Bonsoir Trying2
désolé pour l'attente
rapport usbfix
############################## | UsbFix V6.042 |
User : pat (Administrateurs) # BAROUNETTE
Update on 15/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 22:04:40 | 25/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
AMD Athlon(tm) 64 Processor 3400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Disabled
AV : Sophos Anti-Virus [ Enabled | Updated ]
FW : Sophos Client Firewall[ (!) Disabled ]
C:\ -> Disque fixe local # 137,53 Go (10,69 Go free) [ACER] # NTFS
D:\ -> Disque fixe local # 138,96 Go (125,75 Go free) [ACERDATA] # FAT32
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque fixe local # 149,01 Go (106,09 Go free) [My Passport] # FAT32
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\WINDOWS\system32\autorun.ini
Supprimé ! G:\autorun.inf
Supprimé ! G:\setup.exe
################## | Registre # Clés Run infectieuses |
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{24d0f48a-723e-11de-9683-00016ce49acd}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{a607c84e-6d31-11dc-8db6-00016ce49acd}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c81077a8-7bd9-11dd-954d-00016ce49acd}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[25/10/2009 08:05|--a------|3074] C:\Ad-Report-SCAN[1].log
[23/06/2005 22:11|--a------|50] C:\AUTOEXEC.BAT
[11/01/2008 20:03|--ahs----|216] C:\boot.ini
[05/08/2004 04:00|-rahs----|4952] C:\Bootfont.bin
[23/06/2005 21:48|--ahs----|512] C:\BOOTSECT.DOS
[23/06/2005 22:01|--a------|0] C:\CONFIG.SYS
[12/12/2008 23:52|--a------|133] C:\DealioAu.log
[10/08/2001 00:00|--a------|53248] C:\gendel32.exe
[?|?|?] C:\hiberfil.sys
[23/06/2005 22:01|-rahs----|0] C:\IO.SYS
[23/06/2005 22:01|-rahs----|0] C:\MSDOS.SYS
[05/08/2004 04:00|-rahs----|47564] C:\NTDETECT.COM
[24/10/2009 14:11|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[24/06/2005 08:22|-rahs----|75] C:\PRELOAD.AAA
[24/03/2006 15:32|--a------|207] C:\Raccourci vers Lecteur CD.lnk
[25/10/2009 22:07|--a------|3688] C:\UsbFix.txt
[20/04/2008 12:29|--a------|839] C:\WinxError.log
[14/01/2006 17:03|--a------|98131] D:\Nero Burning Rom v7.0.1.2 Premium Keygen.rar
[14/01/2006 09:15|--a------|112918248] D:\nero_nero_7.0.1.4b_francais_10297.exe
[18/12/2007 13:03|--a------|4574208] G:\WDSync.exe
[15/07/2008 14:09|--a------|78] G:\Install.log
[21/12/2007 14:56|--ah-----|69] G:\autorun.in_2.org
[08/10/2008 14:31|--a------|373454848] G:\Desperate_Housewives_4X09 TTS.avi
[09/10/2008 06:09|--a------|367720448] G:\Desperate_Housewives_4X10 TTS.avi
[09/10/2008 10:53|--a------|366952448] G:\Desperate_Housewives_4X12 TTS.avi
[09/10/2008 14:06|--a------|368478208] G:\Desperate_Housewives_4X13 TTS.avi
[08/10/2008 09:01|--a------|366983168] G:\Desperate_Housewives_4X06 TTS.avi
[09/10/2008 08:10|--a------|364257280] G:\Desperate_Housewives_4X07 TTS.avi
[08/10/2008 10:55|--a------|366944256] G:\Desperate_Housewives_4X08 TTS.avi
[10/10/2008 06:16|--a------|367167844] G:\Desperate_Housewives_4X11 TTS.avi
[10/10/2008 06:18|--a------|367085568] G:\Desperate_Housewives_4X14 TTS.avi
[10/10/2008 08:24|--a------|366325760] G:\Desperate_Housewives_4X15 TTS.avi
[10/10/2008 10:07|--a------|366487552] G:\Desperate_Housewives_4X16 TTS.avi
[10/10/2008 11:16|--a------|367611904] G:\Desperate_Housewives_4X17 TTS.avi
[29/10/2008 10:28|--a------|731295744] G:\Kung.Fu.Panda.FRENCH.DVDRiP.XviD-ULTRASON.avi
################## | Vaccination |
# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# G:\autorun.inf -> Folder created by UsbFix.
################## | Upload |
Veuillez envoyer le fichier : C:\DOCUME~1\pat\Bureau\UsbFix_Upload_Me_BAROUNETTE.zip : http://forum-aide-contre-virus.be/usbfix/choix_fichier.php
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.042 ! |
rapport ad
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_A | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 18.10.2009 à 19:05
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 22:14:37, 25/10/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: BAROUNETTE | Utilisateur actuel: pat
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
HKCU\Software\iMesh
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKCU\Software\Search Settings
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Search Settings
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKLM\Software\Classes\CLSID\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
.
C:\DOCUME~1\pat\APPLIC~1\Search Settings
C:\Program Files\Dealio
C:\Program Files\iMesh Applications
C:\Program Files\Search Settings
C:\Windows\Installer\4721d3.msi
(!) -- Fichiers temporaires supprimés.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.3 [fr] *
.
Nom du profil: gdzpy4hh.default (pat)
.
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.3");
.
.
* Internet Explorer Version 7.0.5730.11 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page: hxxp://www.google.com
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://fr.yahoo.com
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://fr.msn.com/
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Bases\Patches\patch_ppro_5.0.388_390_to_5.0.391.exe
.
===================================
.
2651 Octet(s) - C:\Ad-Report-CLEAN[1].log
3074 Octet(s) - C:\Ad-Report-SCAN[1].log
.
1 Fichier(s) - C:\DOCUME~1\pat\LOCALS~1\Temp
2 Fichier(s) - C:\WINDOWS\Temp
.
19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
68 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 22:21:50 | 25/10/2009 - CLEAN[1]
.
============== E.O.F ==============
.
rapport cleannavi
Fix Navipromo version 4.0.3 commencé le 25/10/2009 22:25:25,81
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 21.10.2009 à 22h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : pat ( Administrator )
BOOT : Normal boot
Antivirus : Sophos Anti-Virus (Activated)
Firewall : Sophos Client Firewall (Not Activated)
C:\ (Local Disk) - NTFS - Total:137 Go (Free:12 Go)
D:\ (Local Disk) - FAT32 - Total:138 Go (Free:125 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (Local Disk) - FAT32 - Total:149 Go (Free:106 Go)
H:\ (USB)
I:\ (USB)
J:\ (USB)
Recherche executée en mode normal
Nettoyage exécuté au redémarrage de l'ordinateur
C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\anfeepke.dat supprimé !
C:\WINDOWS\system32\djzgnet.dat supprimé !
C:\WINDOWS\system32\jokoa.dat supprimé !
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\pat\locals~1\Temp effectué !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
*** Scan terminé 25/10/2009 22:30:16,82 ***
etape 4 --> rapport log
Logfile of random's system information tool 1.06 (written by random/random)
Run by pat at 2009-10-25 22:38:03
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 13 GB (9%) free of 141 GB
Total RAM: 1023 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:10, on 25/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\pat\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\pat.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/telechargement/Photoweb_Uploader.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://ssl-tb.sitadelle.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.1.0.56.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Créateur de rapports d'état Sophos Anti-Virus (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Client Firewall - Sophos Plc - C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
O23 - Service: Sophos Client Firewall Manager - Sophos Plc - C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
End of file - 9090 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\Symantec NetDetect.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}]
Sophos Web Content Scanner - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [2009-06-25 240680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-26 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-07 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-26 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4}]
Pando Toolbar BHO - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2008-11-03 266240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{A057A204-BACC-4D26-C39E-35F1D2A32EC8}
{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - Pando Toolbar - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL [2008-11-03 266240]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-26 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2006-04-15 180269]
"Piolet"=C:\Program Files\Piolet\Piolet.exe SILENT []
"Spyware-Secure"=C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 149280]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ares"=C:\Program Files\Ares\Ares.exe -h []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-01-27 251264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe [2009-01-06 2356088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AspireService]
C:\Program Files\Acer\Acer eMode Management\AspireService.exe [2005-09-26 114688]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration de la C-BOX]
C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe [2004-12-21 395264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Program Files\Acer\eRecovery\Monitor.exe [2005-06-20 352256]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50]
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe /minimize []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaSync]
C:\Program Files\Acer\Acer eConsole\MediaSync.exe [2005-09-21 425984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-05 59392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-10-07 131072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-07-15 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check]
C:\Program Files\Fichiers communs\DriveCleaner 2006 Free\SDRmon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [2005-11-10 36975]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2006-04-15 180269]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yywfwqw]
c:\windows\system32\yywfwqw.exe yywfwqw []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-10 738968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Akimania.com.lnk]
C:\PROGRA~1\Akimania.com\POCHET~1.0\AKIMAN~1.EXE [2006-01-23 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^pat^Menu Démarrer^Programmes^Démarrage^Outil de détection de support de Cyber-shot Viewer.lnk]
C:\PROGRA~1\Sony\SONYPI~1\VOLUME~1\SPUVOL~1.EXE [2005-10-28 155648]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-03-23 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SAVService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Sophos Client Firewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Sophos Client Firewall Manager]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0
"NoDriveAutoRun"=FFFFFFFF
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2009-10-25 22:25:25 ----A---- C:\cleannavi.txt
2009-10-25 22:24:40 ----D---- C:\Program Files\Navilog1
2009-10-25 22:07:48 ----RASHD---- C:\autorun.inf
2009-10-25 22:04:10 ----A---- C:\UsbFix.txt
2009-10-25 08:13:04 ----D---- C:\UsbFix
2009-10-25 07:57:30 ----D---- C:\Program Files\Ad-Remover
2009-10-24 14:36:39 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-24 14:34:38 ----D---- C:\WINDOWS\Prefetch
2009-10-24 14:26:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-24 14:25:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-24 14:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-24 14:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-24 14:25:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-24 14:25:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-24 14:25:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-24 14:25:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-24 14:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-24 14:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-24 14:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-24 14:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-24 14:24:46 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-24 14:24:38 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-24 14:24:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-10-24 14:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-24 14:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-10-24 14:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-24 14:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-10-24 14:23:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-10-24 14:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-10-24 14:23:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-24 14:23:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-24 14:23:20 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-10-24 14:23:13 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-24 14:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-10-24 14:23:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-10-24 14:22:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-10-24 14:22:52 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-10-24 14:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-10-24 14:22:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-24 14:22:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-10-24 14:22:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-10-24 14:22:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-10-24 14:22:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-10-24 14:21:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-10-24 14:21:47 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2009-10-24 14:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-10-24 14:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-10-24 14:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-10-24 14:21:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-10-24 14:21:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-10-24 14:21:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-10-24 14:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-10-24 14:20:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-10-24 14:20:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-10-24 14:20:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-10-24 14:20:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-10-24 14:20:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-10-24 14:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-10-24 14:20:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-10-24 14:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-24 14:18:01 ----A---- C:\WINDOWS\setuplog.txt
2009-10-24 14:17:08 ----D---- C:\WINDOWS\l2schemas
2009-10-24 14:17:07 ----D---- C:\WINDOWS\system32\fr
2009-10-24 14:17:07 ----D---- C:\WINDOWS\system32\bits
2009-10-24 14:06:53 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-10-24 14:06:52 ----D---- C:\WINDOWS\EHome
2009-10-24 12:50:23 ----D---- C:\Program Files\trend micro
2009-10-24 12:50:22 ----D---- C:\rsit
2009-10-24 12:13:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-23 20:44:20 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-23 20:44:19 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-23 20:44:19 ----A---- C:\WINDOWS\system32\java.exe
2009-10-23 14:24:15 ----D---- C:\Documents and Settings\pat\Application Data\Malwarebytes
2009-10-23 14:24:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-23 14:22:09 ----D---- C:\Casino
2009-10-22 22:39:51 ----A---- C:\WINDOWS\system32\6334.exe
2009-10-22 21:39:51 ----A---- C:\WINDOWS\system32\18467.exe
2009-10-22 21:30:21 ----D---- C:\Program Files\Avira
2009-10-22 21:30:21 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-10-17 02:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-17 02:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-17 02:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2009-10-17 02:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2009-10-17 02:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2009-10-17 02:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2009-10-17 02:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971486_0$
2009-10-17 02:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-17 02:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2009-10-14 22:25:10 ----A---- C:\WINDOWS\mxcdr.INI
2009-10-13 20:16:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-13 19:37:48 ----A---- C:\WINDOWS\system32\41.exe
2009-10-13 02:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
======List of files/folders modified in the last 1 months======
2009-10-25 22:32:10 ----D---- C:\Program Files\Mozilla Firefox
2009-10-25 22:31:22 ----D---- C:\WINDOWS\Temp
2009-10-25 22:30:01 ----SD---- C:\WINDOWS\Tasks
2009-10-25 22:29:51 ----AD---- C:\WINDOWS\system32
2009-10-25 22:29:32 ----A---- C:\WINDOWS\ODBC.INI
2009-10-25 22:29:20 ----AD---- C:\WINDOWS
2009-10-25 22:27:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-25 22:24:40 ----D---- C:\Program Files
2009-10-25 22:21:46 ----SHD---- C:\WINDOWS\Installer
2009-10-25 22:07:43 ----SHD---- C:\RECYCLER
2009-10-25 10:38:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-10-25 08:52:10 ----HD---- C:\WINDOWS\inf
2009-10-25 08:52:04 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-25 08:51:56 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-24 14:37:10 ----D---- C:\WINDOWS\Debug
2009-10-24 14:33:32 ----RSD---- C:\WINDOWS\Fonts
2009-10-24 14:33:32 ----D---- C:\WINDOWS\system32\wbem
2009-10-24 14:33:32 ----D---- C:\WINDOWS\system32\Setup
2009-10-24 14:33:32 ----D---- C:\WINDOWS\AppPatch
2009-10-24 14:33:30 ----AD---- C:\WINDOWS\system32\drivers
2009-10-24 14:32:47 ----D---- C:\WINDOWS\security
2009-10-24 14:26:05 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-10-24 14:26:05 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-24 14:25:27 ----D---- C:\Program Files\Outlook Express
2009-10-24 14:24:58 ----AD---- C:\i386
2009-10-24 14:20:28 ----D---- C:\Program Files\Messenger
2009-10-24 14:17:28 ----D---- C:\WINDOWS\WinSxS
2009-10-24 14:17:21 ----D---- C:\WINDOWS\network diagnostic
2009-10-24 14:17:21 ----D---- C:\WINDOWS\ime
2009-10-24 14:17:21 ----D---- C:\WINDOWS\Help
2009-10-24 14:17:09 ----D---- C:\WINDOWS\system32\fr-fr
2009-10-24 14:17:08 ----D---- C:\WINDOWS\system32\usmt
2009-10-24 14:17:07 ----D---- C:\WINDOWS\PeerNet
2009-10-24 14:17:07 ----D---- C:\Program Files\Movie Maker
2009-10-24 14:14:30 ----D---- C:\WINDOWS\ServicePackFiles
2009-10-24 14:14:24 ----D---- C:\WINDOWS\system32\Restore
2009-10-24 14:14:24 ----D---- C:\WINDOWS\system32\npp
2009-10-24 14:14:22 ----D---- C:\WINDOWS\msagent
2009-10-24 14:14:21 ----D---- C:\WINDOWS\srchasst
2009-10-24 14:14:19 ----D---- C:\Program Files\NetMeeting
2009-10-24 14:14:17 ----D---- C:\WINDOWS\system32\Com
2009-10-24 14:14:16 ----D---- C:\Program Files\Windows NT
2009-10-24 14:14:16 ----D---- C:\Program Files\Windows Media Player
2009-10-24 14:14:13 ----D---- C:\Program Files\Fichiers communs\System
2009-10-24 14:13:40 ----AD---- C:\WINDOWS\system32\oobe
2009-10-24 14:13:38 ----AD---- C:\WINDOWS\system
2009-10-24 12:47:37 ----D---- C:\Program Files\Fichiers communs
2009-10-23 20:44:03 ----D---- C:\Program Files\Java
2009-10-20 21:15:02 ----D---- C:\Program Files\MediaCoder
2009-10-20 21:14:47 ----D---- C:\Program Files\VirtualDubMOD
2009-10-18 02:16:43 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-18 02:16:35 ----RSD---- C:\WINDOWS\assembly
2009-10-18 02:04:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-16 15:59:30 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-15 20:20:37 ----D---- C:\Documents and Settings\pat\Application Data\LimeWire
2009-10-15 20:10:06 ----D---- C:\Program Files\Lavasoft
2009-10-15 20:09:37 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-14 22:28:19 ----A---- C:\WINDOWS\homeDVD-Photos5_dlx.INI
2009-10-06 22:06:59 ----A---- C:\WINDOWS\win.ini
2009-10-02 19:01:58 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Pilote de processeur AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38912]
R1 SAVOnAccessControl;SAVOnAccessControl; C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2009-01-05 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter; C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2009-01-05 38528]
R1 scfdriver;SCF Kernel Driver; \??\C:\WINDOWS\system32\Drivers\scfdriver.sys []
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R2 int15.sys;int15.sys; \??\C:\Program Files\Acer\eRecovery\int15.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-23 1034752]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-06-23 6144]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2004-09-10 52224]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-11-15 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-11-15 12928]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2004-09-10 412032]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 mstTADsk;mst TotalAccess Disk Driver; \??\C:\WINDOWS\system32\drivers\mstTADsk.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-08-23 47360]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 SophosBootDriver;SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [2008-05-23 14976]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-23 360448]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2006-08-21 54784]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 SAVAdminService;Créateur de rapports d'état Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2009-05-07 80936]
R2 SAVService;Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2008-08-21 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2009-06-11 172032]
R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager; C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe [2009-01-19 109608]
R2 Sophos Client Firewall;Sophos Client Firewall; C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe [2009-02-06 93224]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2008-10-23 85096]
S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2006-08-26 69120]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
bon courage !!!!!!!!!!! moi je ne comprends rien
Daemon tools windows 7
