Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Problème Clé usb comme neuve

Dernière réponse le 29 jun 2009 à 17:55:34 Aurahire, le 28 jun 2009 à 21:31:40

Signaler ce message aux modérateurs

Bonjour, J'aimerai un petit coup de main de certain qui pourrait m'aider, car ce week-end j'ai reçu une clé USB commandée sur un site de vente. J'ai reçu cette clé, donc l'annonce la disait comme neuve. Je la branche et la Bitdefender me bloque un start.exe venant d'un CD oui oui d'un CD alors que j'ai branché une clé USB et il m'a au passage bloqué et supprimer 3 trojans qui été sur la clé.
Vive les vendeur qui polluent ... Bref pour en revenir a la clé, je vais voir dans poste de travail et quand je branche ma clé je vois apparaitre le lecteur I (Normal) mais aussi un lecteur CD contenant 2.67 Mo, il contient 3 fichiers que je n'arrive pas a supprimer et que d'après les analyse d'usbfix et compagnie est un virus.
Et la je dois avouer que je suis un peu perdu. je sais me débrouillé en cherchant les infos des autres internautes a droite a gauche mais je craque ... !
Donc je ne sais pas comme désinfecter correctement cette foutue Clé, Desinfector USB ne fait aucun effet, ce lecteur de disque contenant ces merdes reste et demeure présent !
Si quelqu'un peut m'aider un peu ?
Merci bien !

Configuration: Windows Vista
Firefox 3.0.11

Meilleures réponses pour « Problème Clé usb comme neuve » dans :

Clé USB Dane Elec neuve protégée en écriture Voir

Formatage clé usb sous vista Voir

Problème de clé usb Intuix S600 non reconnu Voir

Formater une clé USB VoirLes clés USB doivent nécessairement être formatées avec le système de fichiers FAT (FAT16 ou FAT32) pour pouvoir être utilisées par les principaux systèmes d'exploitation. Sous Windows Or, pour une clé USB de capacité supérieure à 32Mo, Windows XP...

Antivirus gratuit sur clé USB VoirParfois il peut être utile d'emporter des antivirus sur clé USB: pour tester une machine qui n'a pas de connexion internet pour tester une machine qui ne vous appartient pas (famille, amis, cybercafé...) ou qui ne possède pas d'antivirus pour...

[Windows] Pilote/Driver lecteur MP3 ou Clé USB non reconnu Voir

Comment rendre 1 cle USB bootable sous XP (Résolu) Voir

Absence de reconnaissance de Clé USB sous XP (Résolu) Voir

[clé USB]comment réparer? (Résolu) Voir

Télécharger Pilote générique de clé USB Voir

Clé USB VoirIntroduction à la notion de clé USB Une clé USB (en anglais USB key) est un périphérique de stockage amovible de petit format pouvant être branché sur le port USB d'un ordinateur. Une clé USB embarque dans une coque plastifiée un...

Posez votre question Répondre

InfernO.vir, le 28 jun 2009 à 21:36:16

Bonsoir,

Interressant, fait ceci stp :

• Télécharge ici :

• http://images.malwareremoval.com/random/RSIT.exe

• random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.

• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

• Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt(<<qui sera réduit dans la Barre des Tâches).

• NB : Les rapports sont sauvegardés dans le dossier C:\rsit ~#*'"»€le©τ®!C™«"'*#~ --P0i$oN->

Répondre à InfernO.vir

Aurahire, le 28 jun 2009 à 21:43:00

Voila la réponse de la manipulation que tu viens de m'indiquer .
Merci bien d'aider un desespéré !:)

Euh je viens de voir les log et ils sont vachement longs, tu voudrait quelle partie ? Je copie tout ?
Merci

Répondre à Aurahire

Aurahire, le 28 jun 2009 à 21:48:51

Voici le fichier Log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Matthieu at 2009-06-28 21:40:16
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 92 GB (46%) free of 200 GB
Total RAM: 3070 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:32 PM, on 6/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Matthieu\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Matthieu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: MarvellTrayStartup.lnk = C:\Program Files\Marvell\61xx\tray\RaidTray.bat
O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
End of file - 8840 bytes

======Scheduled tasks folder======

C:\Windows\tasks\PDVDServ.EXE_1153390954.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-11 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2008-02-28 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-23 4423680]
"CPU Power Monitor"=C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe [2008-01-09 627200]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [2007-10-09 61440]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-09-04 368640]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-02-13 564496]
"WinSys2"=C:\Windows\system32\startup.exe [2007-10-30 57344]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-03-27 13687328]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-03-27 92704]
"ooccctrl.exe"=C:\Program Files\OO Software\CleverCache\ooccctrl.exe [2007-01-28 1911568]
"OODefragTray"=C:\Windows\system32\oodtray.exe [2007-06-28 2512128]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-12 198160]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-11 148888]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-04-12 342848]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe [2008-01-28 1413120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpu Level Up help]
C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-11-30 881152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-11-26 1057064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
C:\Program Files\lg_fwupdate\fwupdate.exe [2007-02-26 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
C:\Program Files\MSI\Live Update 3\LMonitor.exe [2006-09-05 497152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-02-13 2196240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-11-26 1629480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-02-01 21898024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-12 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^E-Color.lnk]
C:\PROGRA~1\E-Color\Common\IconMgr.exe [2001-05-07 61440]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
DualCoreCenter.lnk - C:\Program Files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe

C:\Users\Matthieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MarvellTrayStartup.lnk - C:\Program Files\Marvell\61xx\tray\RaidTray.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=FFFFFFFF
"NoDriveTypeAutoRun"=36
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-06-28 21:40:16 ----D---- C:\rsit
2009-06-28 21:21:51 ----RASHD---- C:\winfile.exe
2009-06-28 21:21:51 ----RASHD---- C:\temp2.exe
2009-06-28 21:21:51 ----RASHD---- C:\temp1.exe
2009-06-28 21:21:51 ----RASHD---- C:\temp.exe
2009-06-28 21:21:51 ----RASHD---- C:\start.exe
2009-06-28 21:21:51 ----RASHD---- C:\sqlserv.exe
2009-06-28 21:21:51 ----RASHD---- C:\ravmon.log
2009-06-28 21:21:51 ----RASHD---- C:\ravmon.exe
2009-06-28 21:21:51 ----RASHD---- C:\ntdelect.com
2009-06-28 21:21:51 ----RASHD---- C:\msvcr71.dll
2009-06-28 21:21:51 ----RASHD---- C:\info.exe
2009-06-28 21:21:51 ----RASHD---- C:\host.exe
2009-06-28 21:21:51 ----RASHD---- C:\copy.exe
2009-06-28 21:21:51 ----RASHD---- C:\comment.htt
2009-06-28 21:21:51 ----RASHD---- C:\autorun.inf
2009-06-28 21:21:51 ----RASHD---- C:\adober.exe
2009-06-28 21:21:50 ----HD---- C:\bdtmp
2009-06-28 21:16:53 ----A---- C:\UsbFix.txt
2009-06-28 21:16:27 ----D---- C:\UsbFix
2009-06-28 21:13:35 ----D---- C:\Program Files\ESET
2009-06-28 20:59:41 ----A---- C:\ComboFix.txt
2009-06-28 20:58:59 ----SHD---- C:\$RECYCLE.BIN
2009-06-28 20:48:18 ----A---- C:\Windows\zip.exe
2009-06-28 20:48:18 ----A---- C:\Windows\SWXCACLS.exe
2009-06-28 20:48:18 ----A---- C:\Windows\SWSC.exe
2009-06-28 20:48:18 ----A---- C:\Windows\SWREG.exe
2009-06-28 20:48:18 ----A---- C:\Windows\sed.exe
2009-06-28 20:48:18 ----A---- C:\Windows\PEV.exe
2009-06-28 20:48:18 ----A---- C:\Windows\NIRCMD.exe
2009-06-28 20:48:18 ----A---- C:\Windows\grep.exe
2009-06-28 20:47:51 ----D---- C:\Windows\ERDNT
2009-06-28 20:47:50 ----SD---- C:\ComboFix
2009-06-28 20:45:37 ----D---- C:\Qoobox
2009-06-28 20:26:37 ----A---- C:\curr_ver.tmp
2009-06-22 20:55:23 ----SHD---- C:\Config.Msi
2009-06-18 23:42:41 ----D---- C:\Program Files\X'nStop 2.5
2009-06-17 20:25:24 ----D---- C:\Users\Matthieu\AppData\Roaming\Regressi
2009-06-17 20:25:06 ----D---- C:\Program Files\Evariste
2009-06-15 18:56:20 ----N---- C:\Windows\system32\sculptapi.dll
2009-06-15 18:48:43 ----A---- C:\Windows\RASWIN.EXE
2009-06-11 20:53:21 ----A---- C:\Windows\system32\javaws.exe
2009-06-11 20:53:21 ----A---- C:\Windows\system32\javaw.exe
2009-06-11 20:53:21 ----A---- C:\Windows\system32\java.exe
2009-06-11 20:53:21 ----A---- C:\Windows\system32\deploytk.dll
2009-06-11 20:53:02 ----D---- C:\Program Files\Java
2009-06-11 03:18:26 ----A---- C:\Windows\system32\mshtml.dll
2009-06-11 03:18:25 ----A---- C:\Windows\system32\wininet.dll
2009-06-11 03:18:25 ----A---- C:\Windows\system32\urlmon.dll
2009-06-11 03:18:25 ----A---- C:\Windows\system32\ieframe.dll
2009-06-11 03:18:24 ----A---- C:\Windows\system32\msfeeds.dll
2009-06-11 03:18:24 ----A---- C:\Windows\system32\iertutil.dll
2009-06-11 03:18:24 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-11 03:18:23 ----A---- C:\Windows\system32\occache.dll
2009-06-11 03:18:23 ----A---- C:\Windows\system32\mstime.dll
2009-06-11 03:18:23 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-11 03:18:23 ----A---- C:\Windows\system32\ieUnatt.exe
2009-06-11 03:18:23 ----A---- C:\Windows\system32\ieencode.dll
2009-06-11 03:18:23 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-10 23:34:00 ----D---- C:\Program Files\Common Files\INCA Shared
2009-06-10 23:06:51 ----D---- C:\Program Files\Ê¢´óÍøÂç
2009-06-10 18:49:22 ----A---- C:\Windows\system32\localspl.dll
2009-06-10 18:25:58 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-02 20:31:57 ----RHD---- C:\Users\Matthieu\AppData\Roaming\SecuROM
2009-06-02 20:31:34 ----A---- C:\Windows\system32\CmdLineExt.dll
2009-06-02 19:30:17 ----D---- C:\Program Files\GameSpy
2009-06-02 19:28:29 ----D---- C:\Windows\system32\URTTEMP

======List of files/folders modified in the last 1 months======

2009-06-28 21:39:44 ----D---- C:\Windows\Temp
2009-06-28 21:35:08 ----D---- C:\Users\Matthieu\AppData\Roaming\DNA
2009-06-28 21:13:35 ----RD---- C:\Program Files
2009-06-28 21:10:03 ----D---- C:\Program Files\Mozilla Firefox
2009-06-28 21:05:02 ----D---- C:\Windows\system32\oodag
2009-06-28 21:01:08 ----D---- C:\Windows\System32
2009-06-28 21:01:08 ----D---- C:\Windows\inf
2009-06-28 21:01:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-28 21:00:12 ----D---- C:\Windows\Prefetch
2009-06-28 20:59:43 ----D---- C:\Windows\system32\fr-FR
2009-06-28 20:59:43 ----D---- C:\Windows\system32\drivers
2009-06-28 20:56:16 ----D---- C:\Windows
2009-06-28 20:56:16 ----A---- C:\Windows\system.ini
2009-06-28 20:54:51 ----D---- C:\Program Files\DNA
2009-06-28 20:51:12 ----D---- C:\Windows\AppPatch
2009-06-28 20:51:12 ----D---- C:\Program Files\Common Files
2009-06-28 20:46:23 ----D---- C:\Users\Matthieu\AppData\Roaming\Vidalia
2009-06-28 20:46:23 ----D---- C:\Users\Matthieu\AppData\Roaming\tor
2009-06-28 20:45:37 ----A---- C:\Windows\bdagent.INI
2009-06-28 00:17:00 ----SHD---- C:\System Volume Information
2009-06-27 10:12:07 ----A---- C:\Windows\NeroDigital.ini
2009-06-23 21:20:00 ----D---- C:\Users\Matthieu\AppData\Roaming\MyPhoneExplorer
2009-06-23 17:31:11 ----SD---- C:\Users\Matthieu\AppData\Roaming\Microsoft
2009-06-23 15:26:22 ----HD---- C:\ProgramData
2009-06-22 20:55:52 ----SHD---- C:\Windows\Installer
2009-06-22 16:55:29 ----D---- C:\Users\Matthieu\AppData\Roaming\BitTorrent
2009-06-17 20:25:06 ----RSD---- C:\Windows\Fonts
2009-06-17 03:01:56 ----D---- C:\Windows\registration
2009-06-17 03:01:12 ----D---- C:\Program Files\Internet Explorer
2009-06-17 01:15:57 ----D---- C:\ProgramData\Microsoft Help
2009-06-17 01:15:51 ----RSD---- C:\Windows\assembly
2009-06-17 01:14:53 ----D---- C:\Program Files\Common Files\microsoft shared
2009-06-17 01:14:36 ----D---- C:\Program Files\Microsoft Works
2009-06-13 03:00:23 ----D---- C:\Windows\system32\catroot2
2009-06-12 17:58:39 ----D---- C:\Program Files\Common Files\Steam
2009-06-12 03:01:39 ----D---- C:\Windows\winsxs
2009-06-11 03:02:40 ----D---- C:\Windows\Debug
2009-06-11 03:00:47 ----D---- C:\Windows\system32\catroot
2009-06-10 18:15:35 ----D---- C:\Windows\system32\NDF
2009-06-04 23:21:09 ----D---- C:\Program Files\E-Color
2009-06-02 20:50:12 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-02 19:10:33 ----D---- C:\Program Files\Adobe
2009-06-01 19:32:59 ----SD---- C:\Windows\Downloaded Program Files
2009-06-01 18:51:12 ----A---- C:\Windows\system32\mrt.exe
2009-06-01 00:03:01 ----D---- C:\Program Files\Common Files\System
2009-06-01 00:03:01 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-01-25 156688]
R1 InCDPass;InCDPass; C:\Windows\system32\drivers\InCDPass.sys [2007-11-26 36776]
R1 incdrm;InCD Reader; C:\Windows\system32\drivers\InCDRm.sys [2007-11-26 38440]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x86.sys [2007-12-17 46592]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792]
R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-01-07 196368]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-01-16 8320]
R3 catchme;catchme; \??\C:\Users\Matthieu\AppData\Local\Temp\catchme.sys []
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-04-12 25280]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-26 1761696]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2008-02-05 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-02-06 41752]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-03-27 7738816]
R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2008-02-06 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2008-02-06 2570520]
R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
R3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
R4 InCDfs;InCD File System; C:\Windows\system32\drivers\InCDFs.sys [2007-11-26 118952]
S3 ac5nvj81;ac5nvj81; C:\Windows\system32\drivers\ac5nvj81.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys [2007-04-17 28160]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\Windows\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\Windows\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\Windows\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\Windows\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2008-02-05 689176]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2007-07-12 12800]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-11-18 1179648]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-02-05 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-02-05 150040]
R2 Marvell RAID;Marvell RAID Event Agent; C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe [2007-06-12 61440]
R2 MRUWebService;MRU Web Service; C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe [2007-05-23 20539]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-08-29 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-03-27 207392]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2007-06-28 1049856]
R2 OOCleverCacheAgent;O&O CleverCache Agent; C:\Program Files\OO Software\CleverCache\ooccag.exe [2007-01-28 391952]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-05-14 272024]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-08-29 1261568]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2007-11-27 86016]
R3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2008-02-05 141848]
S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-18 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-11-26 1554728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-09-17 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-04-15 2722845]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-06-13 316664]

-----------------EOF-----------------

Et le fichier Info :
info.txt logfile of random's system information tool 1.06 2009-06-28 21:40:34

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\NuNInst.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
3DMark06-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Reader 9.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AI Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x40c
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x40c
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E19F210-3813-4002-B561-94D66AA182B6}\setup.exe" -l0x9 -removeonly
Atheros Ethernet Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
BitDefender Internet Security 2008-->MsiExec.exe /I{4FD01CB0-EC34-4199-8037-08DE3E64A0A3}
Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe /X{9A996B6A-846E-4A89-B9C4-17546B7BE49F}
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon MP520 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series /L0x000c
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chime/Chime Pro for Internet Explorer-->C:\Windows\IsUninst.exe -f"C:\Program Files\Internet Explorer\Plugins\chime26.isu"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.70.1196\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.70" /clone_wait /hide_progress
DualCoreCenter-->"C:\Program Files\MSI\DualCoreCenter\unins000.exe"
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
E-Color Indicator-->C:\Windows\IsUninst.exe -f"C:\Program Files\E-Color\E-Color Indicator\Uninst.isu" -c"C:\Program Files\E-Color\E-Color Indicator\TICUninstall.dll"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
EVEREST Home Edition v2.20-->"F:\EVEREST Home Edition\unins000.exe"
Fraps (remove only)-->"F:\Fraps\uninstall.exe"
Hamachi 1.0.2.5-->C:\Program Files\Hamachi\uninstall.exe
Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x40c
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\Setup.exe"
Logitech QuickCam-->MsiExec.exe /X{6444D9D9-CD6C-4464-B970-55C606C944DC}
marvell 61xx-->C:\Program Files\Marvell\61xx\uninst-61xx.exe
Marvell MRU-->C:\Program Files\Marvell\61xx\un61xxmru.exe
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI Live Update 3-->C:\Windows\IsUninst.exe -f"C:\Program Files\MSI\Live Update 3\Uninst.isu"
MSI Live-->C:\Windows\IsUninst.exe -f"C:\Program Files\MSI\MSI Live\Uninst.isu"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MyPhoneExplorer-->C:\Program Files\MyPhoneExplorer\uninstall.exe
Nero 7 Essentials-->MsiExec.exe /X{27C0CED3-E9FA-4EA0-96AA-FAECE5F81036}
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-019A-X6AM-Z365-28EH-AX3K-LL1X-19HP"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
O&O CleverCache-->MsiExec.exe /X{53480390-0EC4-429E-BBEE-78E19EEB03BD}
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
ÓÀºãÖ®Ëþ-->C:\Program Files\Ê¢´óÍøÂç\ÓÀºãÖ®Ëþ\uninst.exe
OCCT Perestroika 2.0.1-->"C:\Program Files\OCCT\unins000.exe"
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Privoxy 3.0.6-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Regressi-->MsiExec.exe /I{E2E164AB-1367-488F-8F1F-BA312DB2FF18}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Titan Quest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x40c -removeonly
Tor 0.2.0.34-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
UsbFix-->C:\UsbFix\Uninstal.exe
Ventrilo Server-->MsiExec.exe /I{85DD724B-15E5-4572-81BF-CF9031D83848}
Vidalia 0.1.10-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
VideoLAN VLC media player 0.8.5-freehd-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
X'nStop 2.5-->"C:\Program Files\X'nStop 2.5\unins000.exe"

======Security center information======

AV: Bitdefender Antivirus
FW: Bitdefender Firewall
AS: BitDefender AntiSpam
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender

======System event log======

Computer Name: PC-de-Matthieu
Event Code: 4
Message: Le filtre de système de fichiers « bdfsfltr » (Version 6.0, 2007-12-31T10:12:12.000Z) n’a pas réussi à s’attacher au volume « \Device\CdRom2 ». Le filtre a renvoyé un état final non standard 0xc0000013. Ce filtre et/ou les applications qui le prennent en charge doivent gérer cette condition. Si cette condition persiste, contactez le fournisseur.
Record Number: 13430
Source Name: Microsoft-Windows-FilterManager
Time Written: 20090628193201.167632-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Matthieu
Event Code: 4
Message: Le filtre de système de fichiers « bdfsfltr » (Version 6.0, 2007-12-31T10:12:12.000Z) n’a pas réussi à s’attacher au volume « \Device\CdRom0 ». Le filtre a renvoyé un état final non standard 0xc0000013. Ce filtre et/ou les applications qui le prennent en charge doivent gérer cette condition. Si cette condition persiste, contactez le fournisseur.
Record Number: 13431
Source Name: Microsoft-Windows-FilterManager
Time Written: 20090628193304.075632-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Matthieu
Event Code: 4
Message: Le filtre de système de fichiers « bdfsfltr » (Version 6.0, 2007-12-31T10:12:12.000Z) n’a pas réussi à s’attacher au volume « \Device\CdRom1 ». Le filtre a renvoyé un état final non standard 0xc0000013. Ce filtre et/ou les applications qui le prennent en charge doivent gérer cette condition. Si cette condition persiste, contactez le fournisseur.
Record Number: 13432
Source Name: Microsoft-Windows-FilterManager
Time Written: 20090628193304.075632-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Matthieu
Event Code: 4
Message: Le filtre de système de fichiers « bdfsfltr » (Version 6.0, 2007-12-31T10:12:12.000Z) n’a pas réussi à s’attacher au volume « \Device\CdRom2 ». Le filtre a renvoyé un état final non standard 0xc0000013. Ce filtre et/ou les applications qui le prennent en charge doivent gérer cette condition. Si cette condition persiste, contactez le fournisseur.
Record Number: 13433
Source Name: Microsoft-Windows-FilterManager
Time Written: 20090628193304.076632-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Matthieu
Event Code: 4
Message: Le filtre de système de fichiers « bdfsfltr » (Version 6.0, 2007-12-31T10:12:12.000Z) n’a pas réussi à s’attacher au volume « \Device\CdRom0 ». Le filtre a renvoyé un état final non standard 0xc0000013. Ce filtre et/ou les applications qui le prennent en charge doivent gérer cette condition. Si cette condition persiste, contactez le fournisseur.
Record Number: 13435
Source Name: Microsoft-Windows-FilterManager
Time Written: 20090628194033.484632-000
Event Type: Avertissement
User: PC-de-Matthieu\Matthieu

=====Application event log=====

Computer Name: PC-de-Matthieu
Event Code: 1008
Message: Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\system32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur.
Record Number: 4193
Source Name: Microsoft-Windows-Perflib
Time Written: 20090623132749.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Matthieu
Event Code: 1010
Message: La procédure de ramassage pour le service « EmdCache » dans la DLL « C:\Windows\system32\emdmgmt.dll » a généré une exception ou retourné un état non valide. Les données de performance retournées par la DLL de compteur ne seront pas renvoyées dans le bloc de données Perf. Le premier mot (DWORD) de la section Données contient le code d’exception ou le code d’état.
Record Number: 4194
Source Name: Microsoft-Windows-Perflib
Time Written: 20090623132750.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Matthieu
Event Code: 1008
Message: Échec de la procédure d’ouverture pour le service « PNRPsvc » dans la DLL « C:\Windows\system32\pnrpperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur.
Record Number: 4195
Source Name: Microsoft-Windows-Perflib
Time Written: 20090623132752.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Matthieu
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
15 user registry handles leaked from \Registry\User\S-1-5-21-688644113-2982533412-3210815772-1000:
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-688644113-2982533412-3210815772-1000
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-688644113-2982533412-3210815772-1000
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-688644113-2982533412-3210815772-1000
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-688644113-2982533412-3210815772-1000
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-688644113-2982533412-3210815772-1000\Software\Microsoft\SystemCertificates\CA
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-688644113-2982533412-3210815772-1000\Software\Microsoft\SystemCertificates\Root
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-688644113-2982533412-3210815772-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-688644113-2982533412-3210815772-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-688644113-2982533412-3210815772-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-688644113-2982533412-3210815772-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-688644113-2982533412-3210815772-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-688644113-2982533412-3210815772-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-688644113-2982533412-3210815772-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-688644113-2982533412-3210815772-1000\Software\Microsoft\SystemCertificates\My
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-688644113-2982533412-3210815772-1000\Software\Microsoft\SystemCertificates\trust

Record Number: 4282
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090628185255.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Matthieu
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 4299
Source Name: Microsoft-Windows-WMI
Time Written: 20090628185451.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC-de-Matthieu
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 4592
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090628194031.261632-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Matthieu
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 4593
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090628194031.279632-000
Event Type: Échec de l'audit
User:

Computer Name: PC-de-Matthieu
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 4594
Source Name: Microsoft-Windows-Security-Audit

Répondre à Aurahire

Aurahire, le 28 jun 2009 à 22:08:05

Ptit UP pour toi inferno.vir ,
J'ai bien fait ce que tu ma dis, Si jamais quelqu'un d'autre s'interesse a mon sujet ! Ya aucun soucis je prends les avis et conseil de tout le monde au point ou j'en suis !
Merci d'avance !
Aurahire

Répondre à Aurahire

InfernO.vir, le 28 jun 2009 à 22:13:59

Bien infecté ,

Important /!\ : Execute combofix en tant qu'administrateur (clic droit sur combofix > executer en tant ...)

Desacttive l'UAC de vista : http://www.nasedowebsite.info/tutoriaux/desactiver-uac-windows-vista-68

/!\ ATTENTION LOGICIEL TRES PUISSANT POUVANT ETRE DANGEREUX SI IL EST UTILISE ALEATOIREMENT /!\
----------------------------------------------------------------------------------------------------------------
Desactive toutes protections residentes (Antivirus, Antispyware, tea-timer de Spybot s&d...)

* Télécharge Combofix de sUBs

* Renomme-le en avril.exe

* Enregistre-le impérativement sur ton bureau

* Déconnecte-toi du net et désactive ton antivirus (juste le temps de la procédure).

* Ferme toutes les fenêtres.

* Double-clique sur avril.exe (ne clique pas sur la fenêtre qui s'ouvre).

* Appuie sur Y pour lancer le scan.

* A la fin du scan (cela peut prendre du temps), un rapport sera créé. (C:\Combofix.txt)

* Poste ce rapport dans ton / tes prochain(s) message(s).

~#*'"»€le©τ®!C™«"'*#~ --P0i$oN->

Répondre à InfernO.vir

Aurahire, le 28 jun 2009 à 22:45:24

Voila le resultat de combofix :
Merci bien !
ComboFix 09-06-26.02 - Matthieu 06/28/2009 22:31.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.2182 [GMT 2:00]
Running from: c:\users\Matthieu\Desktop\avril.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender AntiSpam *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.
The following files were disabled during the run:
c:\windows\TEMP\logishrd\LVPrcInj01.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 20:40 . 2009-04-12 11:14 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-28 20:40 . 2009-04-12 12:51 -------- d-----w- c:\users\Matthieu\AppData\Roaming\DNA
2009-06-28 20:40 . 2009-04-12 12:51 -------- d-----w- c:\program files\DNA
2009-06-28 20:40 . 2009-04-11 23:38 6553600 --sha-w- c:\users\Matthieu\ntuser.dat
2009-06-28 20:39 . 2006-11-02 12:47 262144 --sha-w- c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
2009-06-28 20:39 . 2006-11-02 12:47 262144 --sha-w- c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
2009-06-28 20:37 . 2009-04-12 09:34 9 ----a-w- c:\windows\mvraidver.dat
2009-06-28 20:36 . 2006-11-02 12:57 67584 --s-a-w- c:\windows\bootstat.dat
2009-06-28 20:36 . 2009-04-11 23:32 3220299776 --sha-w- C:\hiberfil.sys
2009-06-28 20:36 . 2008-08-28 15:54 3534094336 --sha-w- C:\pagefile.sys
2009-06-28 20:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Internet Explorer
2009-06-28 20:25 . 2009-06-28 20:26 318976 ----a-w- c:\windows\system32\CF10812.exe
2009-06-28 19:13 . 2009-06-28 19:13 -------- d-----w- c:\program files\ESET
2009-06-28 19:10 . 2009-04-12 10:01 -------- d-----w- c:\program files\Mozilla Firefox
2009-06-28 19:01 . 2008-01-21 08:40 681878 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-28 19:01 . 2008-01-21 08:40 129058 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-28 19:01 . 2006-11-02 10:33 608928 ----a-w- c:\windows\system32\perfh009.dat
2009-06-28 19:01 . 2006-11-02 10:33 106462 ----a-w- c:\windows\system32\perfc009.dat
2009-06-28 18:51 . 2006-11-02 11:18 -------- d-----w- c:\program files\Common Files
2009-06-28 18:48 . 2006-11-02 12:43 262144 ----a-w- c:\windows\system32\config\systemprofile\ntuser.dat
2009-06-28 18:48 . 2006-11-02 10:22 262144 --sha-w- c:\users\Default\NTUSER.DAT
2009-06-28 18:46 . 2009-05-15 18:20 -------- d-----w- c:\users\Matthieu\AppData\Roaming\tor
2009-06-28 18:46 . 2009-05-13 19:55 -------- d-----w- c:\users\Matthieu\AppData\Roaming\Vidalia
2009-06-28 18:26 . 2009-06-28 18:26 172 ----a-w- C:\curr_ver.tmp
2009-06-23 19:20 . 2009-04-12 12:52 -------- d-----w- c:\users\Matthieu\AppData\Roaming\MyPhoneExplorer
2009-06-23 15:31 . 2009-04-11 23:38 -------- d-s---w- c:\users\Matthieu\AppData\Roaming\Microsoft
2009-06-22 14:55 . 2009-04-12 12:51 -------- d-----w- c:\users\Matthieu\AppData\Roaming\BitTorrent
2009-06-19 16:29 . 2006-11-02 12:47 1718496 ----a-w- c:\windows\system32\FNTCACHE.DAT
2009-06-18 21:42 . 2009-06-18 21:42 -------- d-----w- c:\program files\X'nStop 2.5
2009-06-17 18:47 . 2009-04-11 23:39 101744 ----a-w- c:\users\Matthieu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-17 18:25 . 2009-06-17 18:25 -------- d-----w- c:\users\Matthieu\AppData\Roaming\Regressi
2009-06-17 18:25 . 2009-06-17 18:25 40960 ----a-r- c:\users\Matthieu\AppData\Roaming\Microsoft\Installer\{E2E164AB-1367-488F-8F1F-BA312DB2FF18}\NewShortcut1_E2E164AB1367488F8F1FBA312DB2FF18_1.exe
2009-06-17 18:25 . 2009-06-17 18:25 40960 ----a-r- c:\users\Matthieu\AppData\Roaming\Microsoft\Installer\{E2E164AB-1367-488F-8F1F-BA312DB2FF18}\New_Shortcut_S3177_E2E164AB1367488F8F1FBA312DB2FF18.exe
2009-06-17 18:25 . 2009-06-17 18:25 40960 ----a-r- c:\users\Matthieu\AppData\Roaming\Microsoft\Installer\{E2E164AB-1367-488F-8F1F-BA312DB2FF18}\ARPPRODUCTICON.exe
2009-06-17 18:25 . 2009-06-17 18:25 -------- d-----w- c:\program files\Evariste
2009-06-16 23:15 . 2009-04-13 16:42 -------- d-----w- c:\programdata\Microsoft Help
2009-06-16 23:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Common Files\microsoft shared
2009-06-16 23:14 . 2009-04-13 16:46 -------- d-----w- c:\program files\Microsoft Works
2009-06-12 15:58 . 2009-04-12 13:32 -------- d-----w- c:\program files\Common Files\Steam
2009-06-11 18:53 . 2009-06-11 18:53 148888 ----a-w- c:\windows\system32\javaws.exe
2009-06-11 18:53 . 2009-06-11 18:53 144792 ----a-w- c:\windows\system32\javaw.exe
2009-06-11 18:53 . 2009-06-11 18:53 144792 ----a-w- c:\windows\system32\java.exe
2009-06-11 18:53 . 2009-06-11 18:53 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-11 18:53 . 2009-06-11 18:53 -------- d-----w- c:\program files\Java
2009-06-10 21:34 . 2009-06-10 21:34 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-06-10 21:06 . 2009-06-10 21:06 -------- d-----w- c:\program files\Ê¢´óÍøÂç
2009-06-08 06:10 . 2009-06-28 18:48 155136 ----a-w- c:\windows\PEV.exe
2009-06-04 21:21 . 2009-04-12 10:07 -------- d-----w- c:\program files\E-Color
2009-06-02 18:50 . 2009-04-12 09:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-02 18:31 . 2009-06-02 18:31 -------- d--h--r- c:\users\Matthieu\AppData\Roaming\SecuROM
2009-06-02 18:31 . 2009-06-02 18:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-02 17:30 . 2009-06-02 17:30 -------- d-----w- c:\program files\GameSpy
2009-06-02 17:10 . 2009-04-13 12:00 -------- d-----w- c:\program files\Adobe
2009-06-01 16:51 . 2006-11-02 10:24 23635392 ----a-w- c:\windows\system32\mrt.exe
2009-05-31 22:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Common Files\System
2009-05-26 20:46 . 2009-04-12 12:16 -------- d---a-w- c:\programdata\TEMP
2009-05-25 05:19 . 2006-11-02 11:18 -------- d-s---w- c:\programdata\Microsoft
2009-05-18 15:43 . 2009-04-12 10:21 -------- d-----w- c:\users\Matthieu\AppData\Roaming\Adobe
2009-05-18 15:35 . 2009-04-13 12:00 -------- d-----w- c:\programdata\Adobe
2009-05-18 15:35 . 2009-05-18 15:35 -------- d-----w- c:\program files\Bonjour
2009-05-18 15:35 . 2009-04-13 12:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-18 15:27 . 2009-05-18 15:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-17 17:33 . 2009-04-14 21:01 -------- d-----w- c:\programdata\eMule
2009-05-17 17:33 . 2009-05-17 17:33 -------- d-----w- c:\program files\eMule
2009-05-17 08:34 . 2009-04-12 12:39 -------- d-----w- c:\program files\WinRAR
2009-05-13 21:39 . 2009-05-13 21:39 -------- d-----w- c:\programdata\2DBoy
2009-05-13 19:55 . 2009-05-13 19:55 -------- d-----w- c:\program files\Vidalia Bundle
2009-05-09 15:26 . 2009-05-09 15:26 -------- d-----w- c:\program files\Day of Defeat Source
2009-05-09 08:10 . 2009-05-09 08:05 -------- d-----w- c:\users\Matthieu\AppData\Roaming\Ventrilo
2009-05-09 08:04 . 2009-05-09 08:03 -------- d-----w- c:\program files\VentSrv
2009-05-09 08:03 . 2009-05-09 08:03 2855 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\VentSrv\Command Prompt - Win9x.pif
2009-05-09 08:02 . 2009-04-12 10:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-09 05:50 . 2009-06-28 20:01 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:49 . 2009-06-28 20:01 1207808 ----a-w- c:\windows\system32\urlmon.dll
2009-05-09 05:38 . 2009-06-28 20:01 5936128 ----a-w- c:\windows\system32\mshtml.dll
2009-05-09 05:35 . 2009-06-28 20:01 25600 ----a-w- c:\windows\system32\jsproxy.dll
2009-05-09 05:34 . 2009-06-28 20:01 164352 ----a-w- c:\windows\system32\ieui.dll
2009-05-09 05:34 . 2009-06-28 20:01 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-09 05:34 . 2009-06-28 20:01 1985024 ----a-w- c:\windows\system32\iertutil.dll
2009-05-09 05:34 . 2009-06-28 20:01 55808 ----a-w- c:\windows\system32\iernonce.dll
2009-05-09 05:34 . 2009-06-28 20:01 11064832 ----a-w- c:\windows\system32\ieframe.dll
2009-05-09 05:34 . 2009-06-28 20:01 385536 ----a-w- c:\windows\system32\iedkcs32.dll
2009-05-09 03:36 . 2009-06-28 20:01 173056 ----a-w- c:\windows\system32\ie4uinit.exe
2009-04-25 08:12 . 2009-04-25 08:12 1870 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-04-23 12:43 . 2009-06-10 16:25 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 16:49 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 16:15 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-20 10:56 . 2009-06-28 18:48 31232 ----a-w- c:\windows\NIRCMD.exe
2009-04-13 11:24 . 2009-04-11 23:37 48600 ----a-w- c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-13 11:13 . 2009-04-13 11:13 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-04-13 11:13 . 2009-04-13 11:13 2246144 ----a-w- c:\windows\system32\pbsvc.exe
2009-04-12 19:36 . 2009-04-12 12:50 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-12 12:43 . 2009-04-12 12:43 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2009-04-12 12:43 . 2009-04-12 12:43 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2009-04-12 12:39 . 2009-04-12 12:39 185920 ----a-w- c:\windows\system32\rmoc3260.dll
2009-04-12 12:39 . 2009-04-12 12:39 6656 ----a-w- c:\windows\system32\pndx5016.dll
2009-04-12 12:39 . 2009-04-12 12:39 5632 ----a-w- c:\windows\system32\pndx5032.dll
2009-04-12 12:39 . 2009-04-12 12:39 278528 ----a-w- c:\windows\system32\pncrt.dll
2009-04-12 12:33 . 2009-04-12 12:33 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-04-12 11:13 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-05-29 14:40 . 2009-04-12 12:58 7296000 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-28_18.56.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-28 19:57 . 2009-03-08 11:32 94720 c:\windows\winsxs\x86_microsoft-windows-ie-setup_31bf3856ad364e35_8.0.6001.18702_none_7c2a7e005d93bd9b\inseng.dll
+ 2009-06-28 20:01 . 2009-05-12 22:35 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\iesetup.dll
+ 2009-06-28 20:01 . 2009-05-12 22:35 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\iernonce.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\iesetup.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\iernonce.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iesetup.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iernonce.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31 59904 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_8.0.6001.18702_none_3d86a1c07a097782\icardie.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31 34816 c:\windows\winsxs\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_8.0.6001.18702_none_20dfeb2e08d9ec0a\imgutil.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32 66560 c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\wextract.exe
+ 2009-06-28 19:57 . 2009-03-08 11:31 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_8.0.6001.18702_none_d658a8dacff20c9e\mshtmler.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31 66560 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.6001.18702_none_2b140bc159303551\mshtmled.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31 45568 c:\windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.6001.18702_none_3c45119b1f28ff3d\mshta.exe
+ 2009-06-28 19:57 . 2009-03-08 11:31 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedssync.exe
+ 2009-06-28 19:57 . 2009-03-08 11:31 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedsbs.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34 43008 c:\windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.6001.18702_none_accc7a4465be292a\licmgr10.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\admparse.dll
+ 2009-06-28 20:01 . 2009-05-12 22:49 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\WininetPlugin.dll
+ 2009-06-28 20:01 . 2009-05-12 22:36 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\jsproxy.dll
+ 2009-06-28 20:01 . 2009-05-09 05:50 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\WininetPlugin.dll
+ 2009-06-28 20:01 . 2009-05-09 05:35 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\jsproxy.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\WininetPlugin.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\jsproxy.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 18944 c:\windows\winsxs\x86_microsoft-windows-i..tivexpolicyprovider_31bf3856ad364e35_8.0.6001.18702_none_6f561c09617d9439\corpol.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31 46592 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_8.0.6001.18702_none_d0b191832934e44c\pngfilt.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32 66560 c:\windows\System32\wextract.exe
+ 2008-01-21 01:58 . 2009-06-28 20:32 39006 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-06-28 20:32 79136 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-28 19:57 . 2009-03-08 11:31 46592 c:\windows\System32\pngfilt.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31 48128 c:\windows\System32\mshtmler.dll
- 2006-11-02 07:33 . 2006-11-02 07:33 48128 c:\windows\System32\mshtmler.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31 66560 c:\windows\System32\mshtmled.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 45568 c:\windows\System32\mshta.exe
+ 2009-06-28 19:57 . 2009-03-08 11:31 45568 c:\windows\System32\mshta.exe
+ 2009-06-28 19:57 . 2009-03-08 11:31 13312 c:\windows\System32\msfeedssync.exe
+ 2009-06-28 19:57 . 2009-03-08 11:31 55296 c:\windows\System32\msfeedsbs.dll
+ 2009-06-28 20:01 . 2009-05-09 05:50 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2009-04-12 09:54 . 2008-02-22 05:01 64512 c:\windows\System32\migration\WininetPlugin.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34 43008 c:\windows\System32\licmgr10.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32 94720 c:\windows\System32\inseng.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31 34816 c:\windows\System32\imgutil.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31 59904 c:\windows\System32\icardie.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 18944 c:\windows\System32\corpol.dll
+ 2009-04-11 23:38 . 2009-06-28 20:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-11 23:38 . 2009-06-26 14:38 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-11 23:38 . 2009-06-26 14:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-28 19:13 . 2009-06-28 20:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-11 23:38 . 2009-06-26 14:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-11 23:38 . 2009-06-28 20:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-28 19:57 . 2009-03-08 11:32 72704 c:\windows\System32\admparse.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 72704 c:\windows\System32\admparse.dll
+ 2009-06-28 19:57 . 2009-03-08 11:35 2048 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18702_none_83daaad046b59436\iecompat.dll
+ 2009-04-11 23:40 . 2009-06-28 20:32 4150 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-688644113-2982533412-3210815772-1000_UserData.bin
- 2009-06-28 18:54 . 2009-06-28 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-28 20:29 . 2009-06-28 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-06-28 20:29 . 2009-06-28 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-28 18:54 . 2009-06-28 18:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-06-28 19:57 . 2009-03-08 11:33 420352 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_8.0.6001.18702_none_2b4525a943b273a6\vbscript.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 726528 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18702_none_65cb0af10cefc76a\jscript.dll
+ 2009-06-28 19:57 . 2009-03-08 11:22 156160 c:\windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_8.0.6001.18702_none_aeeaf610b83f2e48\msls31.dll
+ 2009-06-28 19:57 . 2009-03-08 11:35 121344 c:\windows\winsxs\x86_microsoft-windows-js-debuggeride_31bf3856ad364e35_8.0.6001.18702_none_1de359b6148047cc\jsdebuggeride.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 256000 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.6001.18702_none_cb86fb78a76dcdde\ieinstal.exe
+ 2009-06-28 20:01 . 2009-05-12 22:35 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22874_none_47cd7ce4dd3f0fb5\ieui.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18783_none_47380fe3c42a7285\ieui.dll
+ 2009-06-28 19:57 . 2009-03-08 11:22 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieui.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34 105984 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.6001.18702_none_d315f3a07395d0ed\url.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34 208384 c:\windows\winsxs\x86_microsoft-windows-ie-winfxdocobj_31bf3856ad364e35_8.0.6001.18702_none_d4a239fe30224f93\WinFXDocObj.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33 759296 c:\windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_8.0.6001.18702_none_d02233c4fe8667df\VGX.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18702_none_fe7d3c2acfc7f690\iesysprep.dll
+ 2009-06-28 20:01 . 2009-05-12 20:35 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\ie4uinit.exe
+ 2009-06-28 20:01 . 2009-05-09 03:36 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\ie4uinit.exe
+ 2009-06-28 19:57 . 2009-03-08 11:32 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\ie4uinit.exe
+ 2009-06-28 20:01 . 2009-05-12 22:48 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22874_none_2aceba9ebba436af\sqmapi.dll
+ 2009-06-28 20:01 . 2009-05-09 05:48 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18783_none_2a394d9da28f997f\sqmapi.dll
+ 2009-06-28 19:57 . 2009-03-08 21:09 140128 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\sqmapi.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34 193536 c:\windows\winsxs\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_8.0.6001.18702_none_aa7d60ae7286ab24\msrating.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 109568 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\PDMSetup.exe
+ 2009-06-28 19:57 . 2009-01-08 01:20 355832 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\pdm.dll
+ 2009-06-28 19:57 . 2009-01-08 01:20 265720 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\msdbg2.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34 236544 c:\windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.6001.18702_none_44170552678500f2\webcheck.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34 109568 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18702_none_1a118a8629ee860e\occache.dll
+ 2009-06-28 19:57 . 2009-03-08 11:35 233984 c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_8.0.6001.18702_none_d5ea1c01e3fe67ea\jsprofilerui.dll
+ 2009-06-28 19:57 . 2009-03-08 11:35 118272 c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_8.0.6001.18702_none_ed92bec9472aab53\JSProfilerCore.dll
+ 2009-06-28 19:57 . 2009-03-08 11:35 521216 c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.6001.18702_none_9d577137e370ad2c\jsdbgui.dll
+ 2009-06-28 19:57 . 2009-03-08 21:09 638816 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33 132608 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\ieUnatt.exe
+ 2009-06-28 19:57 . 2009-03-08 11:35 144384 c:\windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.6001.18702_none_10e8e2fad95106ab\ExtExport.exe
+ 2009-06-28 19:57 . 2009-03-08 11:32 169472 c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\iexpress.exe
+ 2009-06-28 20:01 . 2009-05-12 22:35 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22874_none_2ab8403ac959093f\IEShims.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18783_none_2a22d339b0446c0f\IEShims.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 196096 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18702_none_2a78524fb0047330\IEShims.dll
+ 2009-06-28 20:01 . 2009-05-12 22:35 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22874_none_7359f4a479b0a2d1\ieproxy.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18783_none_72c487a3609c05a1\ieproxy.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 246784 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18702_none_731a06b9605c0cc2\ieproxy.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34 115712 c:\windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.6001.18702_none_e9612e8087062a88\ielowutil.exe
+ 2009-06-28 20:03 . 2009-05-30 13:15 102912 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22883_none_840ec88560132cdf\iecompat.dll
+ 2009-06-28 20:03 . 2009-06-02 03:27 102912 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18793_none_837a5bce46fda906\iecompat.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 125952 c:\windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_8.0.6001.18702_none_a0d17792aa595b3e\iecleanup.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33 103936 c:\windows\winsxs\x86_microsoft-windows-ie-gc-setdepnx_31bf3856ad364e35_8.0.6001.18702_none_9396116207a33bbc\SetDepNx.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33 107520 c:\windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.6001.18702_none_0ad3f877399acafc\RegisterIEPKEYs.exe
+ 2009-06-28 19:57 . 2009-03-08 11:32 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18702_none_42d1aca65041d4fb\msfeeds.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31 216064 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtrans.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31 348160 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtmsft.dll
+ 2009-06-28 19:57 . 2009-03-08 11:35 742912 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.18702_none_1e902f2a55a1ce84\iedvtool.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31 183808 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18702_none_1faea70907d94aa5\iepeers.dll
+ 2009-06-28 19:57 . 2009-03-08 11:11 445952 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32 163840 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieakui.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 229376 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieaksie.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 125952 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_8.0.6001.18702_none_87015889ddff063f\ieakeng.dll
+ 2009-06-28 20:01 . 2009-05-12 22:34 385536 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22874_none_577b7cbe869d3919\iedkcs32.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34 385536 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18783_none_56e60fbd6d889be9\iedkcs32.dll
+ 2009-06-28 19:57 . 2009-03-08 21:09 391536 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18702_none_573b8ed36d48a30a\iedkcs32.dll
+ 2009-06-28 20:01 . 2009-05-12 22:49 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\wininet.dll
+ 2009-06-28 20:01 . 2009-05-09 05:50 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\wininet.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34 914944 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.18702_none_c3b0c8fe923e1b1f\mstime.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 107008 c:\windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.6001.18702_none_eb622404d6d4cb81\SetIEInstalledDate.exe
+ 2009-06-28 19:57 . 2009-03-08 11:32 128512 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_8.0.6001.18702_none_8eb687d4089bfe4d\advpack.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 208384 c:\windows\System32\WinFXDocObj.exe
+ 2009-06-28 19:57 . 2009-03-08 11:34 208384 c:\windows\System32\WinFXDocObj.exe
+ 2009-06-28 19:57 . 2009-03-08 11:34 236544 c:\windows\System32\webcheck.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 420352 c:\windows\System32\vbscript.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 105984 c:\windows\System32\url.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34 105984 c:\windows\System32\url.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 107008 c:\windows\System32\SetIEInstalledDate.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33 103936 c:\windows\System32\SetDepNx.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33 107520 c:\windows\System32\RegisterIEPKEYs.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33 109568 c:\windows\System32\PDMSetup.exe
+ 2009-06-28 19:57 . 2009-03-08 11:34 109568 c:\windows\System32\occache.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32 611840 c:\windows\System32\mstime.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34 193536 c:\windows\System32\msrating.dll
+ 2009-06-28 19:57 . 2009-03-08 11:22 156160 c:\windows\System32\msls31.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 156160 c:\windows\System32\msls31.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32 594432 c:\windows\System32\msfeeds.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 726528 c:\windows\System32\jscript.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32 169472 c:\windows\System32\iexpress.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33 132608 c:\windows\System32\ieUnatt.exe
+ 2009-06-28 19:57 . 2009-03-08 11:33 109056 c:\windows\System32\iesysprep.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31 183808 c:\windows\System32\iepeers.dll
+ 2009-06-28 19:57 . 2009-03-08 11:11 445952 c:\windows\System32\ieapfltr.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32 163840 c:\windows\System32\ieakui.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 229376 c:\windows\System32\ieaksie.dll
+ 2009-06-28 19:57 . 2009-03-08 11:33 125952 c:\windows\System32\ieakeng.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31 216064 c:\windows\System32\dxtrans.dll
+ 2009-06-28 19:57 . 2009-03-08 11:31 348160 c:\windows\System32\dxtmsft.dll
+ 2009-06-28 20:29 . 2009-06-28 20:37 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-28 19:57 . 2009-03-08 11:32 128512 c:\windows\System32\advpack.dll
+ 2009-06-28 20:01 . 2009-05-12 22:35 1985024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22874_none_2aceba9ebba436af\iertutil.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34 1985024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18783_none_2a394d9da28f997f\iertutil.dll
+ 2009-06-28 19:57 . 2009-03-08 11:32 1985024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\iertutil.dll
+ 2009-06-28 20:01 . 2009-05-12 22:39 5936128 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22874_none_f66e22e151498188\mshtml.dll
+ 2009-06-28 20:01 . 2009-05-09 05:38 5936128 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18783_none_f5d8b5e03834e458\mshtml.dll
+ 2009-06-28 19:56 . 2009-03-08 11:41 5937152 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18702_none_f62e34f637f4eb79\mshtml.dll
+ 2009-06-28 19:57 . 2009-02-07 04:07 3698584 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dat
+ 2009-06-28 20:01 . 2009-05-12 22:48 1207808 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22874_none_980e282105e9f1bf\urlmon.dll
+ 2009-06-28 20:01 . 2009-05-09 05:49 1207808 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18783_none_9778bb1fecd5548f\urlmon.dll
+ 2009-06-28 19:57 . 2009-03-08 11:34 1206784 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18702_none_97ce3a35ec955bb0\urlmon.dll
+ 2006-11-02 10:22 . 2009-06-28 20:35 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-06-14 23:10 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-06-28 19:57 . 2009-02-07 04:07 3698584 c:\windows\System32\ieapfltr.dat
+ 2009-06-28 20:31 . 2009-06-28 20:31 6221824 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-06-28 20:01 . 2009-05-12 22:35 11064832 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22874_none_47cd7ce4dd3f0fb5\ieframe.dll
+ 2009-06-28 20:01 . 2009-05-09 05:34 11064832 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18783_none_47380fe3c42a7285\ieframe.dll
+ 2009-06-28 19:56 . 2009-03-08 11:39 11063808 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieframe.dll
+ 2009-05-31 23:27 . 2009-06-28 20:03 36173384 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

c:\users\Matthieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MarvellTrayStartup.lnk - c:\program files\Marvell\61xx\tray\RaidTray.bat [2009-4-12 143]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DualCoreCenter.lnk - c:\program files\MSI\DualCoreCenter\StartUpDualCoreCenter.exe [2009-4-12 192512]
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^E-Color.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\E-Color.lnk
backup=c:\windows\pss\E-Color.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-688644113-2982533412-3210815772-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [6/15/2007 9:52 AM 143256]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [6/12/2007 8:54 PM 61440]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [4/12/2009 12:31 PM 1153368]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [4/12/2009 11:32 AM 46592]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\System32\drivers\bdfndisf.sys [6/2/2008 3:16 PM 86792]
R3 DualCoreCenter;DualCoreCenter;c:\program files\MSI\DualCoreCenter\NTGLM7X.sys [4/12/2009 12:15 PM 28160]
S2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [5/23/2007 2:17 AM 20539]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-12 c:\windows\Tasks\PDVDServ.EXE_1153390954.job
- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [2009-04-12 19:01]
.
.
------- Supplementary Scan -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Matthieu\AppData\Roaming\Mozilla\Firefox\Profiles\vc2mjnov.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 22:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="3E87B90AF6A45CD5A5742D3845EA5CB74DAE0EE4D09274EB41916C87B64724E44FB2EFE9EE2F52F40011590F0838581B178A1D7776B825B0A4A3062969E1E9582824708B358154C445788C99D20E654982F0B8D4650A48479FC8E19BD7344556757A81BE06873ED3E7EC9F71770EBEB06C6B6983A9FC199798EA5A726A2895E4C4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808BA7FD869164D67948513FD2369840B54742BDE952D6AB83F1201EED1D8DC4CE678089C2D8827F604AA423D1C91436A155F6617896A0A52859A173FC6F57090DF952547018A54DB0EF46E37CB55DE9BAFD4BA5E400FF122789FB96BA37521AE2535845722224BC07C66382B1A262CBEE33A1902777D16E97F89CA6A1E4FA823E76418145FFCA37DE650C3C98E03C327D145F73E122DB1186595B32A918E011BBB09D735B05BBA9E4CDABA39D905835E028650C797A84453D9D6DC087F5468F899D640692D94B0E28D044A154CD40DA1DDDC20C432108DF471B235DB8BD4E3D3DDD950CE1310683DEE99A069DBAFC35FB27CE8D1B196168AA063AFE97DD8B8F6C9F08BFD41CB8AD69BC0F439236AD13EB4EEB07B0983A6D5C4F5C3F0C03B735F004E79FC3D58840A206F7EF9DE6A2495F99180C64DB2CC4C1DCB6A1FE5ED624089F9274AB0DC04E56DF27A1771A8EC72FB9466AA3B91DB97CD1D231A20F31901D34D23566910802ED9E9A9EC6134209599FCF491B1266A14DB707177C7666FBAADF78086D5422FDB1EC950CED73077F19522BF5A3285D0D4B5A5D9C558717FBC4DFCD7B40D520D195858368224526FB116B362D7655BAE1F28ECE9847354A70AC831C32CC535DA4609B2A9C0B5E3C9312530F8D0146665EA684E2E275A650DD71F4265AE5F761DF51648FAB824C48C80B16BA602AFFB1CE78D21B816768A16912FAC607258319AEFC85D7E0DA9E6FEE48D91901AC9813BF59215222C54C1ECD5BC44DA9ED71960304F088C52A2CFAED4F09DDE3A1874F22C552B053BA11B82F6F1AF025126713EE5B9B6031392996D7F735F41FA77E0B4531C397E06B43A89FA5AE9049A2F9348F4FD27414E9DF3D044957CE867666BB5E70D6932C48457F79C66C1950184ECD6F3766D2BF3109F3138B86E0B7E87CC711CB338C5A3AB3F09CAEAD8EE7CDA808630DFF1ABEC56742C212481E0B2A14EA4D6FE7865436C53BC281F274AFA0BE036A7D9EF2E10025B2300805529EA9F5153AFC350BE382985D68BA1F6E6DC92398C8DECF7232EC9523A02DEE0A4029047417637B805086ADE5D7EEF678A7691466E4B806C8087076D5A0DAF6B1AC8A738FA2A7580EEB05B7C9BBFEF6AFB914DD90AFAE186BCD33852B1B8C99152803B3ECC81"
"OOCC06.00.00.01WSSV"="53AAFB234323F6364EB696E24B4067716377DCE39A6F2C19BF4C7AA795D6EEE1B4F1A173639A6E916EEA3B304A54192CF0006E6358177C2CE8CF7528598B7D504CEABCCCA18FE871CC83E06A26F1D0F093AD6A1F6536B13159ABE3CD9CEBF7A2BCCA45F0D51647D8FE599C7A3C2098BB77999F4D4563A5BD70DA75B5A841A526BC9260862E495CEFB00BB2B2BE68F12DDD249005CDBAA48A249F06E199D9BFCE16016C182B456D0122FA9BC4325B508919EFF3442C5C6F72FEFC2BB7DE83F3AF269BF814A12D3779A44FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808BA7FD869164D6794E002725549A48026D6B11975004A8920A0C06378E8D635B6D4E4C34C8562DB88294276404596AD769CF7542B090A26D36744E3A388AB4B24403BC4477938BB6BF204698C0DCC968842AA1DAFBDF922269F8ADBA4E97554BA2A36001DC2CB9E940A82B32487B390F99093BF3F9060C7D5AC821EA5ACF4B1F7338E6A8BD0F697E26DE090F20F5D06AB82DA5C146828F765AB00D156640E57A0B261CF5182B551FC51A28F69F1FEF5C3CA10E9F2A0DEA399E6B9ED6819484D3AB3ADCEB1AD2A09471DB3947C70F3F1AA4CA52F9F88B853FDE14D4212C7CFAF1174D859F49A178F706CDF582442B99F0D20F04963E28BA1DFD0B66F0F5F74303367ABB7E50867CAE88DD8E55E1171B95C13ADA98DE6543F529D5B6D1E45A91175B1510355A5A6B2E205341D2BFAE28F4FA5F814EEBFAF6D2B6683030150872C6DAF5AAB959887D5588BEAB08E12F582DB0B5623DC0C6185047C58CFFECC4AECF770BC737FFA5C55058ADA2B115BB889C22D2B41B15E51713CE46B44E1F9D25332B35070EE58A0E56823C4654052DD2E82A842314A3F0831F3D9AEA8F90E237580724F8FC1B2705146284E902DE4BB8EE04DCA8609A837D613C8791419AE63F80AD5DC8DDCFE8A74292181B0EAF2CA5DE79FD5AAD209300CC352087515F8611C393E7C7EA8A557415AC84C1C14552AE064D8DBD912456A89F24CF98EC87D0AAE3E3C16C80F045D3C6B90FD0044559A736665B4A4B433FE20D241D1F594BF74158C17762781EA4AFEB09ACD5C9B2F8382C4E59FF12B1DAFB2DAED7714D8B6D6C659C94E2772206F36C23ED304BE17ED9297ADC0776CC2DDB7C4C4B5A6FDD00CD0A00131AED8DB4025FB088E1E57B207373C469C447058903C0EE9BC40EDEB16D322A21871324C579E7D375EA8129A229C53EB9DB8B60372DD79379FC696DC978361415F7BFD91700DAB3E0A719E5EB40043101308BF5FD3D08CBA55F3EBEA59A624AA47AB3E40ECED2FC63A1EB2FE58B4B4D5AFBC917BA55C12B53B55E4D3C61DF6DBF3B3FA6151D272A9FBA485F3CA"
"OODEFRAG10.00.00.01WORKSTATION"="E01E4348F90DD922A7FC908E4D6C3F3F6D52385E5D637E3CDC1B3CC0C56D45AC5C3A3FF456F347A5281A96B53BDC98260427E8D2B45F1BDEF50E64175CBDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808BA7FD869164D67941C82BA237E294BAFBD5A1A9F60068777A94101328BBD99548D66554B404B6D781971EAA6B64764AFF43D3E0A58CEA615B2EE4BD9FDBA70895F51E37E452DFD039806A39BEFE380A93A8A6B0F5A63A5BF9782F0CAF7712AE4C65D5D756F59879E7843FBDF3188223366D7F7CB34F417DBCAC72B7E33540D39EDAE7C2300281FA8BBC0CE056514D05B74D17F0E9D0593C06121761ECCACE14C237A3DB19EC65FF40BAAB9CFDCB7951F053A62D6ABE937BD1303910B4694F3D6D88C61FB54B6E4CA30BF1EBACAF701745C64C15E5DD020133EF601D6067D1508A2416E9311CA526498D1A3F2C4B1A4C260B9068F12B572F4E21B0ECB532998823C8CACBB26AD4D71D94BB359C88F17E59FB459860DEC568D261F4462DCB1585B047329EECADBFD1529247C053515F32F47E6AB97781D77F8CF49734C3581309CFA91B55898A49265E0EDEEBD4D9658E02E73B049E0C085494EF2306BCE580245C594E7580F2EBD6E024BC20238BFE6B3C8145E563526B2033289D15805CAB14631BD97050FF0B4AD2E727282020DC854B6146F2CCA71399E300DF55F1640A785296463A560B9B0982CB0BA2699D1A6E0B5D3E4EDD998D2892193FB7E2274CF5DBE72AB36AB296F9467631F8552B1AE70A94801F17FE53F2502488769AD761D9C2AE695E802B4B27D6F7E646FE3A715081B794AC33AF8C346F3650208242C0284C4538921D324C0A1F40A9562EA8010A5B5030DA0EFC325363CBC167652CAF84C8BDDB5F6F794E2445020811764DF59B8499557FA688EB1B042B53584E85EFC1CA0428BB729F6669BFB71B876B43AAFA549F47DFA51F13869934712337DC80F134A4C3F64058F1CD418BF921C24D8D742CEFA1679395E0D02620126BC0ABC3542F260CAB08EF85B0DE5E2285B5CDA155D9492FB859696069681022D8BEA41F63127F26A062C1D7D57CDC6D73AEEB1B537FB3CCE6240B00032EB7F27BFE2B260D819902000283F5F3CD86AC5EF4E228581870C7085F1175AD5BCC4D82B164183A72055B1EE31F2E33538E0D5EB50C65865DEAA09994E897977362DC9570F70F30034F426D7D8A1EF323DD032CFB28E84FECF5485FD589AC300BC2CC6003B174B37F435CBF317866C165FF54A6F1439E55EC7D912C47831264D59C45E126AE2A4172270B3AEC4B447B63820CFD5775CD807DC1F23B37B870F2E3891E633D252A2DE241534A8A08F73E10932B840C4E34271461BEF46912D73692B3E"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(9428)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\System32\oodag.exe
c:\program files\OO Software\CleverCache\ooccag.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\System32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
c:\program files\BitDefender\BitDefender 2008\bdagent.exe
c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
c:\windows\System32\rundll32.exe
c:\program files\OO Software\CleverCache\ooccctrl.exe
c:\windows\System32\oodtray.exe
c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
c:\program files\Java\jre6\bin\jusched.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\program files\DNA\btdna.exe
c:\program files\MSI\DualCoreCenter\DualCoreCenter.exe
c:\program files\Marvell\61xx\tray\zRaidTray.exe
c:\windows\System32\wbem\WmiApSrv.exe
.
**************************************************************************
.
Completion time: 2009-06-28 22:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-28 20:41
ComboFix2.txt 2009-06-28 18:59

Pre-Run: 101,220,593,664 octets libres
Post-Run: 101,447,655,424 octets libres

422 --- E O F --- 2009-06-18 01:01

Répondre à Aurahire

InfernO.vir, le 28 jun 2009 à 22:54:17

Avais-tu desactiver l'UAC ? si non, recommence !

-------------------
€nsuite :

1/ Telechargement :

# Télécharge Malwarebytes' Anti-Malware

NOTE : S'il te manque COMCTL32.OCX alors télécharge le --> comctl32.ocx

2/ Installation et mise a jour :

# Installe MBAM en double-cliquant sur Mbam-setup.exe ,il se mettra a jour automatiquement.

# Une fois a jour, le programme va se lancer. Clique sur l'onglet Paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

3/ Recherche :

# Clique a présent sur l'onglet Recherche et coche la case : "exécuter un examen complet".

# Clique ensuite sur "rechercher".

Laisse-le scanner ton PC ...

4/ Suppression :

# Si des éléments on été trouvés ~> Clique sur "Supprimer la selection".

# Si le programme te demande de redemarrer ~> Clique sur "yes".

# A la fin, un rapport va s'ouvrir dans le Bloc-notes ~> Sauvegarde le de manière a le retrouver pour le poster sur le forum.

# Copie (Ctrl + C) et colle (Ctrl + V) le rapport dans ton prochain message stp.

PS : Les rapports sont aussi classés par date et heure du scan dans l'onglet Rapport/Log

Données : Un tutoriel de chez Malekal est disponible ~>

http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

~#*'"»€le©τ®!C™«"'*#~ --P0i$oN->

Répondre à InfernO.vir

Aurahire, le 28 jun 2009 à 23:01:00

Je pense bien que tu n'as pas que cela a faire, mais comme tu t'occupe bien de mon cas, je voulais savoir ce que tu pensais du log ;)! Tu a deja rencontré un cas comme le mien ? Parce que comme j'ai vu que dans un de tes post tu a mis "interressant" :p Moi je qualifierai plutot de soulant :p!
Amicalement!

Répondre à Aurahire

InfernO.vir, le 28 jun 2009 à 23:12:58

Interressant pour moi, car tu es infecté :) et ca me donne du boulot :p

J'attends le rapport MBAM (pas tarder a allez me coucher..)

Et puis repond a ma question concernant l'UAC stp. ?

~#*'"»€le©τ®!C™«"'*#~ --P0i$oN->

Répondre à InfernO.vir

Aurahire, le 28 jun 2009 à 23:16:25

Ya pas de soucis ;) désolé je n'avais pas vu ta reponse ! L'anti malware est en route je poste des que c'est fini ;)
Merci de m'aider !

Répondre à Aurahire

InfernO.vir, le 28 jun 2009 à 23:17:24

Ok et pour l'UAC, lors de l'analyse combofix, l'avait-tu desactiver comme preconnisé ?? c'est important !!

~#*'"»€le©τ®!C™«"'*#~ --P0i$oN->

Répondre à InfernO.vir

Aurahire, le 28 jun 2009 à 23:18:11

A et pour l'UAC oui désactivé depuis le debut !
;)

Répondre à Aurahire

InfernO.vir, le 28 jun 2009 à 23:20:10

Bien :)

Je vais me coucher, bonne nuit =)

PS : poste ton rapport MBAM, je donnerais suite a ton probleme demain (matin probablement) :)

~#*'"»€le©τ®!C™«"'*#~ --P0i$oN->

Répondre à InfernO.vir

Aurahire, le 28 jun 2009 à 23:24:29

Voila le resultat de l'antimalware;) il ma trouvé deux tite chose mais pas par rapport a ma clé USB :p

Merki bien ;)
Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2347
Windows 6.0.6001 Service Pack 1

6/28/2009 11:23:19 PM
mbam-log-2009-06-28 (23-23-11).txt

Type de recherche: Examen rapide
Eléments examinés: 80718
Temps écoulé: 6 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinSys2 (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\startup.exe (Trojan.Agent) -> No action taken.

Répondre à Aurahire

Aurahire, le 28 jun 2009 à 23:33:06

Jvoudrais pas t'empécher d'aller te coucher, je tarderai pas trop non plus mais te tracasse pas sinon !
Merci bien !

Répondre à Aurahire

InfernO.vir, le 29 jun 2009 à 11:00:22

Salut,

Recommence un scan MBAM mais en examen complet cette fois-ci ! et SUPPRIME CE QU'IL TE TROUVE !

~#*'"»€le©τ®!C™«"'*#~ --P0i$oN->

Répondre à InfernO.vir

Aurahire, le 29 jun 2009 à 17:55:34

Re bonjour, Je te remercie de t'être attaqué a mon cas, mais MAMB n'a pas arrangé le probleme apres avoir supprimé ce qui n'allais pas en revanche j'ai reussi a faire en sorte que le lecteur de CD n'apparaisse plus => option du lecteur =< desactiver ou un truc du genre enfin , Je pense que les fichier sont tjrs dessus mais je n'ai plus l'autorun donc je vais considerer mon topic comme résolu ;)
Je te remercie encore !

Répondre à Aurahire

Posez votre question Répondre