows XP (KB900725)
O42 - Logiciel: Security Update for Windows XP (KB901017)
O42 - Logiciel: Security Update for Windows XP (KB901190)
O42 - Logiciel: Security Update for Windows XP (KB901214)
O42 - Logiciel: Security Update for Windows XP (KB902400)
O42 - Logiciel: Security Update for Windows XP (KB904706)
O42 - Logiciel: Security Update for Windows XP (KB905414)
O42 - Logiciel: Security Update for Windows XP (KB905749)
O42 - Logiciel: Security Update for Windows XP (KB908519)
O42 - Logiciel: Security Update for Windows XP (KB911562)
O42 - Logiciel: Security Update for Windows XP (KB911927)
O42 - Logiciel: Security Update for Windows XP (KB913580)
O42 - Logiciel: Security Update for Windows XP (KB914388)
O42 - Logiciel: Security Update for Windows XP (KB914389)
O42 - Logiciel: Security Update for Windows XP (KB917953)
O42 - Logiciel: Security Update for Windows XP (KB918118)
O42 - Logiciel: Security Update for Windows XP (KB918439)
O42 - Logiciel: Security Update for Windows XP (KB919007)
O42 - Logiciel: Security Update for Windows XP (KB920213)
O42 - Logiciel: Security Update for Windows XP (KB920670)
O42 - Logiciel: Security Update for Windows XP (KB920683)
O42 - Logiciel: Security Update for Windows XP (KB920685)
O42 - Logiciel: Security Update for Windows XP (KB921503)
O42 - Logiciel: Security Update for Windows XP (KB922819)
O42 - Logiciel: Security Update for Windows XP (KB923191)
O42 - Logiciel: Security Update for Windows XP (KB923414)
O42 - Logiciel: Security Update for Windows XP (KB923980)
O42 - Logiciel: Security Update for Windows XP (KB924191)
O42 - Logiciel: Security Update for Windows XP (KB924270)
O42 - Logiciel: Security Update for Windows XP (KB924667)
O42 - Logiciel: Security Update for Windows XP (KB925902)
O42 - Logiciel: Security Update for Windows XP (KB926255)
O42 - Logiciel: Security Update for Windows XP (KB926436)
O42 - Logiciel: Security Update for Windows XP (KB927779)
O42 - Logiciel: Security Update for Windows XP (KB927802)
O42 - Logiciel: Security Update for Windows XP (KB928255)
O42 - Logiciel: Security Update for Windows XP (KB928843)
O42 - Logiciel: Security Update for Windows XP (KB929123)
O42 - Logiciel: Security Update for Windows XP (KB930178)
O42 - Logiciel: Security Update for Windows XP (KB931261)
O42 - Logiciel: Security Update for Windows XP (KB931784)
O42 - Logiciel: Security Update for Windows XP (KB932168)
O42 - Logiciel: Security Update for Windows XP (KB933729)
O42 - Logiciel: Security Update for Windows XP (KB935839)
O42 - Logiciel: Security Update for Windows XP (KB935840)
O42 - Logiciel: Security Update for Windows XP (KB936021)
O42 - Logiciel: Security Update for Windows XP (KB938829)
O42 - Logiciel: Security Update for Windows XP (KB941202)
O42 - Logiciel: Security Update for Windows XP (KB941568)
O42 - Logiciel: Security Update for Windows XP (KB941569)
O42 - Logiciel: Security Update for Windows XP (KB941644)
O42 - Logiciel: Security Update for Windows XP (KB943055)
O42 - Logiciel: Security Update for Windows XP (KB943460)
O42 - Logiciel: Security Update for Windows XP (KB943485)
O42 - Logiciel: Security Update for Windows XP (KB944653)
O42 - Logiciel: Security Update for Windows XP (KB946026)
O42 - Logiciel: Shareaza 2.4.0.0
O42 - Logiciel: SiS 900 PCI Fast Ethernet Adapter Driver
O42 - Logiciel: Sony Ericsson Media Manager 1.2
O42 - Logiciel: Sony Ericsson PC Suite 4.010.00
O42 - Logiciel: SpeedTouch USB Software
O42 - Logiciel: TalkTalk Assist & Go
O42 - Logiciel: Teaching-you Guitar Skills
O42 - Logiciel: The Human body
O42 - Logiciel: The Junior Visual
O42 - Logiciel: Update for Windows XP (KB894391)
O42 - Logiciel: Update for Windows XP (KB898461)
O42 - Logiciel: Update for Windows XP (KB900485)
O42 - Logiciel: Update for Windows XP (KB904942)
O42 - Logiciel: Update for Windows XP (KB908531)
O42 - Logiciel: Update for Windows XP (KB910437)
O42 - Logiciel: Update for Windows XP (KB911280)
O42 - Logiciel: Update for Windows XP (KB916595)
O42 - Logiciel: Update for Windows XP (KB920872)
O42 - Logiciel: Update for Windows XP (KB922582)
O42 - Logiciel: Update for Windows XP (KB927891)
O42 - Logiciel: Update for Windows XP (KB930916)
O42 - Logiciel: Update for Windows XP (KB931836)
O42 - Logiciel: Update for Windows XP (KB938828)
O42 - Logiciel: Update for Windows XP (KB942763)
O42 - Logiciel: VC80CRTRedist - 8.0.50727.762
O42 - Logiciel: VLC media player 0.9.9
O42 - Logiciel: VoipCheap
O42 - Logiciel: VoipDiscount
O42 - Logiciel: WampServer 2.0
O42 - Logiciel: Windows Defender
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474)
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130)
O42 - Logiciel: Windows Installer 3.1 (KB893803)
O42 - Logiciel: Windows Internet Explorer 7
O42 - Logiciel: Windows Media Format 11 runtime
O42 - Logiciel: Windows Media Player 11
O42 - Logiciel: Windows XP Hotfix - KB873339
O42 - Logiciel: Windows XP Hotfix - KB885835
O42 - Logiciel: Windows XP Hotfix - KB885836
O42 - Logiciel: Windows XP Hotfix - KB886185
O42 - Logiciel: Windows XP Hotfix - KB887472
O42 - Logiciel: Windows XP Hotfix - KB888302
O42 - Logiciel: Windows XP Hotfix - KB890859
O42 - Logiciel: Windows XP Hotfix - KB891781

   
Répondre à lion.d

27

V-X, le 13 mai 2009 à 03:19:35

Re,

Comment va le pc , maintenant ?

As tu réussi en mode normal combofix ? l'alcool tue lentement ,on s'en fout on est pas presser.....­.

   
Répondre à V-X

28

lion.d, le 13 mai 2009 à 03:26:36

Re,
Le pc va mieux mnt, tout semble a nouveau marcher. Grand merci
J'ai reussi a faire marcher combofix en mode normal. je sais pas si ta besoin que je post le rapport?

   
Répondre à lion.d

29

V-X, le 13 mai 2009 à 03:29:08

Re,

Si poste moi le rapport et ensuite tu fait sa dans l'ordre:

▶ Télécharge hijackthis

▶ Enregistre la cible sous .... "le bureau"

▶ Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

▶ Clique sur Install ensuite sur "I Accept"

▶ Clique sur" Do a scan system and save log file"

▶ Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

Tuto hijackthis(Merci à Balltrap34)

▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur ' continue ' à l'écran Disclaimer.

Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports séparément.
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
l'alcool tue lentement ,on s'en fout on est pas presser......

   
Répondre à V-X

30

lion.d, le 13 mai 2009 à 03:32:06

Ok voici d'abord le rapport combofix

ComboFix 09-05-12.04 - Hugues Miere 13/05/2009 2:21.3 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.991.681 [GMT 1:00]
Running from: c:\documents and settings\Hugues Miere\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.

2009-05-13 00:17 . 2009-05-13 00:17 -------- d-----w c:\documents and settings\Hugues Miere\Application Data\Malwarebytes
2009-05-13 00:17 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-13 00:17 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarm­y.sys
2009-05-13 00:17 . 2009-05-13 00:17 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-13 00:17 . 2009-05-13 00:17 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-12 23:44 . 2009-05-12 23:44 -------- d-----w c:\documents and settings\Administrator
2009-05-12 23:14 . 2009-05-12 23:14 -------- d-----w C:\Rooter$
2009-05-12 03:59 . 2009-05-12 13:56 32 --s-a-w c:\windows\system32\2023729596.dat
2009-05-12 00:56 . 2009-04-15 20:25 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-05-12 00:56 . 2009-04-15 20:25 118520 ------w c:\windows\system32\pxinsi64.exe
2009-05-12 00:56 . 2009-04-15 20:25 129784 ------w c:\windows\system32\pxafs.dll
2009-05-12 00:56 . 2009-05-12 00:56 -------- d-----w c:\program files\Common Files\DivX Shared
2009-05-12 00:56 . 2009-05-12 00:56 -------- d-----w c:\program files\DivX
2009-05-09 11:41 . 2009-05-09 11:41 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-05-02 03:48 . 2009-05-02 03:48 -------- d-----w c:\documents and settings\Hugues Miere\Application Data\vlc
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 20:25 . 2005-11-03 11:00 43528 ------w c:\windows\system32\drivers\pxhelp20.sys­
2009-04-06 19:58 . 2009-04-06 19:58 -------- d-----w c:\program files\VoipDiscount.com
2009-04-04 23:01 . 2009-04-04 23:01 0 ----a-w c:\windows\nsreg.dat
2009-03-20 23:55 . 2009-03-20 23:55 -------- d-----w c:\program files\Shareaza
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-11-04 1687552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-11-04 163840]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-05-14 67072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VoipCheap\\VoipCheap.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=

R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [21/04/2009 15:36 216232]
S3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver;c:\windows\system32\drivers\netr73.sys [31/03/2008 21:11 256000]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2007-06-15 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-11 16:17]

2009-05-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fr.yahoo.com/
FF - ProfilePath - c:\documents and settings\Hugues Miere\Application Data\Mozilla\Firefox\Profiles\92s12rw1.default\
FF - plugin: c:\documents and settings\Hugues Miere\Application Data\Mozilla\Firefox\Profiles\92s12rw1.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 02:23
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1156)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
.
Completion time: 2009-05-13 2:24
ComboFix-quarantined-files.txt 2009-05-13 01:24
ComboFix2.txt 2009-05-12 23:51

Pre-Run: 7,227,998,208 bytes free
Post-Run: 7,234,650,112 bytes free

124 --- E O F --- 2009-05-01 11:46

   
Répondre à lion.d

31

lion.d, le 13 mai 2009 à 03:34:20

Voici le rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:32:56, on 13/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/hardwaredetection/hardwaredetection_3_1_2_0.cab
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe
End of file - 6499 bytes

   
Répondre à lion.d

32

lion.d, le 13 mai 2009 à 03:37:42

Voici les rapports pour RSIT:
Preimer rapport "log"

Logfile of random's system information tool 1.06 (written by random/random)
Run by Hugues Miere at 2009-05-13 02:35:56
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 7 GB (18%) free of 38 GB
Total RAM: 991 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:35:57, on 13/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Hugues Miere\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Hugues Miere.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/hardwaredetection/hardwaredetection_3_1_2_0.cab
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe
End of file - 6525 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-05-14 67072]
"RoxioDragToDisc"=C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe [2005-11-04 1687552]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe [2005-11-04 163840]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-28 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-28 81920]
"TalkTalk"=C:\Program Files\TalkTalk\bin\sprtcmd.exe [2007-10-12 202016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VoipCheap\VoipCheap.exe"="C:\Program Files\VoipCheap\VoipCheap.exe:*:Enabled:VoipCheap"
"C:\Program Files\TalkTalk\agent\bin\bcont.exe"="C:\Program Files\TalkTalk\agent\bin\bcont.exe:*:Enabled:bcont.exe"
"C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe"="C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe"
"C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe"="C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe"
"C:\Program Files\TalkTalk\bin\sprtcmd.exe"="C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe"="C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:*:Enabled:VoipDiscount"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-05-13 02:35:56 ----D---- C:\rsit
2009-05-13 02:32:45 ----D---- C:\Program Files\Trend Micro
2009-05-13 02:24:17 ----A---- C:\ComboFix.txt
2009-05-13 01:17:17 ----D---- C:\Documents and Settings\Hugues Miere\Application Data\Malwarebytes
2009-05-13 01:17:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-13 01:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-13 00:51:13 ----D---- C:\WINDOWS\temp
2009-05-13 00:47:39 ----A---- C:\Boot.bak
2009-05-13 00:47:35 ----RASHD---- C:\cmdcons
2009-05-13 00:34:07 ----A---- C:\WINDOWS\zip.exe
2009-05-13 00:34:07 ----A---- C:\WINDOWS\vFind.exe
2009-05-13 00:34:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-13 00:34:07 ----A---- C:\WINDOWS\SWSC.exe
2009-05-13 00:34:07 ----A---- C:\WINDOWS\SWREG.exe
2009-05-13 00:34:07 ----A---- C:\WINDOWS\sed.exe
2009-05-13 00:34:07 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-13 00:34:07 ----A---- C:\WINDOWS\grep.exe
2009-05-13 00:34:03 ----D---- C:\WINDOWS\ERDNT
2009-05-13 00:27:25 ----D---- C:\Qoobox
2009-05-13 00:26:11 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-13 00:14:52 ----D---- C:\Rooter$
2009-05-12 21:25:57 ----D---- C:\WINDOWS\pss
2009-05-12 04:37:54 ----A---- C:\Documents and Settings\All Users\Application Data\os60975309.ini
2009-05-12 01:56:55 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-05-12 01:56:55 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-05-12 01:56:55 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-05-12 01:56:55 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-05-12 01:56:55 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-05-12 01:56:55 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-05-12 01:56:55 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-05-12 01:56:33 ----D---- C:\Program Files\Common Files\DivX Shared
2009-05-12 01:56:32 ----D---- C:\Program Files\DivX
2009-05-02 04:48:16 ----D---- C:\Documents and Settings\Hugues Miere\Application Data\vlc
2009-04-15 21:24:40 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\DivX.dll

======List of files/folders modified in the last 1 months======

2009-05-13 02:23:22 ----A---- C:\WINDOWS\system.ini
2009-05-13 02:21:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-13 00:47:40 ----RASH---- C:\boot.ini
2009-05-12 04:37:02 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\VXBLOCK.dll
2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\PxWave.dll
2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\PxMas.dll
2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\Px.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2005-10-22 311680]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2005-10-22 119168]
R1 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2005-11-04 50176]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-07-08 12416]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-05-14 622172]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2005-10-22 27264]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2005-10-22 27136]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-05-11 6912]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-07-08 217600]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-02-28 32256]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 ovfsthpfvitawvirbqbwewbmnribarssngxjgx;ovfsthpfvitawvirbqbwewbmnribarssngxjgx; C:\WINDOWS\system32\drivers\ovfsthacmpfuxnrseicgobsryemwyfxdtmbixm.sys []
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 catchme;catchme; \??\C:\DOCUME~1\HUGUES~1\LOCALS~1\Temp\catchme.sys []
S3 DMSKSSRh;DMSKSSRh; \??\C:\DOCUME~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\netr73.sys [2007-01-31 256000]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 97184]
S3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autodata Limited License Service;Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2007-06-26 68608]
R2 Belkin High-Speed Mode Wireless G USB Network Adapter Service;Belkin High-Speed Mode Wireless G USB Driver; C:\Program Files\Belkin\F5D7051\WLService.exe [2004-03-29 49152]
R2 RoxWatch;Roxio Hard Drive Watcher; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2005-11-04 155648]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk); C:\Program Files\TalkTalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk); C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe [2007-08-02 148768]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 RoxMediaDB;RoxMediaDB; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [2005-11-04 864256]
S2 RoxLiveShare;LiveShare P2P Server; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2005-11-04 229376]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-04-21 216232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe [2007-08-02 382320]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe [2009-02-15 6558336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

   
Répondre à lion.d

33

lion.d, le 13 mai 2009 à 03:39:02

Rapport info resit:

info.txt logfile of random's system information tool 1.06 2009-05-13 02:35:58

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{6D4F02C4-F6AF-4659-A933-7FC06235A8D5}
-->MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
-->MsiExec.exe /I{8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D}
-->MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
-->MsiExec.exe /I{F0EACC27-A729-406C-9BF6-C8F10CEC36F8}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Agere Systems PCI Soft Modem-->agrsmdel
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x040c -removeonly
AVS Audio Tools version 4.4-->"C:\Program Files\AVSMedia\AudioTools\unins000.exe"
AVS DVD Player version 2.4-->"C:\Program Files\AVSMedia\DVDPlayer\unins000.exe"
Belkin High-Speed Mode Wireless G USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Belkin\F5D7051\setup.exe" -l0x9
Bible Suite- Disk 1-->MsiExec.exe /I{B6F50EFF-0EA7-4A63-868D-2C02C1B9EABF}
Bible Suite PDF Texts-->MsiExec.exe /I{6C405BCD-8941-4FE4-B4AC-9C2B55414E18}
Concise Oxford English Dictionary (Eleventh Edition)-->C:\Program Files\COED11\Uninstal.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Updater Pro-->"C:\Documents and Settings\All Users\Application Data\{CC51AE54-B346-4954-ADDB-30BD4F138CF2}\DriverUpdaterPro.exe" REMOVE=TRUE MODIFY=FALSE
Driver Updater Pro-->C:\Documents and Settings\All Users\Application Data\{CC51AE54-B346-4954-ADDB-30BD4F138CF2}\DriverUpdaterPro.exe
Driving Test Complete-->"C:\WINDOWS\Driving Test Complete\uninstall.exe" "/U:C:\Program Files\Driving Test Complete\Uninstall\uninstall.xml"
English Grammar in Use-->C:\CAMBRI~1\EGU\REMOVE.EXE C:\CAMBRI~1\EGU\Install.log
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Le Message et la Sainte Bible-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF11779E-3A03-11D8-9EAE-0020E0623A55}\setup.exe" -l0x40c -uninst
Le Monde diplomatique (remove only)-->"C:\Program Files\LeMondediplomatique\uninstall.exe"
Learn to Speak English Deluxe 9.5-->MsiExec.exe /I{7E9E798E-58CF-468E-B6DC-4EDEB857DB91}
Letts Practise Maths Stage 1-->C:\LETTS\PRACTISE\MATHSKS1\UNWISE.EXE C:\LETTS\PRACTISE\MATHSKS1\INSTALL.LOG
LiveUpdate 1.90 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Ma-Config.com-->MsiExec.exe /X{E780E536-16CE-4CD1-8FE0-2D5E52FAA65B}
Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Music Coach Player-->MsiExec.exe /I{61C7F2BD-A9CE-464D-8B45-873FAED5B33B}
My First Dictionary 2.0-->C:\WINDOWS\uninst.exe -r"DK Multimedia\My First Dictionary 2.0\2.00" -n"My First Dictionary 2.0" -fC:\PROGRA~1\DKMULT~1\MYFIRS~1.0\DeIsL2.isu -cC:\PROGRA~1\DKMULT~1\MYFIRS~1.0\uninst.dll
Nero Suite-->C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
NetZero Internet and Voice Offer-->MsiExec.exe /X{8BBA35B6-E1A9-4FE0-892B-8F7980584D52}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NTI Backup NOW! 3-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E68EAA3-775A-4542-A08A-47DB8E8E74A6} /l1033 BUNText
NTI CD & DVD-Maker Gold -->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
Oxford First Encyclopedia-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D1F60B9D-30CD-45F3-9797-7F7AB06F8820}
Photoshop CS2 -->C:\Program Files\Adobe\Adobe Photoshop CS2\uninst.exe
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Roxio Easy Media Creator 8 Essentials-->MsiExec.exe /I{21EC1B12-888F-44D3-8C77-14FCF8CAE383}
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\Progra~1\SiSLan\Uninst.exe
Sony Ericsson Media Manager 1.2-->MsiExec.exe /X{5F1ECBFB-048E-406E-A7AB-A81F9E359961}
Sony Ericsson PC Suite 4.010.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x040c -removeonly
SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l0009 -Control_Panel
TalkTalk Assist & Go-->MsiExec.exe /X{D084B1A9-153B-409D-AEBF-C40FCEF925EA}
Teaching-you Guitar Skills-->MsiExec.exe /I{424CB226-23FE-4429-A85F-C893D381897F}
The Human body-->C:\WINDOWS\unvise32.exe C:\Program Files\QA International\The Human body\uninstal.log
The Junior Visual-->C:\WINDOWS\unvise32.exe C:\Program Files\QA International\The Junior Visual\uninstal.log
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VoipCheap-->"C:\Program Files\VoipCheap\unins000.exe"
VoipDiscount-->"C:\Program Files\VoipDiscount.com\VoipDiscount\unins000.exe"
WampServer 2.0-->"c:\wamp\unins000.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

======System event log======

Computer Name: KIMBOULI
Event Code: 7031
Message: The Belkin High-Speed Mode Wireless G USB Driver service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Record Number: 78403
Source Name: Service Control Manager
Time Written: 20090513004234.000000+060
Event Type: error
User:

Computer Name: KIMBOULI
Event Code: 7031
Message: The Belkin High-Speed Mode Wireless G USB Driver service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Record Number: 78401
Source Name: Service Control Manager
Time Written: 20090513004234.000000+060
Event Type: error
User:

Computer Name: KIMBOULI
Event Code: 7031
Message: The Belkin High-Speed Mode Wireless G USB Driver service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Record Number: 78399
Source Name: Service Control Manager
Time Written: 20090513004233.000000+060
Event Type: error
User:

Computer Name: KIMBOULI
Event Code: 7031
Message: The Belkin High-Speed Mode Wireless G USB Driver service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Record Number: 78397
Source Name: Service Control Manager
Time Written: 20090513004233.000000+060
Event Type: error
User:

Computer Name: KIMBOULI
Event Code: 7031
Message: The Belkin High-Speed Mode Wireless G USB Driver service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Record Number: 78395
Source Name: Service Control Manager
Time Written: 20090513004232.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: KIMBOULI
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 4733
Source Name: Userenv
Time Written: 20080826220733.000000+060
Event Type: warning
User: KIMBOULI\Hugues Miere

Computer Name: KIMBOULI
Event Code: 5000
Message:
Record Number: 4732
Source Name: MPSampleSubmission
Time Written: 20080826202152.000000+060
Event Type: error
User:

Computer Name: KIMBOULI
Event Code: 1517
Message: Windows saved user KIMBOULI\Hugues Miere registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4717
Source Name: Userenv
Time Written: 20080824005405.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KIMBOULI
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 4716
Source Name: Userenv
Time Written: 20080824005404.000000+060
Event Type: warning
User: KIMBOULI\Hugues Miere

Computer Name: KIMBOULI
Event Code: 1517
Message: Windows saved user KIMBOULI\Hugues Miere registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4699
Source Name: Userenv
Time Written: 20080822232955.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\DivX Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

   
Répondre à lion.d

34

V-X, le 13 mai 2009 à 03:54:57

Re,

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte en gras ci-dessous par sélection puis Ctrl+C :

File::
C:\WINDOWS\system32\drivers\ovfsthacmpfuxnrseicgobsryemwyfxdtmbixm.sys


---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes



---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://www.searchengines.pl/...


[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt l'alcool tue lentement ,on s'en fout on est pas presser......

   
Répondre à V-X

35

lion.d, le 13 mai 2009 à 04:08:30

Ok
voici le rapport:

ComboFix 09-05-12.04 - Hugues Miere 13/05/2009 3:04.4 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.991.660 [GMT 1:00]
Running from: c:\documents and settings\Hugues Miere\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hugues Miere\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-04-13 to 2009-05-13 )))))))))))))))))))))))))))))))
.

2009-05-13 01:35 . 2009-05-13 01:35 -------- d-----w C:\rsit
2009-05-13 01:32 . 2009-05-13 01:32 -------- d-----w c:\program files\Trend Micro
2009-05-13 00:17 . 2009-05-13 00:17 -------- d-----w c:\documents and settings\Hugues Miere\Application Data\Malwarebytes
2009-05-13 00:17 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-13 00:17 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarm­y.sys
2009-05-13 00:17 . 2009-05-13 00:17 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-13 00:17 . 2009-05-13 00:17 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-12 23:44 . 2009-05-12 23:44 -------- d-----w c:\documents and settings\Administrator
2009-05-12 23:14 . 2009-05-12 23:14 -------- d-----w C:\Rooter$
2009-05-12 03:59 . 2009-05-12 13:56 32 --s-a-w c:\windows\system32\2023729596.dat
2009-05-12 00:56 . 2009-04-15 20:25 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-05-12 00:56 . 2009-04-15 20:25 118520 ------w c:\windows\system32\pxinsi64.exe
2009-05-12 00:56 . 2009-04-15 20:25 129784 ------w c:\windows\system32\pxafs.dll
2009-05-12 00:56 . 2009-05-12 00:56 -------- d-----w c:\program files\Common Files\DivX Shared
2009-05-12 00:56 . 2009-05-12 00:56 -------- d-----w c:\program files\DivX
2009-05-09 11:41 . 2009-05-09 11:41 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-05-02 03:48 . 2009-05-02 03:48 -------- d-----w c:\documents and settings\Hugues Miere\Application Data\vlc
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 20:25 . 2005-11-03 11:00 43528 ------w c:\windows\system32\drivers\pxhelp20.sys­
2009-04-06 19:58 . 2009-04-06 19:58 -------- d-----w c:\program files\VoipDiscount.com
2009-04-04 23:01 . 2009-04-04 23:01 0 ----a-w c:\windows\nsreg.dat
2009-03-20 23:55 . 2009-03-20 23:55 -------- d-----w c:\program files\Shareaza
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-05-12_23.50.22 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-11-04 1687552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-11-04 163840]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-05-14 67072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VoipCheap\\VoipCheap.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\VoipDiscount.com\\VoipDiscount\\VoipDiscount.exe"=

R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 09:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 14:42 148768]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys --> c:\docume~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [21/04/2009 15:36 216232]
S3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver;c:\windows\system32\drivers\netr73.sys [31/03/2008 21:11 256000]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2007-06-15 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-05-11 16:17]

2009-05-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fr.yahoo.com/
FF - ProfilePath - c:\documents and settings\Hugues Miere\Application Data\Mozilla\Firefox\Profiles\92s12rw1.default\
FF - plugin: c:\documents and settings\Hugues Miere\Application Data\Mozilla\Firefox\Profiles\92s12rw1.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 03:05
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2240)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-13 3:06
ComboFix-quarantined-files.txt 2009-05-13 02:06
ComboFix2.txt 2009-05-13 01:24
ComboFix3.txt 2009-05-12 23:51

Pre-Run: 7,147,978,752 bytes free
Post-Run: 7,141,097,472 bytes free

129 --- E O F --- 2009-05-01 11:46

   
Répondre à lion.d

36

V-X, le 13 mai 2009 à 04:09:55

Re,

Redémarre ton pc et refait un log avec RSIT. l'alcool tue lentement ,on s'en fout on est pas presser.....­.

   
Répondre à V-X

37

lion.d, le 13 mai 2009 à 04:14:57

Ok! c'est fait. voici le log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Hugues Miere at 2009-05-13 03:13:33
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 7 GB (18%) free of 38 GB
Total RAM: 991 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:13:36, on 13/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Documents and Settings\Hugues Miere\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Hugues Miere.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/hardwaredetection/hardwaredetection_3_1_2_0.cab
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe
End of file - 6468 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-05-14 67072]
"RoxioDragToDisc"=C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe [2005-11-04 1687552]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe [2005-11-04 163840]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-28 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-28 81920]
"TalkTalk"=C:\Program Files\TalkTalk\bin\sprtcmd.exe [2007-10-12 202016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VoipCheap\VoipCheap.exe"="C:\Program Files\VoipCheap\VoipCheap.exe:*:Enabled:VoipCheap"
"C:\Program Files\TalkTalk\agent\bin\bcont.exe"="C:\Program Files\TalkTalk\agent\bin\bcont.exe:*:Enabled:bcont.exe"
"C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe"="C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe"
"C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe"="C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe"
"C:\Program Files\TalkTalk\bin\sprtcmd.exe"="C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe"="C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe"="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:*:Enabled:VoipDiscount"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-05-13 03:06:34 ----A---- C:\ComboFix.txt
2009-05-13 02:35:56 ----D---- C:\rsit
2009-05-13 02:32:45 ----D---- C:\Program Files\Trend Micro
2009-05-13 01:17:17 ----D---- C:\Documents and Settings\Hugues Miere\Application Data\Malwarebytes
2009-05-13 01:17:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-13 01:17:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-13 00:51:13 ----D---- C:\WINDOWS\temp
2009-05-13 00:47:39 ----A---- C:\Boot.bak
2009-05-13 00:47:35 ----RASHD---- C:\cmdcons
2009-05-13 00:34:07 ----A---- C:\WINDOWS\zip.exe
2009-05-13 00:34:07 ----A---- C:\WINDOWS\vFind.exe
2009-05-13 00:34:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-13 00:34:07 ----A---- C:\WINDOWS\SWSC.exe
2009-05-13 00:34:07 ----A---- C:\WINDOWS\SWREG.exe
2009-05-13 00:34:07 ----A---- C:\WINDOWS\sed.exe
2009-05-13 00:34:07 ----A---- C:\WINDOWS\NIRCMD.exe
2009-05-13 00:34:07 ----A---- C:\WINDOWS\grep.exe
2009-05-13 00:34:03 ----D---- C:\WINDOWS\ERDNT
2009-05-13 00:27:25 ----D---- C:\Qoobox
2009-05-13 00:26:11 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-13 00:14:52 ----D---- C:\Rooter$
2009-05-12 21:25:57 ----D---- C:\WINDOWS\pss
2009-05-12 04:37:54 ----A---- C:\Documents and Settings\All Users\Application Data\os60975309.ini
2009-05-12 01:56:55 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-05-12 01:56:55 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-05-12 01:56:55 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-05-12 01:56:55 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-05-12 01:56:55 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-05-12 01:56:55 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-05-12 01:56:55 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-05-12 01:56:33 ----D---- C:\Program Files\Common Files\DivX Shared
2009-05-12 01:56:32 ----D---- C:\Program Files\DivX
2009-05-02 04:48:16 ----D---- C:\Documents and Settings\Hugues Miere\Application Data\vlc
2009-04-15 21:24:40 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2009-04-15 21:24:38 ----A---- C:\WINDOWS\system32\DivX.dll

======List of files/folders modified in the last 1 months======

2009-05-13 03:12:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-13 03:05:40 ----A---- C:\WINDOWS\system.ini
2009-05-13 00:47:40 ----RASH---- C:\boot.ini
2009-05-12 04:37:02 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\VXBLOCK.dll
2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\PxWave.dll
2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\PxMas.dll
2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-04-15 21:25:42 ----N---- C:\WINDOWS\system32\Px.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2005-10-22 311680]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2005-10-22 119168]
R1 RxFilter;RxFilter; C:\WINDOWS\system32\DRIVERS\RxFilter.sys [2005-11-04 50176]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-07-08 12416]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-05-14 622172]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2005-10-22 27264]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2005-10-22 27136]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-05-11 6912]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-07-08 217600]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-02-28 32256]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 ovfsthpfvitawvirbqbwewbmnribarssngxjgx;ovfsthpfvitawvirbqbwewbmnribarssngxjgx; C:\WINDOWS\system32\drivers\ovfsthacmpfuxnrseicgobsryemwyfxdtmbixm.sys []
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 catchme;catchme; \??\C:\DOCUME~1\HUGUES~1\LOCALS~1\Temp\catchme.sys []
S3 DMSKSSRh;DMSKSSRh; \??\C:\DOCUME~1\HUGUES~1\LOCALS~1\Temp\DMSKSSRh.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\netr73.sys [2007-01-31 256000]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 97184]
S3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autodata Limited License Service;Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2007-06-26 68608]
R2 Belkin High-Speed Mode Wireless G USB Network Adapter Service;Belkin High-Speed Mode Wireless G USB Driver; C:\Program Files\Belkin\F5D7051\WLService.exe [2004-03-29 49152]
R2 RoxWatch;Roxio Hard Drive Watcher; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe [2005-11-04 155648]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk); C:\Program Files\TalkTalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk); C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe [2007-08-02 148768]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 RoxMediaDB;RoxMediaDB; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe [2005-11-04 864256]
S2 RoxLiveShare;LiveShare P2P Server; C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe [2005-11-04 229376]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-04-21 216232]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe [2007-08-02 382320]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe [2009-02-15 6558336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

   
Répondre à lion.d

38

V-X, le 13 mai 2009 à 04:17:28

Re,

Afficher les fichiers et dossiers cachés sous Windows Xp

▶ Double clic sur Poste de Travail,

▶ Sur le menu du haut vous cliquez sur "Outils"

▶ Cliquer sur "Options des dossiers"

▶ Cliquez sur l'onglet "Affichage"

▶ Dans les options

▶ Sélectionnez " Afficher les dossiers et fichiers cachés"

▶ Cliquer ensuite sur "Appliquer"

▶ validez par "Ok"


Redémarre ton pc en mode sans échec et ensuite:


Cherche et suppprime le fichier ci-dessous dans =>C:\WINDOWS\system32\drivers


C:\WINDOWS\system32\drivers\ovfsthacmpfuxnrseicgobsryemwyfxdtmbixm.sys

Ensuite refait un scna complet en mode normal de malwarebyte.

merci l'alcool tue lentement ,on s'en fout on est pas presser......

   
Répondre à V-X

39

 saroune85, le 28 mai 2009 à 02:38:14

Ca va faire bientot 5 jours que je suis prise avec ce virus et je ne sais pas comment l'enlever malgré que j'aies regardé toutes les réponses sur les forums est -ce que quelqun peut m'aider concrètement svp avec des termes faciles à comprendre.

Merci

   
Répondre à saroune85
Posez votre question Répondre
Ils ont besoin de votre aide