Posez votre question Signaler

Virus msa.exe b.exe

nikau6 81Messages postés 10 août 2008Date d'inscription 30 novembre 2010Dernière intervention - Dernière réponse le 29 sept. 2009 à 22:47

Bonjour,
J'ecris avec un clavier qwerty, je ne peux donc pas utiliser les accents.
Hier soir, j'ai ete infecte par un virus.Je m'en suis appercu en voyant internet explorer demmarer sans raisons.J'ai regarde mes processus, et deux m'ont sembles bizzares.msa.exe et b.exe.Je les ais supprimes et suis alle me coucher.Ce matin, impossible de redemarrer l'ordi.A chaque fois j'ai un message, me disant que suite a un probleme, l'ordinateur dois redemarrer dans une minute.Je ne peux demarrer qu'en mode sana echec.Kapersky est bloque, ainsi que malwarebyte, hijackthis, smitfraud, combofix, dr web.
Merci d'avance pour votre aide.

Virus msa.exe b.exe »

Suggestions

Virus msa.exe b.exe
Virus msa.exe , b.exe » Forum
Virus msa et msb exe » Forum
A.exe B.exe C.exe et autresHelp !! (Résolu) » Forum
Virus b.exe (Résolu) » Forum
B.exe / msa.exe (Résolu) » Forum

Plus

Réponse

Xplode 7773Messages postés 21 août 2009Date d'inscription 19 mai 2012Dernière intervention 28 sept. 2009 à 13:32

Salut, démarre ton PC normalement puis fais ceci :

- Clique sur démarrer -> Executer
- Dans la boîte de dialogue, tapes ceci -> shutdown -a
- Clique sur " Ok "
- Assure toi de faire la manip' avant le temps " imparti ".

Ensuite,

Essaie de lancer ComboFix et copie/colle le rapport dans ton prochain message.

Puis,

RSIT ----->

[x] Télécharge Random's System Information Tool à cette adresse : http://images.malwareremoval.com/random/RSIT.exe

[x] Double clique sur " RSIT.exe ".

[x] Clique sur " Continue ".

[x] Si hijackthis n'est pas présent il sera automatiquement téléchargé et tu devras accepter la license.

[x] Une fois l'analyse finie, deux fichiers ( info.txt & log.txt ) s'ouvriront.

[x] Copie colle le contenu des deux rapports dans ton prochain message

-------> Si jamais tu as fermé les rapports sans faire attention, ils sont sous C:\rsit

Ajouter un commentaire

Réponse

nikau6 81Messages postés 10 août 2008Date d'inscription 30 novembre 2010Dernière intervention 28 sept. 2009 à 15:01

Salut, merci pour ta reponse.

J'ai finalement reussi a regler le probleme pour pouvoir demarrer normalement.Par contre j'ai toujours Kapersky et autres qui sont bloques.
Voici le rapport de ComboFix :

ComboFix 09-09-27.03 - DNMED 28/09/2009 12:07.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2008.1291 [GMT 1:00]
Running from: c:\users\DNMED\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-139252218-997284293-887150143-500
c:\$recycle.bin\S-1-5-21-224438324-2662824499-76924528-500
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\msetup
c:\windows\msetup\BASW-00503A65\data1.cab
c:\windows\msetup\BASW-00503A65\data1.hdr
c:\windows\msetup\BASW-00503A65\data2.cab
c:\windows\msetup\BASW-00503A65\engine32.cab
c:\windows\msetup\BASW-00503A65\layout.bin
c:\windows\msetup\BASW-00503A65\PlayCamera\CameraOn.wav
c:\windows\msetup\BASW-00503A65\PlayCamera\Click.wav
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_chs_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_cht_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_deu_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_eng_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_esp_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_fra_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_ita_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_kor_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_ptg_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_rus_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\Help\PlayCamera_ukr_s.chm
c:\windows\msetup\BASW-00503A65\PlayCamera\HookDllPS2.dll
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\Back_Big.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\Back_Small.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbCancel.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbHelp.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbOk.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbOpen.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbPreviewOff.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbPreviewOn.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbRecordOff.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbRecordOn.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\gbSnap.bmp
c:\windows\msetup\BASW-00503A65\PlayCamera\Images\PlayCamera.ico
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_chs.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_cht.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_deu.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_eng.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_esp.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_fra.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_ita.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_kor.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_ptg.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_rus.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\Language\PlayCamera_ukr.txt
c:\windows\msetup\BASW-00503A65\PlayCamera\PlayCamera.exe
c:\windows\msetup\BASW-00503A65\PlayCamera\SSHook.dll
c:\windows\msetup\BASW-00503A65\PlayCamera\Uninst.ico
c:\windows\msetup\BASW-00503A65\setup.exe
c:\windows\msetup\BASW-00503A65\setup.ibt
c:\windows\msetup\BASW-00503A65\setup.ini
c:\windows\msetup\BASW-00503A65\setup.iss
c:\windows\msetup\BASW-00503A65\SWDesc.txt
c:\windows\msetup\BASW-00919A21\setup.exe
c:\windows\msetup\BASW-00919A21\setup.iss
c:\windows\msetup\BASW-00919A21\SWDesc.txt
c:\windows\msetup\BASW-01038A02\ChgWLANSettings.exe
c:\windows\msetup\BASW-01038A04\ChgWLANSettings.exe
c:\windows\msetup\MSetup.exe
c:\windows\msetup\MSetupLog.log
c:\windows\system32\clauth1.dll
c:\windows\system32\clauth2.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll

Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-28 11:13 . 2009-09-28 11:15 -------- d-----w- c:\users\DNMED\AppData\Local\temp
2009-09-28 11:13 . 2009-09-28 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-28 10:51 . 2009-09-28 10:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-28 10:51 . 2009-09-28 10:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-28 10:47 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 10:47 . 2009-09-28 10:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 10:47 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 10:41 . 2009-09-28 10:45 -------- d-----w- c:\windows\BDOSCAN8
2009-09-28 09:23 . 2009-09-28 09:23 -------- d-----w- c:\users\DNMED\DoctorWeb
2009-09-28 08:41 . 2009-09-28 08:41 -------- d-----w- c:\program files\CCleaner
2009-09-27 22:59 . 2009-09-27 22:59 -------- d-----w- c:\users\DNMED\AppData\Roaming\Malwarebytes
2009-09-27 22:59 . 2009-09-27 22:59 -------- d-----w- c:\programdata\Malwarebytes
2009-09-27 15:51 . 2009-09-28 10:33 0 ----a-r- c:\windows\win32k.sys
2009-09-24 12:15 . 2009-09-24 12:15 -------- d-----w- c:\windows\system32\ca-ES
2009-09-24 12:15 . 2009-09-24 12:15 -------- d-----w- c:\windows\system32\eu-ES
2009-09-24 12:14 . 2009-09-24 12:15 -------- d-----w- c:\windows\system32\vi-VN
2009-09-24 11:53 . 2009-09-24 11:53 -------- d-----w- c:\windows\system32\EventProviders
2009-09-24 07:31 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-09-24 07:31 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-09-24 07:31 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-09-24 07:31 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-09-24 07:31 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2009-09-24 07:31 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-09-24 07:29 . 2009-04-11 06:28 375808 ----a-w- c:\windows\system32\winhttp.dll
2009-09-24 07:28 . 2009-04-11 06:28 497152 ----a-w- c:\windows\system32\qdvd.dll
2009-09-24 07:27 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-09-24 07:27 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-09-24 07:27 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-09-20 10:44 . 2009-09-20 10:44 -------- d-----w- c:\users\DNMED\AppData\Local\WinZip
2009-09-20 10:43 . 2009-09-20 10:44 -------- d-----w- c:\programdata\WinZip
2009-09-20 10:37 . 2009-09-20 10:37 -------- d-----w- c:\programdata\WinZipSE
2009-09-20 10:33 . 2009-09-20 10:33 -------- d-----w- c:\users\DNMED\AppData\Roaming\Uniblue
2009-09-16 11:32 . 2007-03-30 15:48 22723 ----a-w- c:\windows\system32\ml285pl3.dll
2009-09-16 11:32 . 2007-03-30 15:48 172032 ----a-w- c:\windows\system32\secsnmp.dll
2009-09-16 11:32 . 2007-03-30 15:48 65536 ----a-w- c:\windows\system32\sml285ci.dll
2009-09-16 11:32 . 2007-03-30 15:48 151552 ----a-w- c:\windows\system32\sml285ci.exe
2009-09-16 11:30 . 2006-11-22 22:48 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS
2009-09-16 11:30 . 2006-06-12 18:06 41984 ------w- c:\windows\system32\drivers\DGIVECP.SYS
2009-09-16 11:30 . 2009-09-16 11:30 -------- d-----w- c:\temp\ML-2850Series_PS_-32bit
2009-09-16 11:30 . 2009-09-16 11:30 -------- d-----w- C:\Temp
2009-09-11 17:14 . 2009-09-11 17:14 -------- d-----w- c:\users\DNMED\AppData\Local\Olympus
2009-09-09 14:57 . 2009-09-09 14:57 -------- d-----w- c:\program files\SecureW2
2009-09-09 14:10 . 2009-09-09 14:10 -------- d-----w- c:\windows\system32\novell
2009-09-09 14:10 . 2008-06-27 19:12 823296 ------w- c:\windows\system32\ccsw32.dll
2009-09-09 14:10 . 2009-09-09 14:47 -------- d-----w- c:\programdata\Novell
2009-09-09 14:10 . 2009-09-09 14:10 -------- d-----w- c:\windows\system32\nls
2009-09-09 14:10 . 2009-09-09 14:49 -------- d-----w- c:\program files\Novell
2009-09-09 14:02 . 2009-09-09 14:53 -------- d-----w- C:\Novell
2009-09-09 14:01 . 2009-09-09 14:53 -------- d-----w- c:\windows\FORMS
2009-09-09 13:57 . 2009-09-09 13:58 -------- d-----w- C:\Groupwise
2009-09-03 08:52 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-03 08:52 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-01 19:11 . 2009-09-08 19:18 -------- d-----w- c:\users\DNMED\AppData\Roaming\HpUpdate
2009-09-01 19:10 . 2009-09-01 19:10 -------- d-----w- c:\windows\Hewlett-Packard
2009-08-30 18:38 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-30 18:38 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-30 18:38 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-30 18:38 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-30 18:38 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-30 18:38 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-30 18:38 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-30 18:38 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 11:16 . 2009-08-07 12:23 14651424 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-28 11:14 . 2009-08-07 12:23 200312 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-28 11:14 . 2008-10-13 22:36 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-27 20:40 . 2009-08-07 12:23 -------- d-----w- c:\programdata\Kaspersky Lab
2009-09-27 13:16 . 2009-08-11 07:49 -------- d-----w- c:\users\DNMED\AppData\Roaming\EndNote
2009-09-24 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-24 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-24 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-24 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-24 12:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-24 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-24 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-22 11:48 . 2009-08-07 12:24 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-22 11:48 . 2009-08-07 12:24 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-16 11:30 . 2008-10-13 06:50 -------- d-----w- c:\program files\Samsung
2009-09-11 17:12 . 2009-09-11 17:12 -------- d-----w- c:\program files\Common Files\Olympus Shared
2009-09-11 17:12 . 2009-09-11 17:11 -------- d-----w- c:\program files\Olympus
2009-09-11 17:12 . 2008-10-13 06:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-09 07:10 . 2008-10-13 07:10 -------- d-----w- c:\programdata\Microsoft Help
2009-08-19 16:04 . 2009-08-19 16:04 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-19 16:03 . 2009-08-19 15:52 -------- d-----w- c:\program files\SONY
2009-08-19 15:59 . 2009-08-19 15:59 -------- d-----w- c:\users\DNMED\AppData\Roaming\InstallShield
2009-08-19 11:54 . 2009-06-11 10:37 102680 ----a-w- c:\users\DNMED\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-19 11:54 . 2009-08-19 11:54 -------- d-----w- c:\programdata\Adobe Systems
2009-08-19 11:53 . 2009-08-19 11:53 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-08-19 11:53 . 2008-10-13 06:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-16 13:38 . 2009-08-11 07:46 -------- d-----w- c:\program files\EndNote X2
2009-08-14 16:27 . 2009-09-09 07:03 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 07:03 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 07:03 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 07:03 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 07:03 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 07:03 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 07:03 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 07:03 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 07:03 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 07:03 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 07:03 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-11 19:20 . 2009-08-11 19:20 -------- d-----w- c:\program files\MSXML 4.0
2009-08-11 18:34 . 2009-08-11 18:31 116843 ----a-w- c:\windows\hpqins00.dat
2009-08-11 18:29 . 2009-08-11 18:29 -------- d-----w- c:\programdata\HP Product Assistant
2009-08-11 07:49 . 2009-08-11 07:46 -------- d-----w- c:\programdata\Thomson.ResearchSoft.Installers
2009-08-11 07:49 . 2009-08-11 07:49 -------- d-----w- c:\program files\Common Files\Risxtd
2009-08-11 07:49 . 2009-08-11 07:49 -------- d-----w- c:\program files\Common Files\ResearchSoft
2009-08-11 07:43 . 2009-08-11 07:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-11 07:34 . 2009-08-11 07:34 -------- d-----w- c:\program files\endnote
2009-08-10 18:13 . 2009-08-10 18:13 -------- d-----w- c:\program files\Bytescribe
2009-08-10 18:12 . 2009-08-08 12:51 -------- d-----w- c:\program files\NCT
2009-08-10 18:12 . 2009-08-10 18:12 344064 ----a-w- c:\windows\system32\MSVCR70.DLL
2009-08-10 13:09 . 2009-08-10 12:33 -------- d-----w- c:\programdata\HP
2009-08-10 13:09 . 2009-08-10 13:07 -------- d-----w- c:\users\DNMED\AppData\Roaming\HP
2009-08-10 13:08 . 2009-08-10 12:52 130927 ----a-w- c:\windows\hpoins18.dat
2009-08-10 13:08 . 2009-08-10 13:08 -------- d-----w- c:\programdata\WEBREG
2009-08-10 13:06 . 2009-08-10 12:35 -------- d-----w- c:\program files\HP
2009-08-10 13:06 . 2009-08-10 13:06 -------- d-----w- c:\programdata\HPSSUPPLY
2009-08-10 13:04 . 2009-08-10 13:00 -------- d-----w- c:\program files\Common Files\HP
2009-08-10 13:01 . 2009-08-10 13:01 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-08-10 13:01 . 2009-08-10 13:01 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-10 12:59 . 2009-08-10 12:59 -------- d-----w- c:\programdata\Hewlett-Packard
2009-08-10 09:51 . 2009-08-10 09:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-10 09:51 . 2009-08-10 09:51 -------- d-----w- c:\program files\Java
2009-08-09 19:16 . 2009-08-09 19:16 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-09 19:10 . 2009-08-07 13:04 -------- d-----w- c:\program files\Microsoft Works
2009-08-09 11:59 . 2009-08-09 11:59 -------- d-----w- c:\users\DNMED\AppData\Roaming\Scientific Software
2009-08-08 22:48 . 2009-08-08 22:48 -------- d-----w- c:\users\DNMED\AppData\Roaming\CyberLink
2009-08-08 22:48 . 2009-08-08 22:48 -------- d-----w- c:\programdata\CyberLink
2009-08-08 22:31 . 2009-08-08 20:54 -------- d-----w- c:\users\DNMED\AppData\Roaming\BSplayer
2009-08-08 20:54 . 2009-08-08 20:54 -------- d-----w- c:\program files\BS_Player
2009-08-08 20:54 . 2009-08-08 20:54 -------- d-----w- c:\program files\Conduit
2009-08-08 20:54 . 2009-08-08 20:54 -------- d-----w- c:\users\DNMED\AppData\Roaming\BSplayer Pro
2009-08-08 20:54 . 2009-08-08 20:54 -------- d-----w- c:\program files\Webteh
2009-08-08 12:56 . 2009-08-08 12:56 -------- d-----w- c:\program files\Scientific Software
2009-08-08 12:56 . 2009-08-08 12:56 -------- d-----w- c:\programdata\Scientific Software
2009-08-08 12:52 . 2007-07-18 13:39 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-08-08 12:49 . 2009-08-08 12:49 -------- d-----w- c:\program files\HTH Engineering, Inc
2009-08-07 14:28 . 2009-08-07 14:26 -------- d-----w- c:\program files\SPSS Viewer
2009-08-07 14:20 . 2009-08-07 14:08 -------- d-----w- c:\program files\Common Files\SPSS
2009-08-07 14:13 . 2009-08-07 14:13 1024 ----a-w- c:\windows\system32\grcauth2.dll
2009-08-07 14:13 . 2009-08-07 14:13 1024 ----a-w- c:\windows\system32\grcauth1.dll
2009-08-07 14:08 . 2009-08-07 14:08 -------- d-----w- c:\programdata\SPSS
2009-08-07 14:08 . 2009-08-07 14:08 -------- d-----w- c:\program files\SPSSInc
2009-08-07 13:36 . 2009-08-07 13:36 -------- d-----w- c:\programdata\SafeNet Sentinel
2009-08-07 13:33 . 2009-08-07 13:33 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-08-07 13:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-08-07 13:02 . 2009-08-07 13:02 -------- d-----w- c:\program files\Microsoft.NET
2009-08-07 12:56 . 2009-08-07 12:56 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-07 12:23 . 2009-08-07 12:22 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-07 12:22 . 2009-08-07 12:22 -------- d-----w- c:\program files\Common Files\Kaspersky Lab
2009-08-07 12:22 . 2009-08-07 12:22 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-08-07 12:12 . 2008-10-13 07:19 -------- d-----w- c:\programdata\McAfee
2009-07-21 21:52 . 2009-08-09 18:48 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-09 18:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-09 18:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-09 18:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 19:18 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 19:18 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 19:18 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 19:18 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 19:18 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 07:03 513536 ----a-w- c:\windows\system32\wlansvc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_P.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\DNMED\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-08-09 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-19 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-19 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-19 145944]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-10 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-9-11 163840]
Directrec Configuration Tool.lnk - c:\program files\Olympus\DeviceDetector\DirectrecConfig.exe [2009-9-11 122880]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0FO\adialhk.dll c:\progra~1\KASPER~1\KASPER~1.0FO\r3hook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):81,2d,ae,df,11,3d,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-224438324-2662824499-76924528-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{25596831-1D7D-45DE-BB9A-DFF0161C6D9E}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{DD36AE3B-E2B2-42D0-A595-C752CDE50791}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{4E7731E3-F0C7-4AD9-8FFA-39F8684B088B}"= TCP:15000:Kaspersky Administration Kit
"{5B9571D0-6E84-42B6-BEE9-D16185F00F06}"= TCP:15000:Kaspersky Administration Kit
"{F9A65F05-CFCE-4894-828E-113235A956CB}"= TCP:15000:Kaspersky Administration Kit
"{1EE1ED93-E341-40BC-9746-14D7B1906BEB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{41814E72-CB64-4F9B-815B-AC84C0A99061}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7A50E273-3A3E-4E05-9F85-F355E8B30C64}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:SPSS Basic Script Editor (1033)
"{5C679E39-5C72-4224-83B1-4BF349263911}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe)
"{06BA0309-FBE9-4015-87DC-EE28B13296C1}"= Disabled:TCP:c:\program files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:SPSS Basic Script Editor (1033)
"{A7E4AC44-0927-4F96-9942-360FC34557B6}"= Disabled:TCP:c:\program files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe)
"{C4D7D832-64FB-4401-A36D-B9BAB746F8A7}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com)
"{9D128E44-9595-4463-B63E-F773D2E1EF19}"= Disabled:TCP:c:\program files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com)
"{FFBF4800-15BF-47F1-9736-854811BA5DA0}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{509C26BC-6EFC-4FC9-960F-5F775B2656CD}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"TCP Query User{5DAE7275-A296-4A82-A4F4-0DD1A59110C9}c:\\users\\dnmed\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\dnmed\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{F67F89FE-E992-4C45-ABF9-6C918DFC6145}c:\\users\\dnmed\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\dnmed\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"TCP Query User{E0853EBD-EC74-45C3-99DD-28E6E7B20C66}c:\\program files\\spssinc\\spss16\\spss.exe"= UDP:c:\program files\spssinc\spss16\spss.exe:SPSS
"UDP Query User{83D362B1-6052-4D84-B187-50C1E0C2E393}c:\\program files\\spssinc\\spss16\\spss.exe"= TCP:c:\program files\spssinc\spss16\spss.exe:SPSS

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [04/04/2007 13:59 20760]
R2 klnagent;Kaspersky Network Agent;c:\program files\Kaspersky Lab\NetworkAgent\klnagent.exe [17/03/2008 17:19 94608]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [13/10/2008 07:55 13312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [28/09/2009 11:51 1153368]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [16/09/2009 12:30 5120]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [13/10/2008 06:27 112128]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\System32\drivers\VMC326.sys [13/10/2008 08:17 238464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224438324-2662824499-76924528-1003Core.job
- c:\users\DNMED\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-09 11:21]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224438324-2662824499-76924528-1003UA.job
- c:\users\DNMED\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-09 11:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.samsungcomputer.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2936)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\program files\Olympus\DeviceDetector\DM1Service.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-09-28 12:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-28 11:19

Pre-Run: 37,990,629,376 bytes free
Post-Run: 37,596,491,776 bytes free

389 --- E O F --- 2009-09-24 12:10

Ajouter un commentaire

Réponse

nikau6 81Messages postés 10 août 2008Date d'inscription 30 novembre 2010Dernière intervention 28 sept. 2009 à 15:03

Voici le rapport log.txt

info.txt logfile of random's system information tool 1.06 2009-09-28 14:02:22

======Uninstall list======

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Agere Systems HDA Modem-->agrsmdel
Atheros WLAN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04983D37-2202-4295-94A2-8B547C66133F}\setup.exe" -l0x9
ATLAS.ti 5.5-->MsiExec.exe /X{EB60A3FB-DAAF-4042-A200-09A1EA5844F7}
BS.Player FREE-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
BS_Player Toolbar-->C:\PROGRA~1\BS_PLA~1\UNWISE.EXE /U C:\PROGRA~1\BS_PLA~1\INSTALL.LOG
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
CyberLink Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
Digital Voice Editor 3-->C:\Program Files\InstallShield Installation Information\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}\setup.exe -runfromtemp -l0x0009 UNINSTALL /z -removeonly
Easy Battery Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\setup.exe" -l0x9 Remove
Easy Display Manager-->"C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -runfromtemp -l0x0009 -removeonly
Easy Network Manager 3.0-->C:\Program Files\InstallShield Installation Information\{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}\setup.exe -runfromtemp -l0x0409
Easy SpeedUp Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF367AA4-070B-493C-9575-85BE59D789C9}\setup.exe" -l0x9 Remove
EndNote X2-->MsiExec.exe /I{002B1E90-3241-4D45-8831-E89020F8E7E6}
HijackThis 2.0.2-->"C:\Users\DNMED\Documents\Downloads\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
imagine digital freedom - Samsung-->MsiExec.exe /X{8E106A57-A17E-431D-B48F-175E42EB9F74}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Kaspersky Anti-Virus 6.0 for Windows Workstations-->MsiExec.exe /I{79B986AD-54D8-4498-AA06-89808829ACC0}
Kaspersky Anti-Virus 6.0 for Windows Workstations-->MsiExec.exe /I{79B986AD-54D8-4498-AA06-89808829ACC0}
Kaspersky Network Agent-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7C72AAB5-8A7D-4882-950C-A1F26A949DA3}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LightScribe System Software 1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SOAP Toolkit 2.0 SP2-->MsiExec.exe /I{36BEAD11-8577-49AD-9250-E06A50AE87B0}
Microsoft SQL Server Native Client-->MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Namuga 1.3M Webcam-->C:\Program Files\InstallShield Installation Information\{71A51B59-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
NCTAudioConvert ActiveX EXE Server 2.7.3-->"C:\Program Files\NCT\AudioConvert3\unins000.exe"
NICI (Shared) U.S./Worldwide (128 bit) (2.7.4-1)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}\Setup.exe" -uninst
NMAS Challenge Response Method-->MsiExec.exe /I{8CBFE0AB-3EBF-4103-BA48-59EB4FF66AD1}
NMAS Client-->MsiExec.exe /I{56BC75EA-B19F-4C14-85B8-3FA61C0C791F}
Olympus DSS Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}\Setup.exe" -l0x9 UNINSTALL
Play Camera-->C:\Program Files\InstallShield Installation Information\{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}\setup.exe -runfromtemp -l0x0409
PowerDirector-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Samsung Magic Doctor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\Setup.exe" -l0x9 Remove
Samsung ML-2850 Series-->C:\Program Files\Samsung\Samsung ML-2850 Series\Install\Setup.exe /R
Samsung Recovery Solution III-->"C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung Update Plus-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{685707A4-911C-468D-BFC4-64A50E5E3A0C} /l1033
SANYO LD-ADPCM Audio CODEC uninstall-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Windows\INF\LDADP32.inf
SecureW2 TTLS Client 3.3.3 for Windows-->C:\Program Files\SecureW2\SecureW2 TTLS Client\Uninstall.exe
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SPSS 16.0 for Windows-->MsiExec.exe /X{621025AE-3510-478E-BC27-1A647150976F}
SPSS SmartViewer 15.0-->MsiExec.exe /X{32FEA42D-3A59-49D9-8A2F-A3E2D8E663DF}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Start Stop Universal Transcription System-->"C:\Windows\Start Stop Universal Transcription System\uninstall.exe" "/U:C:\Program Files\HTH Engineering, Inc\Start Stop Universal Transcription System\irunin.xml"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TSP_CODEC-->C:\Program Files\Bytescribe\TSP_CODEC\Uninst.exe /pid:{A90C03D6-08E1-4C59-B93B-6919A6C0AC19} /asd
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb973514)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {03B11C77-336F-43B4-9B43-79890BA84504}
User Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x9 Remove
Vimicro UVC Camera-->C:\Program Files\InstallShield Installation Information\{71A51B09-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
WIDCOMM Bluetooth Software 6.0.1.6300-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Windows NT Messaging-->RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}

======Security center information======

AV: Kaspersky Anti-Virus
FW: Kaspersky Anti-Virus (disabled)
AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender
AS: Kaspersky Anti-Virus

======System event log======

Computer Name: DNMED-PC
Event Code: 7000
Message: The DgiVecp service failed to start due to the following error:
The system cannot find the device specified.
Record Number: 40593
Source Name: Service Control Manager
Time Written: 20090927203800.000000-000
Event Type: Error
User:

Computer Name: DNMED-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 40591
Source Name: Service Control Manager
Time Written: 20090927203800.000000-000
Event Type: Error
User:

Computer Name: DNMED-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 40538
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090927182032.315720-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: DNMED-PC
Event Code: 10002
Message: WLAN Extensibility Module has stopped.

Module Path: C:\Windows\system32\athihvs.dll

Record Number: 40537
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090927182029.972720-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: DNMED-PC
Event Code: 225
Message: The application \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe with process id 1984 stopped the removal or ejection for the device USB\VID_19B6&PID_4096\AA04012700010080.
Record Number: 40503
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20090927171756.182720-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: DNMED-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 992
Source Name: Microsoft-Windows-WMI
Time Written: 20090611103525.000000-000
Event Type: Error
User:

Computer Name: DNMED-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {cb56202f-0f78-4d12-aa48-0d74563608b1}
Record Number: 991
Source Name: VSS
Time Written: 20090611103524.000000-000
Event Type: Error
User:

Computer Name: DNMED-PC
Event Code: 3086
Message: The system locale has changed. Existing data will be deleted and the index must be recreated.

Context: Application, SystemIndex Catalog

Record Number: 982
Source Name: Microsoft-Windows-Search
Time Written: 20090611103351.000000-000
Event Type: Warning
User:

Computer Name: DNMED-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 956
Source Name: Microsoft-Windows-WMI
Time Written: 20090611093253.000000-000
Event Type: Error
User:

Computer Name: DNMED-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 951
Source Name: Microsoft-Windows-Search
Time Written: 20090611093246.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: WIN-GUXRK5Z1V1M
Event Code: 1108
Message: The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.
Record Number: 952
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090505054014.560000-000
Event Type: Audit Success
User:

Computer Name: WIN-GUXRK5Z1V1M
Event Code: 1108
Message: The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.
Record Number: 951
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090505054014.560000-000
Event Type: Audit Success
User:

Computer Name: WIN-GUXRK5Z1V1M
Event Code: 1108
Message: The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.
Record Number: 950
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090505054014.560000-000
Event Type: Audit Success
User:

Computer Name: WIN-GUXRK5Z1V1M
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 949
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090505054013.936400-000
Event Type: Audit Success
User:

Computer Name: WIN-GUXRK5Z1V1M
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-224438324-2662824499-76924528-500
Account Name: Administrator
Domain Name: WIN-GUXRK5Z1V1M
Logon ID: 0x2567c
Record Number: 948
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090505054008.445200-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\WiFi\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------

Ajouter un commentaire

Réponse

nikau6 81Messages postés 10 août 2008Date d'inscription 30 novembre 2010Dernière intervention 28 sept. 2009 à 15:06

Je me suis trompe.Le premier rapport est info.txt.Voici log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by DNMED at 2009-09-28 14:02:01
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 32 GB (45%) free of 71 GB
Total RAM: 2008 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:19, on 28/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\Explorer.EXE
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\DNMED\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DNMED\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DNMED\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\DNMED\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DNMED\Documents\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\DNMED.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.samsungcomputer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\DNMED\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Network Agent (klnagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

Ajouter un commentaire

Réponse

Xplode 7773Messages postés 21 août 2009Date d'inscription 19 mai 2012Dernière intervention 28 sept. 2009 à 17:55

Ok, fais ceci dans l'ordre :

Toolbar S&D ----->

Télécharge Toolbar S&D Ici : http://eric.71.mespages.googlepages.com/ToolBarSD.exe

Suis le tutorial disponible à cette adresse : http://www.malekal.com/tutorial_ToolBar_SD.php

Lance l'option 1 ( Recherche )

Puis copie/colle le rapport dans ton prochain message ( Il se trouve sous C:\TB.txt )

-------------------------------

Malwarebyte's anti-malware ----->

[x] Télécharge Malwarebyte's anti-malware (MBAM) à cette adresse : http://www.malwarebytes.org/mbam/program/mbam-setup.exe

[x] Installe le.

[x] Met le à jour.

[x] Coche bien tout les éléments trouvés et supprime les !

[x] Un tutoriel pour son utilisation est disponible ici : http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

[x] Suis les indications données sur le lien précédent puis copie/colle le rapport généré dans ton prochain message

Ajouter un commentaire

Réponse

nikau6 81Messages postés 10 août 2008Date d'inscription 30 novembre 2010Dernière intervention 28 sept. 2009 à 20:00

Voici le rapport de TB :

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T1700 @ 1.83GHz )
BIOS : Phoenix SecureCore(tm) NB Version 07LI.MP00.20080926.SCY
USER : DNMED ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 6.0.3.837 (Activated)
Firewall : Kaspersky Anti-Virus 6.0.3.837 (Not Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:31 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:57 Go)
E:\ (CD or DVD)
Y:\ (Network Disk)
Z:\ (Network Disk)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 28/09/2009|18:59 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.samsungcomputer.com/"
"Url"="http://go.microsoft.com/fwlink/?LinkId=44406"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\Windows\\System32\\blank.htm"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen
C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen\KEYGEN_ADOBE_PHOTOSHOP_CS4
C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen\KEYGEN_ADOBE_PHOTOSHOP_CS4\KEYGEN ADOBE PHOTOSHOP CS4
C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen\KEYGEN_ADOBE_PHOTOSHOP_CS4\KEYGEN ADOBE PHOTOSHOP CS4\Adobe CS4 Master Collection Keygen.exe
C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen\KEYGEN_ADOBE_PHOTOSHOP_CS4\KEYGEN ADOBE PHOTOSHOP CS4\amtlib.dll
C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen\KEYGEN_ADOBE_PHOTOSHOP_CS4\KEYGEN ADOBE PHOTOSHOP CS4\Info.txt
C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen\KEYGEN_ADOBE_PHOTOSHOP_CS4\KEYGEN ADOBE PHOTOSHOP CS4\OGACheckControl.DLL
C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen\KEYGEN_ADOBE_PHOTOSHOP_CS4\KEYGEN ADOBE PHOTOSHOP CS4\Read Me.txt

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 28/09/2009|18:59 - Option : [1]

-----------\\ Fin du rapport a 18:59:22.91

Ajouter un commentaire

Réponse

Xplode 7773Messages postés 21 août 2009Date d'inscription 19 mai 2012Dernière intervention 28 sept. 2009 à 20:06

/!\ Les cracks/keygens sont une source d'infection ! Il faut a tout pris les éviter ! /!\

- Supprime tout ceci :

C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen
C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen\KEYGEN_ADOBE_PHOTOSHOP_CS4
C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen\KEYGEN_ADOBE_PHOTOSHOP_CS4\KEYGEN ADOBE PHOTOSHOP CS4
C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen\KEYGEN_ADOBE_PHOTOSHOP_CS4\KEYGEN ADOBE PHOTOSHOP CS4\Adobe CS4 Master Collection Keygen.exe
C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen\KEYGEN_ADOBE_PHOTOSHOP_CS4\KEYGEN ADOBE PHOTOSHOP CS4\amtlib.dll
C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen\KEYGEN_ADOBE_PHOTOSHOP_CS4\KEYGEN ADOBE PHOTOSHOP CS4\Info.txt
C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen\KEYGEN_ADOBE_PHOTOSHOP_CS4\KEYGEN ADOBE PHOTOSHOP CS4\OGACheckControl.DLL
C:\Users\DNMED\Documents\Unzipped\photoshop_cs4_keygen\KEYGEN_ADOBE_PHOTOSHOP_CS4\KEYGEN ADOBE PHOTOSHOP CS4\Read Me.txt

J'attend ton rapport de malwarebyte's

Ajouter un commentaire

Réponse

nikau6 81Messages postés 10 août 2008Date d'inscription 30 novembre 2010Dernière intervention 28 sept. 2009 à 21:12

J'ai supprime les KeyGen.

Voici le rapport de malwareByte :

Malwarebytes' Anti-Malware 1.41
Database version: 2868
Windows 6.0.6002 Service Pack 2

28/09/2009 20:02:24
mbam-log-2009-09-28 (20-02-24).txt

Scan type: Full Scan (C:\|)
Objects scanned: 232959
Time elapsed: 54 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Windows\System32\cngaudit.dll.vir (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Windows\win32k.sys (Trojan.Dropper) -> Quarantined and deleted successfully.

Ajouter un commentaire

Réponse

Xplode 7773Messages postés 21 août 2009Date d'inscription 19 mai 2012Dernière intervention 28 sept. 2009 à 21:16

ESET Nod32 Scan en ligne ----->

[x] Rends toi sur ce site : http://www.eset-nod32.fr/eos/run.php

/!\ Il faut que tu utilises internet explorer pour faire l'analyse en ligne /!\

[x] Coche " Oui, j'accepte.... " puis cliques sur " Start ".

[x] Attend un peu le chargement de la page, puis clique sur le bandeau jaune en haut de
l'écran " Ce site nécessite.... OnlineScanner.cab... "

-> Clique sur " Installer le contrôle ActiveX "
-> Confirme ensuite en cliquant sur " Installer " dans la petite fenêtre qui s'ouvre.

[x] Clique sur paramètre avancé, puis coche " Rechercher les applications potentiellement dangereuses " , vérifie que les deux premieres cases sont elles aussi cochées.

[x] Le scanner se mettra à jour, celà peut prendre un certain temps

[x] L'analyse va ensuite s'effectuer.

[x] Copie/Colle le rapport dans ton prochain message.

Ajouter un commentaire

Réponse

nikau6 81Messages postés 10 août 2008Date d'inscription 30 novembre 2010Dernière intervention 28 sept. 2009 à 21:33

Internet Explorer ne marche plus, ainsi que Kapersky.
Lorsque je veux les lancer, j'ai un message qui dit : "Windows cannot access the specified path, device or file.You may not have the appropriate permissions to access the item.

Ajouter un commentaire

Réponse

Xplode 7773Messages postés 21 août 2009Date d'inscription 19 mai 2012Dernière intervention 28 sept. 2009 à 21:34

Ok, renomme combofix en ccm.exe puis éxecute le, copie/colle le rapport dans ton prochain message

Ajouter un commentaire

Réponse

nikau6 81Messages postés 10 août 2008Date d'inscription 30 novembre 2010Dernière intervention 28 sept. 2009 à 21:58

Voici le rapport de combofix :

ComboFix 09-09-27.05 - DNMED 28/09/2009 20:45.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2008.1167 [GMT 1:00]
Running from: c:\users\DNMED\Desktop\ccm.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Anti-Virus *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-28 )))))))))))))))))))))))))))))))
.

2009-09-28 19:52 . 2009-09-28 19:52 -------- d-----w- c:\users\DNMED\AppData\Local\temp
2009-09-28 19:52 . 2009-09-28 19:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-28 19:52 . 2009-09-28 19:52 -------- d-----w- c:\users\Dr Lynn Knight\AppData\Local\temp
2009-09-28 19:52 . 2009-09-28 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-28 19:52 . 2009-09-28 19:52 -------- d-----w- c:\users\crees\AppData\Local\temp
2009-09-28 19:18 . 2009-09-28 19:37 -------- d-----w- C:\UsbFix
2009-09-28 18:01 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 18:01 . 2009-09-28 18:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 18:01 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 17:58 . 2009-09-28 17:59 -------- d-----w- C:\ToolBar SD
2009-09-28 13:02 . 2009-09-28 13:02 -------- d-----w- C:\rsit
2009-09-28 13:02 . 2009-09-28 13:02 -------- d-----w- c:\program files\trend micro
2009-09-28 10:51 . 2009-09-28 10:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-28 10:51 . 2009-09-28 10:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-28 10:41 . 2009-09-28 10:45 -------- d-----w- c:\windows\BDOSCAN8
2009-09-28 09:23 . 2009-09-28 09:23 -------- d-----w- c:\users\DNMED\DoctorWeb
2009-09-28 08:41 . 2009-09-28 08:41 -------- d-----w- c:\program files\CCleaner
2009-09-27 22:59 . 2009-09-27 22:59 -------- d-----w- c:\users\DNMED\AppData\Roaming\Malwarebytes
2009-09-27 22:59 . 2009-09-27 22:59 -------- d-----w- c:\programdata\Malwarebytes
2009-09-24 12:15 . 2009-09-24 12:15 -------- d-----w- c:\windows\system32\ca-ES
2009-09-24 12:15 . 2009-09-24 12:15 -------- d-----w- c:\windows\system32\eu-ES
2009-09-24 12:14 . 2009-09-24 12:15 -------- d-----w- c:\windows\system32\vi-VN
2009-09-24 11:53 . 2009-09-24 11:53 -------- d-----w- c:\windows\system32\EventProviders
2009-09-24 07:31 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-09-24 07:31 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-09-24 07:31 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-09-24 07:31 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-09-24 07:31 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2009-09-24 07:31 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-09-24 07:29 . 2009-04-11 06:28 375808 ----a-w- c:\windows\system32\winhttp.dll
2009-09-24 07:28 . 2009-04-11 06:28 497152 ----a-w- c:\windows\system32\qdvd.dll
2009-09-24 07:27 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-09-24 07:27 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-09-24 07:27 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-09-20 10:44 . 2009-09-20 10:44 -------- d-----w- c:\users\DNMED\AppData\Local\WinZip
2009-09-20 10:43 . 2009-09-20 10:44 -------- d-----w- c:\programdata\WinZip
2009-09-20 10:37 . 2009-09-20 10:37 -------- d-----w- c:\programdata\WinZipSE
2009-09-20 10:33 . 2009-09-20 10:33 -------- d-----w- c:\users\DNMED\AppData\Roaming\Uniblue
2009-09-16 11:32 . 2007-03-30 15:48 22723 ----a-w- c:\windows\system32\ml285pl3.dll
2009-09-16 11:32 . 2007-03-30 15:48 172032 ----a-w- c:\windows\system32\secsnmp.dll
2009-09-16 11:32 . 2007-03-30 15:48 65536 ----a-w- c:\windows\system32\sml285ci.dll
2009-09-16 11:32 . 2007-03-30 15:48 151552 ----a-w- c:\windows\system32\sml285ci.exe
2009-09-16 11:30 . 2006-11-22 22:48 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS
2009-09-16 11:30 . 2006-06-12 18:06 41984 ------w- c:\windows\system32\drivers\DGIVECP.SYS
2009-09-16 11:30 . 2009-09-16 11:30 -------- d-----w- c:\temp\ML-2850Series_PS_-32bit
2009-09-16 11:30 . 2009-09-16 11:30 -------- d-----w- C:\Temp
2009-09-11 17:14 . 2009-09-11 17:14 -------- d-----w- c:\users\DNMED\AppData\Local\Olympus
2009-09-09 14:57 . 2009-09-09 14:57 -------- d-----w- c:\program files\SecureW2
2009-09-09 14:10 . 2009-09-09 14:10 -------- d-----w- c:\windows\system32\novell
2009-09-09 14:10 . 2008-06-27 19:12 823296 ------w- c:\windows\system32\ccsw32.dll
2009-09-09 14:10 . 2009-09-09 14:47 -------- d-----w- c:\programdata\Novell
2009-09-09 14:10 . 2009-09-09 14:10 -------- d-----w- c:\windows\system32\nls
2009-09-09 14:10 . 2009-09-09 14:49 -------- d-----w- c:\program files\Novell
2009-09-09 14:02 . 2009-09-09 14:53 -------- d-----w- C:\Novell
2009-09-09 14:01 . 2009-09-09 14:53 -------- d-----w- c:\windows\FORMS
2009-09-09 13:57 . 2009-09-09 13:58 -------- d-----w- C:\Groupwise
2009-09-03 08:52 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-03 08:52 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-01 19:11 . 2009-09-08 19:18 -------- d-----w- c:\users\DNMED\AppData\Roaming\HpUpdate
2009-09-01 19:10 . 2009-09-01 19:10 -------- d-----w- c:\windows\Hewlett-Packard
2009-08-30 18:38 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-30 18:38 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-30 18:38 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-30 18:38 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-30 18:38 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-30 18:38 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-30 18:38 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-30 18:38 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-28 19:47 . 2009-08-07 12:23 14780448 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-28 19:40 . 2009-08-07 12:23 201632 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-28 19:39 . 2008-10-13 22:36 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-27 20:40 . 2009-08-07 12:23 -------- d-----w- c:\programdata\Kaspersky Lab
2009-09-27 13:16 . 2009-08-11 07:49 -------- d-----w- c:\users\DNMED\AppData\Roaming\EndNote
2009-09-24 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-24 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-24 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-24 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-24 12:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-24 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-24 12:15 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-22 11:48 . 2009-08-07 12:24 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-22 11:48 . 2009-08-07 12:24 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-16 11:30 . 2008-10-13 06:50 -------- d-----w- c:\program files\Samsung
2009-09-11 17:12 . 2009-09-11 17:12 -------- d-----w- c:\program files\Common Files\Olympus Shared
2009-09-11 17:12 . 2009-09-11 17:11 -------- d-----w- c:\program files\Olympus
2009-09-11 17:12 . 2008-10-13 06:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-09 07:10 . 2008-10-13 07:10 -------- d-----w- c:\programdata\Microsoft Help
2009-08-19 16:04 . 2009-08-19 16:04 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-19 16:03 . 2009-08-19 15:52 -------- d-----w- c:\program files\SONY
2009-08-19 15:59 . 2009-08-19 15:59 -------- d-----w- c:\users\DNMED\AppData\Roaming\InstallShield
2009-08-19 11:54 . 2009-06-11 10:37 102680 ----a-w- c:\users\DNMED\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-19 11:54 . 2009-08-19 11:54 -------- d-----w- c:\programdata\Adobe Systems
2009-08-19 11:53 . 2009-08-19 11:53 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-08-19 11:53 . 2008-10-13 06:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-16 13:38 . 2009-08-11 07:46 -------- d-----w- c:\program files\EndNote X2
2009-08-14 16:27 . 2009-09-09 07:03 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 07:03 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 07:03 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 07:03 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 07:03 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 07:03 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 07:03 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 07:03 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 07:03 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 07:03 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 07:03 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-11 19:20 . 2009-08-11 19:20 -------- d-----w- c:\program files\MSXML 4.0
2009-08-11 18:34 . 2009-08-11 18:31 116843 ----a-w- c:\windows\hpqins00.dat
2009-08-11 18:29 . 2009-08-11 18:29 -------- d-----w- c:\programdata\HP Product Assistant
2009-08-11 07:49 . 2009-08-11 07:46 -------- d-----w- c:\programdata\Thomson.ResearchSoft.Installers
2009-08-11 07:49 . 2009-08-11 07:49 -------- d-----w- c:\program files\Common Files\Risxtd
2009-08-11 07:49 . 2009-08-11 07:49 -------- d-----w- c:\program files\Common Files\ResearchSoft
2009-08-11 07:43 . 2009-08-11 07:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-11 07:34 . 2009-08-11 07:34 -------- d-----w- c:\program files\endnote
2009-08-10 18:13 . 2009-08-10 18:13 -------- d-----w- c:\program files\Bytescribe
2009-08-10 18:12 . 2009-08-08 12:51 -------- d-----w- c:\program files\NCT
2009-08-10 18:12 . 2009-08-10 18:12 344064 ----a-w- c:\windows\system32\MSVCR70.DLL
2009-08-10 13:09 . 2009-08-10 12:33 -------- d-----w- c:\programdata\HP
2009-08-10 13:09 . 2009-08-10 13:07 -------- d-----w- c:\users\DNMED\AppData\Roaming\HP
2009-08-10 13:08 . 2009-08-10 12:52 130927 ----a-w- c:\windows\hpoins18.dat
2009-08-10 13:08 . 2009-08-10 13:08 -------- d-----w- c:\programdata\WEBREG
2009-08-10 13:06 . 2009-08-10 12:35 -------- d-----w- c:\program files\HP
2009-08-10 13:06 . 2009-08-10 13:06 -------- d-----w- c:\programdata\HPSSUPPLY
2009-08-10 13:04 . 2009-08-10 13:00 -------- d-----w- c:\program files\Common Files\HP
2009-08-10 13:01 . 2009-08-10 13:01 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-08-10 13:01 . 2009-08-10 13:01 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-10 12:59 . 2009-08-10 12:59 -------- d-----w- c:\programdata\Hewlett-Packard
2009-08-10 09:51 . 2009-08-10 09:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-10 09:51 . 2009-08-10 09:51 -------- d-----w- c:\program files\Java
2009-08-09 19:16 . 2009-08-09 19:16 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-09 19:10 . 2009-08-07 13:04 -------- d-----w- c:\program files\Microsoft Works
2009-08-09 11:59 . 2009-08-09 11:59 -------- d-----w- c:\users\DNMED\AppData\Roaming\Scientific Software
2009-08-08 22:48 . 2009-08-08 22:48 -------- d-----w- c:\users\DNMED\AppData\Roaming\CyberLink
2009-08-08 22:48 . 2009-08-08 22:48 -------- d-----w- c:\programdata\CyberLink
2009-08-08 22:31 . 2009-08-08 20:54 -------- d-----w- c:\users\DNMED\AppData\Roaming\BSplayer
2009-08-08 20:54 . 2009-08-08 20:54 -------- d-----w- c:\program files\BS_Player
2009-08-08 20:54 . 2009-08-08 20:54 -------- d-----w- c:\program files\Conduit
2009-08-08 20:54 . 2009-08-08 20:54 -------- d-----w- c:\users\DNMED\AppData\Roaming\BSplayer Pro
2009-08-08 20:54 . 2009-08-08 20:54 -------- d-----w- c:\program files\Webteh
2009-08-08 12:56 . 2009-08-08 12:56 -------- d-----w- c:\program files\Scientific Software
2009-08-08 12:56 . 2009-08-08 12:56 -------- d-----w- c:\programdata\Scientific Software
2009-08-08 12:52 . 2007-07-18 13:39 112144 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-08-08 12:49 . 2009-08-08 12:49 -------- d-----w- c:\program files\HTH Engineering, Inc
2009-08-07 14:28 . 2009-08-07 14:26 -------- d-----w- c:\program files\SPSS Viewer
2009-08-07 14:20 . 2009-08-07 14:08 -------- d-----w- c:\program files\Common Files\SPSS
2009-08-07 14:13 . 2009-08-07 14:13 1024 ----a-w- c:\windows\system32\grcauth2.dll
2009-08-07 14:13 . 2009-08-07 14:13 1024 ----a-w- c:\windows\system32\grcauth1.dll
2009-08-07 14:08 . 2009-08-07 14:08 -------- d-----w- c:\programdata\SPSS
2009-08-07 14:08 . 2009-08-07 14:08 -------- d-----w- c:\program files\SPSSInc
2009-08-07 13:36 . 2009-08-07 13:36 -------- d-----w- c:\programdata\SafeNet Sentinel
2009-08-07 13:33 . 2009-08-07 13:33 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-08-07 13:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-08-07 13:02 . 2009-08-07 13:02 -------- d-----w- c:\program files\Microsoft.NET
2009-08-07 12:56 . 2009-08-07 12:56 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-07 12:23 . 2009-08-07 12:22 -------- d-----w- c:\program files\Kaspersky Lab
2009-08-07 12:22 . 2009-08-07 12:22 -------- d-----w- c:\program files\Common Files\Kaspersky Lab
2009-08-07 12:22 . 2009-08-07 12:22 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-08-07 12:12 . 2008-10-13 07:19 -------- d-----w- c:\programdata\McAfee
2009-07-21 21:52 . 2009-08-09 18:48 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-09 18:48 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-09 18:48 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-09 18:48 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 19:18 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 19:18 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 19:18 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 19:18 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 19:18 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-11 19:01 . 2009-09-09 07:03 513536 ----a-w- c:\windows\system32\wlansvc.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-28_11.16.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-09-28 19:43 42018 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-28 19:43 81402 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-11 11:04 . 2009-09-28 19:27 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-11 11:04 . 2009-09-28 10:41 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-11 11:04 . 2009-09-28 10:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-11 11:04 . 2009-09-28 19:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-11 11:04 . 2009-09-28 19:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-11 11:04 . 2009-09-28 10:41 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:25 . 2009-09-28 18:12 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-09-24 12:22 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-09-24 12:22 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-09-28 18:12 51200 c:\windows\inf\infpub.dat
+ 2009-08-09 13:47 . 2009-09-28 19:34 3140 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-06-11 10:36 . 2009-09-28 19:43 8978 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-224438324-2662824499-76924528-1003_UserData.bin
+ 2009-09-28 19:40 . 2009-09-28 19:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-28 19:40 . 2009-09-28 19:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-09-28 19:47 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-28 11:09 600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-28 11:09 105852 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-09-28 19:47 105852 c:\windows\System32\perfc009.dat
+ 2009-08-10 09:32 . 2009-09-28 19:27 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-08-10 09:32 . 2009-09-28 10:39 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2006-11-02 10:25 . 2009-09-24 12:22 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-09-28 18:12 143360 c:\windows\inf\infstrng.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18 2215960 ----a-w- c:\program files\BS_Player\tbBS_P.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-07-02 2215960]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\DNMED\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-08-09 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-19 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-19 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-19 145944]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-10 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-17 6111232]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-9-11 163840]
Directrec Configuration Tool.lnk - c:\program files\Olympus\DeviceDetector\DirectrecConfig.exe [2009-9-11 122880]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0FO\adialhk.dll c:\progra~1\KASPER~1\KASPER~1.0FO\r3hook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):81,2d,ae,df,11,3d,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-224438324-2662824499-76924528-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{25596831-1D7D-45DE-BB9A-DFF0161C6D9E}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{DD36AE3B-E2B2-42D0-A595-C752CDE50791}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{4E7731E3-F0C7-4AD9-8FFA-39F8684B088B}"= TCP:15000:Kaspersky Administration Kit
"{5B9571D0-6E84-42B6-BEE9-D16185F00F06}"= TCP:15000:Kaspersky Administration Kit
"{F9A65F05-CFCE-4894-828E-113235A956CB}"= TCP:15000:Kaspersky Administration Kit
"{1EE1ED93-E341-40BC-9746-14D7B1906BEB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{41814E72-CB64-4F9B-815B-AC84C0A99061}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7A50E273-3A3E-4E05-9F85-F355E8B30C64}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:SPSS Basic Script Editor (1033)
"{5C679E39-5C72-4224-83B1-4BF349263911}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe)
"{06BA0309-FBE9-4015-87DC-EE28B13296C1}"= Disabled:TCP:c:\program files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:SPSS Basic Script Editor (1033)
"{A7E4AC44-0927-4F96-9942-360FC34557B6}"= Disabled:TCP:c:\program files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe)
"{C4D7D832-64FB-4401-A36D-B9BAB746F8A7}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com)
"{9D128E44-9595-4463-B63E-F773D2E1EF19}"= Disabled:TCP:c:\program files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com)
"{FFBF4800-15BF-47F1-9736-854811BA5DA0}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{509C26BC-6EFC-4FC9-960F-5F775B2656CD}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"TCP Query User{5DAE7275-A296-4A82-A4F4-0DD1A59110C9}c:\\users\\dnmed\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\dnmed\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{F67F89FE-E992-4C45-ABF9-6C918DFC6145}c:\\users\\dnmed\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\dnmed\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"TCP Query User{E0853EBD-EC74-45C3-99DD-28E6E7B20C66}c:\\program files\\spssinc\\spss16\\spss.exe"= UDP:c:\program files\spssinc\spss16\spss.exe:SPSS
"UDP Query User{83D362B1-6052-4D84-B187-50C1E0C2E393}c:\\program files\\spssinc\\spss16\\spss.exe"= TCP:c:\program files\spssinc\spss16\spss.exe:SPSS

R2 klnagent;Kaspersky Network Agent;c:\program files\Kaspersky Lab\NetworkAgent\klnagent.exe [17/03/2008 17:19 94608]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [13/10/2008 07:55 13312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [28/09/2009 11:51 1153368]
R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [16/09/2009 12:30 5120]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [13/10/2008 06:27 112128]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\System32\drivers\VMC326.sys [13/10/2008 08:17 238464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224438324-2662824499-76924528-1003Core.job
- c:\users\DNMED\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-09 11:21]

2009-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224438324-2662824499-76924528-1003UA.job
- c:\users\DNMED\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-09 11:21]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-28 20:52
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-28 20:54
ComboFix-quarantined-files.txt 2009-09-28 19:54
ComboFix2.txt 2009-09-28 11:19

Pre-Run: 33,262,473,216 bytes free
Post-Run: 33,122,877,440 bytes free

325 --- E O F --- 2009-09-28 11:20

Ajouter un commentaire

Réponse

nikau6 81Messages postés 10 août 2008Date d'inscription 30 novembre 2010Dernière intervention 28 sept. 2009 à 22:39

Je vais me coucher.Merci encore pout tes reponses.A demain :-)

Ajouter un commentaire

Réponse

nikau6 81Messages postés 10 août 2008Date d'inscription 30 novembre 2010Dernière intervention 29 sept. 2009 à 15:26

Salut Xplode.Voila, je suis de retour.Toujours les memes problemes

Ajouter un commentaire

Réponse

Xplode 7773Messages postés 21 août 2009Date d'inscription 19 mai 2012Dernière intervention 29 sept. 2009 à 16:34

Salut, peux tu me refaire un rapport RSIT pour savoir où l'on en est ?

Ajouter un commentaire

Réponse

nikau6 81Messages postés 10 août 2008Date d'inscription 30 novembre 2010Dernière intervention 29 sept. 2009 à 17:41

Voila le rapport,

Logfile of random's system information tool 1.06 (written by random/random)
Run by DNMED at 2009-09-29 16:40:27
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 31 GB (44%) free of 71 GB
Total RAM: 2008 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:40:32, on 29/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\Explorer.EXE
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\DNMED\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DNMED\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Users\DNMED\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DNMED\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DNMED\AppData\Local\Temp\dc79765393\4q59et.exe
C:\Users\DNMED\AppData\Local\Temp\dc79765393\g3n76XP.exe
C:\Users\DNMED\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DNMED\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\DNMED\Desktop\RSIT.exe
C:\Program Files\trend micro\DNMED.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\DNMED\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1.0FO\r3hook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Kaspersky Network Agent (klnagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

Ajouter un commentaire

Réponse

nikau6 81Messages postés 10 août 2008Date d'inscription 30 novembre 2010Dernière intervention 29 sept. 2009 à 17:58

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-08-05 2381312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-17 2098904]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-26 193456]
R3 VMC326;Vimicro Camera Service VMC326; C:\Windows\System32\Drivers\VMC326.sys [2008-09-03 238464]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2006-06-12 41984]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-15 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-15 16168]
S3 catchme;catchme; \??\C:\Users\DNMED\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-08-05 2381312]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-02-21 50688]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 VMC302;Vimicro Camera Service VMC302; C:\Windows\System32\Drivers\VMC302.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 DM1Service;DM1Service; C:\Program Files\Olympus\DeviceDetector\DM1Service.exe [2007-02-16 69632]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-07-10 819200]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-07-10 466944]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
S2 Samsung Update Plus;Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2008-05-13 77480]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-08-19 72704]
S3 AVP;Kaspersky Anti-Virus 6.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe [2009-08-08 231952]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 klnagent;Kaspersky Network Agent; C:\Program Files\Kaspersky Lab\NetworkAgent\klnagent.exe [2008-03-17 94608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]

-----------------EOF-----------------
de voir que le rapport n'est pas entier.Voici la suite.

Ajouter un commentaire

Réponse

Xplode 7773Messages postés 21 août 2009Date d'inscription 19 mai 2012Dernière intervention 29 sept. 2009 à 18:15

- Télécharge OTMoveIt (de Old_Timer) http://up.sur-la-toile.com/ik3a sur ton Bureau.
- Double-clique sur OTMoveIt.exe
- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
- Copie le texte en gras ci dessous et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved

:processes
explorer.exe

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopRock]

:files
C:\Users\DNMED\AppData\Local\Temp\b.exe

:commands
[emptytemp]
[purity]
[start explorer]

- Clique sur MoveIt! pour lancer la suppression.
- Si OTMoveIt propose de redémarrer ton PC, accepte.
- Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.
- Dans ta future réponse, envoie le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles

Ajouter un commentaire

Réponse

nikau6 81Messages postés 10 août 2008Date d'inscription 30 novembre 2010Dernière intervention 29 sept. 2009 à 18:57

voila le rapport :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopRock\\ deleted successfully.
========== FILES ==========
File/Folder C:\Users\DNMED\AppData\Local\Temp\b.exe not found.
========== COMMANDS ==========
File delete failed. C:\Users\DNMED\AppData\Local\Temp\dc79765393\4q59et.exe scheduled to be deleted on reboot.
File delete failed. C:\Users\DNMED\AppData\Local\Temp\dc79765393\g3n76xp.exe scheduled to be deleted on reboot.
File delete failed. C:\Users\DNMED\AppData\Local\Temp\etilqs_2alFPnw0bsjeiG9Sr8fM scheduled to be deleted on reboot.
File delete failed. C:\Users\DNMED\AppData\Local\Temp\etilqs_8WGghewsTBeiCMpmYjBI scheduled to be deleted on reboot.
File delete failed. C:\Users\DNMED\AppData\Local\Temp\hGu8YnFX.dll scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 09292009_174939

Files moved on Reboot...
C:\Users\DNMED\AppData\Local\Temp\dc79765393\4q59et.exe moved successfully.
C:\Users\DNMED\AppData\Local\Temp\dc79765393\g3n76xp.exe moved successfully.
File C:\Users\DNMED\AppData\Local\Temp\etilqs_2alFPnw0bsjeiG9Sr8fM not found!
File C:\Users\DNMED\AppData\Local\Temp\etilqs_8WGghewsTBeiCMpmYjBI not found!
DllUnregisterServer procedure not found in C:\Users\DNMED\AppData\Local\Temp\hGu8YnFX.dll
C:\Users\DNMED\AppData\Local\Temp\hGu8YnFX.dll NOT unregistered.
C:\Users\DNMED\AppData\Local\Temp\hGu8YnFX.dll moved successfully.

Ajouter un commentaire

Réponse

Xplode 7773Messages postés 21 août 2009Date d'inscription 19 mai 2012Dernière intervention 29 sept. 2009 à 19:01

Ok, tu peux refaire un RSIT ?

Ajouter un commentaire

1 2

Répondre au sujet

Posez votre question

Dossier à la une

Passage au tout numérique : quel coût pour les particuliers ?

Passage au tout numérique : quel coût pour les particuliers ?

Combien cela coûte-t-il au total ? Quelles aides apportent l'état et les acteurs du marché pour alléger cette charge non choisie ? Tous les détails sur Commentçamarche.net.

Virus msa.exe b.exe

Virus msa.exe b.exe »

Passage au tout numérique : quel coût pour les particuliers ?