Bonjour / bonsoir à tous ! 
Je rencontre depuis quelques semaines des problèmes pour naviguer sur internet (certains sites ne se chargent pas, d'autres mettent un temps certain, des publicités s'affichent alors qu'elles ne le faisaient pas par le passé ...).
Je peux éliminer ce problème temporairement à l'aide de Spybot, qui trouve et corrige toujours les mêmes problèmes : virtumonde.dll, virtumonde.prx et parfois encore un autre virtumonde.jenesaisplusquoi me semble-t-il. Bref après correction, tout fonctionne normalement mais, comme vous vous en doutez certainement, les mêmes problèmes reviennent encore et toujours, Spybot ne semble pas pouvoir les éliminer définitivement.
J'ai donc fait quelques recherches sur ce virus (je ne sais pas si c'est le bon terme) et sur les techniques à employer pour l'éradiquer. Malheureusement j'ai trouvé des dizaines de méthodes différentes qui nécessitent toutes des manipulations qui me semblent assez complexes (pour moi en tout cas, je suis assez loin d'être un expert en informatique 
) et qui de plus ne sont pas forcément adaptées à mon cas!
Donc plutôt que de me lancer dans des choses que je ne maitrise pas et qui risquent d'aggraver l'état de mon ordinateur plus qu'autre chose, je préfère m'en remettre à la générosité des experts de ce forum!
Je suis donc à vos ordres, prêt à me laisser guider sur le chemin d'un PC débarrassé de ce virtumonde de malheur (voir de ses autres petits amis virus si vous en découvrez d'autres en route).
Un énorme merci d'avance ! Et à bientôt !
Bonjour,
| Citation : Donc plutôt que de me lancer dans des choses que je ne maitrise pas et qui risquent d'aggraver l'état de mon ordinateur plus qu'autre chose, je préfère m'en remettre à la générosité des experts de ce forum! |
Tu as bien fait 
Télécharge Hijackthis (de Trend Micro) sur ton Bureau.
- Double clique sur HJTInstall.exe pour lancer l'installation.
- Clique sur Install.
- Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
- Accepte la licence en cliquant sur Yes.
- Clique sur "Do a system scan and save a logfile".
- Poste ici[ le rapport généré.
Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log
Aide : Comment utiliser HijackThis.
Sécurité / Prévention
Répondre à Egwene
Bonsoir, voila pour le rapport demandé !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:34, on 06/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - (no file)
O4 - HKLM\..\Run: [tempreg] regsvr32 /s "C:\Program Files\s300\s300_1202966199.dll"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BM2b76f54f] Rundll32.exe "C:\WINDOWS\system32\vgsrayfn.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2113210220
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - AppInit_DLLs: cmrwvo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
--
End of file - 10850 bytes
Re,
Télécharge Lop S&D.exe (d’ Eric 71 & Angeldark) sur ton bureau.
- Double-clique dessus pour lancer l'installation
- Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
- Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
- Patiente jusqu'à la fin du scan
- Poste le rapport généré (C:\lopR.txt)
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
Sécurité / Prévention
Répondre à Egwene
Et voilà ! 
--------------------\\ Lop S&D 4.2.4-5 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Default System BIOS
USER : utilisateur ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
Firewall : Norton Internet Security 2005 (Activated)
C:\ (Local Disk) - NTFS - Total : 54 Go Free : 13 Go
D:\ (Local Disk) - FAT32 - Total : 36 Go Free : 30 Go
E:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 07/10/2008| 4:01 )
--------------------\\ Listing des dossiers dans APPLIC~1
[06/10/2008|00:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[22/10/2007|02:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[22/10/2007|02:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[03/10/2008|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[08/01/2008|05:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Corel
[18/03/2008|15:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[13/03/2008|23:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[13/03/2008|23:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[04/02/2008|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[06/05/2005|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[07/01/2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[09/11/2007|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[18/09/2008|00:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[04/02/2008|16:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[17/10/2007|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[16/01/2008|02:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[06/05/2005|20:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[06/10/2008|23:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[06/05/2005|20:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[18/09/2008|00:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[15/02/2008|18:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
[26/05/2008|18:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
[16/09/2008|06:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[11/10/2007|16:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[06/05/2005|20:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[06/05/2005|20:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
[06/05/2005|20:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[06/05/2005|20:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[06/05/2005|19:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[06/05/2005|20:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[06/05/2005|19:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[06/05/2005|19:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[06/10/2008|00:25] C:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe
[12/02/2008|19:09] C:\DOCUME~1\UTILIS~1\APPLIC~1\Corel
[15/01/2008|05:26] C:\DOCUME~1\UTILIS~1\APPLIC~1\DAEMON Tools
[29/05/2008|05:19] C:\DOCUME~1\UTILIS~1\APPLIC~1\DivX
[30/05/2008|03:47] C:\DOCUME~1\UTILIS~1\APPLIC~1\dvdcss
[18/12/2007|12:55] C:\DOCUME~1\UTILIS~1\APPLIC~1\Help
[06/05/2005|20:01] C:\DOCUME~1\UTILIS~1\APPLIC~1\Identities
[12/02/2008|18:50] C:\DOCUME~1\UTILIS~1\APPLIC~1\InstallShield
[06/05/2005|20:21] C:\DOCUME~1\UTILIS~1\APPLIC~1\Intel
[06/05/2005|20:07] C:\DOCUME~1\UTILIS~1\APPLIC~1\InterTrust
[02/03/2008|21:55] C:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia
[04/12/2007|16:13] C:\DOCUME~1\UTILIS~1\APPLIC~1\Media Player Classic
[06/05/2005|19:52] C:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft
[21/10/2007|19:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Mozilla
[04/02/2008|16:44] C:\DOCUME~1\UTILIS~1\APPLIC~1\Nokia
[04/02/2008|16:25] C:\DOCUME~1\UTILIS~1\APPLIC~1\Nokia Multimedia Player
[29/04/2008|18:51] C:\DOCUME~1\UTILIS~1\APPLIC~1\Nvu
[28/04/2008|22:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\OpenOffice.org2
[04/02/2008|16:18] C:\DOCUME~1\UTILIS~1\APPLIC~1\PC Suite
[15/01/2008|05:38] C:\DOCUME~1\UTILIS~1\APPLIC~1\SecuROM
[14/11/2007|12:22] C:\DOCUME~1\UTILIS~1\APPLIC~1\SopCast
[15/01/2008|05:39] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sports Interactive
[22/10/2007|04:01] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sun
[06/05/2005|20:13] C:\DOCUME~1\UTILIS~1\APPLIC~1\Symantec
[30/04/2008|02:33] C:\DOCUME~1\UTILIS~1\APPLIC~1\SystemRequirementsLab
[21/10/2007|19:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Talkback
[14/11/2007|06:26] C:\DOCUME~1\UTILIS~1\APPLIC~1\Tenebril
[12/11/2007|13:53] C:\DOCUME~1\UTILIS~1\APPLIC~1\TVU Networks
[11/02/2008|22:25] C:\DOCUME~1\UTILIS~1\APPLIC~1\Ulead Systems
[07/10/2008|03:33] C:\DOCUME~1\UTILIS~1\APPLIC~1\uTorrent
[17/09/2008|02:49] C:\DOCUME~1\UTILIS~1\APPLIC~1\vlc
[23/11/2007|02:21] C:\DOCUME~1\UTILIS~1\APPLIC~1\WinRAR
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[23/09/2008 19:37][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[06/10/2008 22:37][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[06/10/2008|01:06] C:\Program Files\Adobe
[07/01/2008|20:24] C:\Program Files\Alwil Software
[22/10/2007|02:51] C:\Program Files\Apple Software Update
[06/05/2005|20:08] C:\Program Files\ASUS
[06/05/2005|20:12] C:\Program Files\ATI Technologies
[03/10/2008|01:47] C:\Program Files\Avira
[03/10/2008|03:12] C:\Program Files\Bluetack
[04/02/2008|02:25] C:\Program Files\Bullfrog
[20/05/2008|13:57] C:\Program Files\CCleaner
[06/05/2005|19:54] C:\Program Files\CONEXANT
[06/10/2008|01:24] C:\Program Files\Corel
[16/01/2008|01:52] C:\Program Files\DIFX
[27/05/2008|16:45] C:\Program Files\DivX
[03/02/2008|23:38] C:\Program Files\DOSBox-0.72
[19/05/2008|20:44] C:\Program Files\Eidos
[06/10/2008|22:39] C:\Program Files\Fichiers communs
[21/05/2008|17:10] C:\Program Files\Firaxis Games
[17/01/2008|08:50] C:\Program Files\FM Modifier 2.2
[21/10/2007|19:45] C:\Program Files\Free.fr
[04/12/2007|05:17] C:\Program Files\Game Cam v1.4
[18/09/2008|00:21] C:\Program Files\InstallShield Installation Information
[06/05/2005|20:12] C:\Program Files\Intel
[10/04/2008|03:08] C:\Program Files\Internet Explorer
[15/09/2008|17:52] C:\Program Files\Java
[07/01/2008|20:32] C:\Program Files\Lavasoft
[18/03/2008|13:33] C:\Program Files\MagicISO
[06/10/2008|01:36] C:\Program Files\Mario Forever
[06/05/2005|19:58] C:\Program Files\Messenger
[15/09/2008|13:03] C:\Program Files\Messenger Plus! Live
[06/05/2005|20:01] C:\Program Files\microsoft frontpage
[13/05/2008|17:34] C:\Program Files\Microsoft Games
[11/02/2008|18:57] C:\Program Files\Microsoft GIF Animator
[17/10/2007|19:57] C:\Program Files\Microsoft Office
[17/10/2007|19:59] C:\Program Files\Microsoft Visual Studio
[17/10/2007|19:59] C:\Program Files\Microsoft Works
[17/10/2007|19:57] C:\Program Files\Microsoft.NET
[06/05/2005|19:59] C:\Program Files\Movie Maker
[07/10/2008|01:58] C:\Program Files\Mozilla Firefox
[17/10/2007|19:00] C:\Program Files\MSBuild
[06/05/2005|19:57] C:\Program Files\MSN
[06/05/2005|19:58] C:\Program Files\MSN Gaming Zone
[29/09/2008|12:11] C:\Program Files\MSN Messenger
[11/10/2007|17:28] C:\Program Files\MSXML 4.0
[06/05/2005|19:59] C:\Program Files\NetMeeting
[04/02/2008|16:37] C:\Program Files\Nokia
[06/05/2005|20:14] C:\Program Files\Norton Internet Security
[18/09/2008|00:32] C:\Program Files\Nvu
[06/05/2005|19:58] C:\Program Files\Online Services
[22/01/2008|16:12] C:\Program Files\OpenOffice.org 2.3
[06/05/2005|19:59] C:\Program Files\Outlook Express
[16/01/2008|01:51] C:\Program Files\PC Connectivity Solution
[02/10/2008|03:12] C:\Program Files\Power Tab Software
[22/10/2007|02:51] C:\Program Files\QuickTime
[14/05/2008|16:31] C:\Program Files\RayV
[17/10/2007|18:57] C:\Program Files\Reference Assemblies
[18/09/2008|00:30] C:\Program Files\RiseofAtlantis_at
[22/09/2008|06:56] C:\Program Files\s300
[18/12/2007|13:08] C:\Program Files\SAGEM
[06/05/2005|19:59] C:\Program Files\Services en ligne
[14/11/2007|12:22] C:\Program Files\SopCast
[15/01/2008|05:35] C:\Program Files\Sports Interactive
[06/10/2008|23:35] C:\Program Files\Spybot - Search & Destroy
[03/10/2008|03:20] C:\Program Files\SpywareBlaster
[06/10/2008|22:43] C:\Program Files\Steam
[06/05/2005|20:13] C:\Program Files\Symantec
[12/10/2007|09:02] C:\Program Files\SymNetDrv
[06/05/2005|20:10] C:\Program Files\Synaptics
[30/04/2008|02:33] C:\Program Files\SystemRequirementsLab
[04/05/2008|22:56] C:\Program Files\TmNationsForever
[06/10/2008|18:33] C:\Program Files\Trend Micro
[21/10/2007|19:43] C:\Program Files\Trust
[12/11/2007|13:55] C:\Program Files\TVUPlayer
[11/02/2008|22:20] C:\Program Files\Ulead Systems
[06/05/2005|20:18] C:\Program Files\Uninstall Information
[20/09/2008|07:38] C:\Program Files\uTorrent
[11/02/2008|21:54] C:\Program Files\Video-AVI to GIF-JPEG
[08/11/2007|08:21] C:\Program Files\VideoLAN
[07/11/2007|19:48] C:\Program Files\Windows Live
[17/10/2007|18:54] C:\Program Files\Windows Media Connect 2
[06/05/2005|19:58] C:\Program Files\Windows Media Player
[06/05/2005|19:57] C:\Program Files\Windows NT
[06/05/2005|19:59] C:\Program Files\WindowsUpdate
[24/01/2008|20:50] C:\Program Files\WinLemm
[23/11/2007|02:20] C:\Program Files\WinRAR
[19/09/2008|23:06] C:\Program Files\World of Warcraft
[17/11/2007|08:24] C:\Program Files\WowCartographe
[06/05/2005|20:01] C:\Program Files\xerox
[15/01/2008|05:37] C:\Program Files\Zero G Registry
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[06/10/2008|01:10] C:\Program Files\Fichiers communs\Adobe
[21/10/2007|15:05] C:\Program Files\Fichiers communs\Blizzard Entertainment
[17/10/2007|19:59] C:\Program Files\Fichiers communs\DESIGNER
[06/05/2005|20:07] C:\Program Files\Fichiers communs\InstallShield
[15/09/2008|17:50] C:\Program Files\Fichiers communs\Java
[04/02/2008|16:33] C:\Program Files\Fichiers communs\Microsoft Shared
[06/05/2005|19:59] C:\Program Files\Fichiers communs\MSSoap
[04/02/2008|16:34] C:\Program Files\Fichiers communs\Nokia
[06/05/2005|19:53] C:\Program Files\Fichiers communs\ODBC
[16/01/2008|01:52] C:\Program Files\Fichiers communs\PCSuite
[06/05/2005|19:59] C:\Program Files\Fichiers communs\Services
[06/05/2005|19:53] C:\Program Files\Fichiers communs\SpeechEngines
[06/10/2008|23:34] C:\Program Files\Fichiers communs\Symantec Shared
[06/05/2005|19:59] C:\Program Files\Fichiers communs\System
[01/10/2008|00:24] C:\Program Files\Fichiers communs\Wise Installation Wizard
--------------------\\ Process
( 67 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\UTILIS~1\Cookies\utilisateur@adopt.euroclick[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-07 04:09:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\kuosg.dat 5415 bytes
C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\kuosg.exe 294912 bytes executable
C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\kuosg_nav.dat 280584 bytes
C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\kuosg_navps.dat 334 bytes
scan completed successfully
hidden processes: 0
hidden files: 37
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\kuosg.dat
C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\kuosg.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\kuosg_nav.dat
C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\kuosg_navps.dat
C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\oesmi.dat
C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\oesmi.exe
C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\oesmi_nav.dat
C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\oesmi_navps.dat
==> EGDACCESS <==
C:\WINDOWS\system32\IPstAGgh.ini
C:\WINDOWS\system32\IPstAGgh.ini2
==> VUNDO <==
[F:19][D:13]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp
[F:44][D:0]-> C:\DOCUME~1\UTILIS~1\Cookies
[F:964][D:4]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 07/10/2008| 4:14 - Option : [1]
--------------------\\ Fin du rapport a 4:14:39
Re,
Télécharge Navilog (de Il-Mafioso)
Enregistre-le sur ton Bureau.
Installe-le en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)
Une fois l'installation terminée, fais un clic droit sur le raccourci navilog1 puis choisis "Exécuter en tant qu'administrateur". ( Pour Vista)
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.
Le rapport se trouve ici :C:\fixnavi.txt
Sécurité / Prévention
Répondre à Egwene
Bonjour !
Voila le nouveau rapport :
Search Navipromo version 3.6.6 commencé le 07/10/2008 à 13:13:57,84
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "utilisateur"
Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\utilisateur\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\utilisateur\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\utilisateur\menud+~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
Fichiers trouvés :
lszzwlgivo.exe trouvé !
wyalqfq.exe trouvé !
* Recherche dans "C:\Documents and Settings\utilisateur\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\utilisateur\locals~1\applic~1" :
oesmi.dat trouvé !
oesmi.exe trouvé !
oesmi_nav.dat trouvé !
oesmi_navps.dat trouvé !
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
C:\WINDOWS\system32\IPstAGgh.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 07/10/2008 à 13:30:14,46 ***
Re,
Double clique sur le raccourci de navilog1.
Option 2 puis valide. (entrée)
Laisse toi guider.
Ton ordinateur va redémarrer, sinon fais le manuellement.
Ton bureau va disparaître.
Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"
Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Sauvegarde le rapport.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
Démarrer -> panneau de configuration -> options internet
Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" :
Montorgueil ; VIP
~~> Supprime-les si présents ! (pas les autres) <~~
Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.
+++++++++++
Les programmes suivants installent cette infection :
* Favorit
* Go-astro
* GoRecord
* HotTVPlayer
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* sudoplanet
* Webmediaplayer : sauf celui provenant du site suivant > http://www.azertysite.new.fr/
* Sur le site www.games-desktop.com (Ne pas aller dessus!)
Sécurité / Prévention
Répondre à Egwene
Re,
C'est normal
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Sécurité / Prévention
Répondre à Egwene
Bien le bonjour !
Voila le rapport de MalwareByte's Anti-Malware :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1241
Windows 5.1.2600 Service Pack 2
08/10/2008 18:16:09
mbam-log-2008-10-08 (18-16-09).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 139401
Temps écoulé: 1 hour(s), 50 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 71
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\hgGAtsPI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uebogk.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98d714df-8e1b-460a-a6a5-66e2afd4cdd6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d714df-8e1b-460a-a6a5-66e2afd4cdd6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5054c48-b751-489d-9ece-f0156ff790b6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{c5054c48-b751-489d-9ece-f0156ff790b6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\s300.s300mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\s300.s300mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm2b76f54f (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\hggatspi -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\hggatspi -> Delete on reboot.
Dossier(s) infecté(s):
C:\Program Files\s300 (Trojan.BHO) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\uebogk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hgGAtsPI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\IPstAGgh.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\IPstAGgh.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ftruavlg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\glvaurtf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hhjuwpmc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmpwujhh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iajlqpty.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ytpqljai.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jlnowxgf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fgxwonlj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qgpxosfs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfsoxpgq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfbmquuk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kuuqmbfs.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulkihokb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bkohiklu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vhrxlbde.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\edblxrhv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wxbmuksi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iskumbxw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temporary Internet Files\Content.IE5\4IAO0NNC\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temporary Internet Files\Content.IE5\NDXDLN81\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\utilisateur\Local Settings\Temporary Internet Files\Content.IE5\YMWOCE13\kb678031[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001162.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001163.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001164.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001165.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001166.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001167.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001169.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001170.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001171.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001172.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001173.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001174.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001176.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001178.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001179.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001180.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001181.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{457BC0D9-E5D6-435E-80B9-A32C77394B1F}\RP5\A0001182.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\abgavy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\acgyscpp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ajnsttie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ajxqsm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bgnkzg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\btxgffjk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdwvbdgm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmrwvo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fhptnt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hduhettv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hirqvowx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hyftyt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\irrvibbe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lysohjqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nhyqvfob.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nixpbydc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ochgrhua.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oorlvu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmsshrqi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psmtmg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sbpdmw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\teeoxipk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uhukwijp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BM2b76f54f.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM2b76f54f.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
Bonjour,
On continue
Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
- Double-clique sur RSIT.exe afin de lancer RSIT.
- Clique Continue à l'écran Disclaimer.
- Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
- NB : Les rapports sont sauvegardés dans le dossier C:\rsit
- Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.
Sécurité / Prévention
Répondre à Egwene
Bonjour, voila les deux nouveaux rapports :
Logfile of random's system information tool 1.04 (written by random/random)
Run by utilisateur at 2008-10-09 19:49:27
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 14 GB (24%) free of 56 GB
Total RAM: 767 MB (22% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:34, on 09/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\utilisateur\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\utilisateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {036371A5-B1C3-44AD-B8C4-5EE36A1CB180} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2D7210C4-686D-4691-B370-7D5775EA9230} - (no file)
O2 - BHO: (no name) - {4E8126E1-FB11-4A3C-979D-7C72EABAB1E3} - (no file)
O2 - BHO: (no name) - {530dc8af-ff87-44e2-848e-1f9bf6a932a6} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {75B001FD-1270-4656-9D5F-882F9552F370} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9d5f27ea-4b24-4539-a49f-88f85ec89a0d} - (no file)
O2 - BHO: (no name) - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - (no file)
O2 - BHO: (no name) - {A26F0EEC-3FBB-4177-8791-CC23CC27223E} - (no file)
O2 - BHO: (no name) - {baca1d50-ccb3-4a19-bfdf-922e09490604} - (no file)
O2 - BHO: (no name) - {BBD0E43A-1DEE-4241-B140-53E5AD96B342} - (no file)
O2 - BHO: (no name) - {BCBA2385-F533-4E16-8D7F-F1B103F7D404} - (no file)
O2 - BHO: (no name) - {BF4C3097-35EB-41CC-BCA5-FE18554A8F4D} - (no file)
O2 - BHO: (no name) - {C8BEBA79-ED8B-4204-A042-A945C2BAB845} - (no file)
O2 - BHO: (no name) - {D868C9E0-7BAE-4B42-94A2-A0E37E30D1E0} - (no file)
O2 - BHO: (no name) - {E47A633F-8359-4971-9166-10EF6E9AA907} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - (no file)
O4 - HKLM\..\Run: [tempreg] regsvr32 /s "C:\Program Files\s300\s300_1202966199.dll"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BM2b76f54f] Rundll32.exe "C:\WINDOWS\system32\vgsrayfn.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2113210220
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - AppInit_DLLs: uebogk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
--
End of file - 12802 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{036371A5-B1C3-44AD-B8C4-5EE36A1CB180}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D7210C4-686D-4691-B370-7D5775EA9230}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E8126E1-FB11-4A3C-979D-7C72EABAB1E3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{530dc8af-ff87-44e2-848e-1f9bf6a932a6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75B001FD-1270-4656-9D5F-882F9552F370}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d5f27ea-4b24-4539-a49f-88f85ec89a0d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A20854FD-DDB5-4931-8F76-D11EA2364D94}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A26F0EEC-3FBB-4177-8791-CC23CC27223E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{baca1d50-ccb3-4a19-bfdf-922e09490604}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBD0E43A-1DEE-4241-B140-53E5AD96B342}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BCBA2385-F533-4E16-8D7F-F1B103F7D404}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF4C3097-35EB-41CC-BCA5-FE18554A8F4D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8BEBA79-ED8B-4204-A042-A945C2BAB845}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D868C9E0-7BAE-4B42-94A2-A0E37E30D1E0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E47A633F-8359-4971-9166-10EF6E9AA907}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll [2004-08-30 103568]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-10-19 218736]
{71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"tempreg"=regsvr32 /s C:\Program Files\s300\s300_1202966199.dll []
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-12-16 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-12-16 688218]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2007-10-12 100056]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SSC_UserPrompt"=c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe [2004-11-02 218240]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-16 73728]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2004-09-21 81920]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]
"NB Probe"=C:\Program Files\ASUS\NB Probe\NBProbe.exe [2004-12-08 765952]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-08-06 385024]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2004-11-03 94208]
"FLMOFFICE4DMOUSE"=C:\Program Files\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe [2007-10-21 370176]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2004-08-06 356352]
"ccApp"=c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2007-01-09 58984]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-11-30 344064]
"ASUS Live Update"=C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2003-09-19 172032]
""= []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"BM2b76f54f"=C:\WINDOWS\system32\vgsrayfn.dll []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"Steam"=c:\program files\steam\steam.exe [2008-10-08 1410296]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="uebogk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-12-16 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-08-06 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{32341E7E-C319-46DE-91D0-E30BB1A3CABA}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\Program Files\RayV\RayV\RayV.exe"="C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*
isabled:Flashget"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*isabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*isabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*isabled:IncrediMail"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92a2df4e-7802-11dc-8be4-806d6172696f}]
shell\AutoRun\command - E:\autorun.exe
======List of files/folders created in the last 1 months======
2008-10-09 19:49:27 ----D---- C:\rsit
2008-10-08 12:11:23 ----D---- C:\Documents and Settings\utilisateur\Application Data\Malwarebytes
2008-10-08 12:10:55 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-08 12:10:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-07 19:02:56 ----A---- C:\cleannavi.txt
2008-10-07 13:13:57 ----A---- C:\fixnavi.txt
2008-10-07 13:09:38 ----D---- C:\Program Files\Navilog1
2008-10-07 04:00:46 ----D---- C:\Lop SD
2008-10-07 03:08:40 ----A---- C:\lopR.txt
2008-10-06 23:34:42 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-06 18:33:32 ----D---- C:\Program Files\Trend Micro
2008-10-03 03:15:39 ----D---- C:\Program Files\SpywareBlaster
2008-10-03 03:12:41 ----D---- C:\Program Files\Bluetack
2008-10-03 03:12:03 ----D---- C:\WINDOWS\Downloaded Installations
2008-10-03 01:47:07 ----D---- C:\Program Files\Avira
2008-10-03 01:47:07 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-02 16:03:37 ----A---- C:\WINDOWS\system32\gitnhk.dll
2008-10-02 16:03:37 ----A---- C:\WINDOWS\system32\ckksvjny.dll
2008-10-02 03:12:47 ----D---- C:\Program Files\Power Tab Software
2008-10-01 16:05:38 ----SH---- C:\WINDOWS\system32\ngiqgryh.ini
2008-10-01 16:02:41 ----A---- C:\WINDOWS\system32\bvooii.dll
2008-10-01 16:02:39 ----A---- C:\WINDOWS\system32\tdioelcu.dll
2008-09-30 23:07:19 ----D---- C:\WINDOWS\pss
2008-09-30 22:55:47 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-29 23:33:31 ----SH---- C:\WINDOWS\system32\laamsmwf.ini
2008-09-25 01:29:45 ----SH---- C:\WINDOWS\system32\umfecoiw.ini
2008-09-23 22:16:33 ----SH---- C:\WINDOWS\system32\snrhdpna.ini
2008-09-21 22:08:59 ----SH---- C:\WINDOWS\system32\pmvnlqyn.ini
2008-09-19 13:02:06 ----SH---- C:\WINDOWS\system32\mwtmjsyo.ini
2008-09-18 22:04:01 ----SH---- C:\WINDOWS\system32\nagynrdh.ini
2008-09-18 01:20:15 ----A---- C:\WINDOWS\resetlog.txt
2008-09-17 13:01:41 ----SH---- C:\WINDOWS\system32\ptnkqkvq.ini
2008-09-16 06:27:49 ----A---- C:\WINDOWS\wininit.ini
2008-09-16 04:55:16 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 17:52:40 ----A---- C:\WINDOWS\system32\REN163.tmp
2008-09-15 17:52:39 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-15 17:52:39 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-15 17:52:39 ----A---- C:\WINDOWS\system32\java.exe
2008-09-15 17:50:04 ----D---- C:\Program Files\Fichiers communs\Java
2008-09-15 17:14:01 ----A---- C:\WINDOWS\system32\RENB1.tmp
2008-09-15 17:10:12 ----A---- C:\WINDOWS\system32\REN9F.tmp
2008-09-15 12:58:16 ----SH---- C:\WINDOWS\system32\jnmqmgkl.ini
======List of files/folders modified in the last 1 months======
2008-10-09 19:49:10 ----D---- C:\WINDOWS\Prefetch
2008-10-09 19:44:39 ----D---- C:\WINDOWS\Temp
2008-10-09 19:40:17 ----D---- C:\Program Files\Mozilla Firefox
2008-10-09 19:36:56 ----D---- C:\Program Files\Steam
2008-10-09 19:36:41 ----RD---- C:\Program Files
2008-10-09 19:36:41 ----D---- C:\Program Files\Fichiers communs
2008-10-09 18:04:55 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2008-10-08 18:20:21 ----D---- C:\WINDOWS\system32
2008-10-08 18:20:20 ----D---- C:\WINDOWS\system32\drivers
2008-10-08 18:20:20 ----D---- C:\WINDOWS
2008-10-08 03:35:02 ----D---- C:\Documents and Settings\utilisateur\Application Data\OpenOffice.org2
2008-10-07 22:45:55 ----D---- C:\Program Files\World of Warcraft
2008-10-07 20:49:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-07 19:09:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-07 03:33:26 ----D---- C:\Documents and Settings\utilisateur\Application Data\uTorrent
2008-10-06 01:36:08 ----D---- C:\Program Files\Mario Forever
2008-10-06 01:25:30 ----SHD---- C:\WINDOWS\Installer
2008-10-06 01:24:58 ----D---- C:\Program Files\Corel
2008-10-06 01:10:53 ----D---- C:\Program Files\Fichiers communs\Adobe
2008-10-06 01:06:42 ----D---- C:\Program Files\Adobe
2008-10-06 00:25:04 ----D---- C:\Documents and Settings\utilisateur\Application Data\Adobe
2008-10-06 00:19:29 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-03 03:12:44 ----RSD---- C:\WINDOWS\Fonts
2008-10-03 02:15:36 ----D---- C:\WINDOWS\Minidump
2008-10-02 03:12:48 ----D---- C:\WINDOWS\Help
2008-10-01 15:16:10 ----SHD---- C:\System Volume Information
2008-10-01 15:16:10 ----D---- C:\WINDOWS\system32\Restore
2008-10-01 14:39:41 ----RASH---- C:\boot.ini
2008-10-01 14:39:41 ----A---- C:\WINDOWS\win.ini
2008-10-01 14:39:41 ----A---- C:\WINDOWS\system.ini
2008-10-01 00:24:46 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-29 12:19:44 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-29 12:11:17 ----D---- C:\Program Files\MSN Messenger
2008-09-29 12:11:15 ----HD---- C:\WINDOWS\inf
2008-09-20 07:38:23 ----D---- C:\Program Files\uTorrent
2008-09-18 00:32:05 ----D---- C:\Program Files\Nvu
2008-09-18 00:30:43 ----D---- C:\Program Files\RiseofAtlantis_at
2008-09-18 00:28:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-18 00:21:18 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-18 00:18:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-17 02:49:50 ----D---- C:\Documents and Settings\utilisateur\Application Data\vlc
2008-09-16 06:43:49 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-09-15 17:52:25 ----D---- C:\Program Files\Java
2008-09-15 13:03:28 ----D---- C:\Program Files\Messenger Plus! Live
2008-09-15 12:57:17 ----SH---- C:\WINDOWS\system32\gfyvyyxr.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2004-07-20 20096]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-06-27 75072]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 266552]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-05-06 17056]
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-09-14 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-06 11354]
R2 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-16 2284864]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-12-16 873984]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 Cam5603C;BisonCam, USB2.0; C:\WINDOWS\System32\Drivers\Bs350u2.sys [2005-01-27 633728]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-09-14 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-09-14 200064]
R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-28 5760]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20071010.023\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20071010.023\NavEx15.Sys []
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-09-14 70144]
R3 SAVRT;SAVRT; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-03-28 11480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-03-28 171928]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-03-28 37016]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20071011.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-03-28 47192]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 18904]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-12-16 185824]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D.sys [2004-07-06 44544]
R3 w29n51;Pilote de carte de connexion réseau Intel(R) PRO/Wireless 2200BG pour Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-08-07 3210496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-09-14 685056]
S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 ser2pl;SAGEM USB-Serial; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-07-06 561152]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-06-12 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-07 149761]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-12-16 425984]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2004-07-20 90112]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe [2007-01-09 198248]
R2 ccProxy;Symantec Network Proxy; c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe [2006-06-14 235168]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2007-01-09 181864]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-08-06 86016]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
R2 ISSVC;ISSvc; c:\Program Files\Norton Internet Security\ISSVC.exe [2005-04-18 83584]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2005-10-19 177264]
R2 OwnershipProtocol;OwnershipProtocol; C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe [2004-08-06 98304]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-08-06 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-08-06 360521]
R2 SNDSrvc;Symantec Network Drivers Service; c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2007-03-28 206552]
R2 SPBBCSvc;Symantec SPBBCSvc; c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe [2004-07-21 173160]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2004-02-04 106496]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe [2005-10-19 67184]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccPwdSvc;Symantec Password Validation; c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe [2007-01-09 79464]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;SAVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-03-07 198368]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.04 2008-10-09 19:49:37
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007-->MsiExec.exe /X{E31C348B-63A9-4CBF-8D7F-D932ABB63244}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Age of Mythology-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Asus ChkMail-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Asus\Asus ChkMail\Uninst.isu"
ASUS Enhanced Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\SETUP.EXE" -l0x9
ASUS GameFace Live-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{68D8533B-9EE7-46AB-B8B2-D643F888C5DF}
ASUS Live Update-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\ASUS Live Update\Uninst.isu" -c"C:\Program Files\ASUS\ASUS Live Update\Uninst.dll"
ASUS Video Security-->c:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{169E414A-37C7-434E-9021-27A03AE087CD}
Asus_A6_ScreenSaver-->C:\WINDOWS\Asus_A6_ScreenSaver.scr /u
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
B.I.S.S. Hosts Manager-->MsiExec.exe /I{A931C76A-8189-4485-A686-53A91658CD30}
BisonCam, USB2.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9E3ACAB-1A3B-4B67-A653-916F250ABAD4}\SETUP.EXE" -l0x40c
CC_ccProxyExt-->MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ccPxyCore-->MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FM Modifier 2.22-->MsiExec.exe /I{AE86AE81-CD7F-496F-A39F-0210C985E71B}
Football Manager 2008-->"C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe
Game Cam v1.4-->MsiExec.exe /I{EBE7050B-7988-4BC3-BBFD-5C6828859483}
HijackThis 2.0.2-->"C:\Documents and Settings\utilisateur\Bureau\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Lemmings for Windows 95-->C:\Program Files\WinLemm\wlvsun10.exe uninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Magic ISO Maker v5.4 (build 0256)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU.msi-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft GIF Animator-->C:\Program Files\Microsoft GIF Animator\setup\GifACME.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
My Pictures And Sounds 7.15-->C:\Program Files\SAGEM\My Pictures And Sounds\Uninstall.exe
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Navilog1 3.6.6-->"C:\Program Files\Navilog1\unins000.exe"
NB Probe v3.0.0005-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\NB Probe\Uninst.isu" -c"C:\Program Files\ASUS\NB Probe\installDLL.dll"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_EA.exe
Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
Nokia Software Updater-->MsiExec.exe /X{3741689E-584D-40C9-B011-373A0371846D}
Norton AntiSpam-->MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security 2005 (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
OpenOffice.org 2.3-->MsiExec.exe /I{B087B0C3-F595-485A-B86B-73326BA8693A}
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Package de pilotes Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Package de pilotes Windows - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Power4 Gear-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe" -l0x9
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
SAGEM USB-Serial v2.0.2.1-->"C:\Program Files\SAGEM\USBSerial\Drivers\uninstall.exe" /ID=USBSerial_x86
SimCity 2000® Collection CD-->C:\WINDOWS\unin040c.exe -f"C:\Fichiers programmes\Maxis\SimCity 2000\DeIsL1.isu"
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_18261043\HXFSETUP.EXE -U -Iaus1826k.inf
SopCast 1.1.2-->C:\Program Files\SopCast\uninst.exe
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Symantec Script Blocking Installer-->MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Theme Hospital-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Bullfrog\Hospital\DeIsL1.isu"
TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"
TRUST MI-4550XP WIRELESS OPTICAL MINI MOUSE-->C:\Program Files\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\uninst00.exe
TVUPlayer 2.3.3.2-->C:\Program Files\TVUPlayer\uninst.exe
Update FMC V4.5 Vf-->"C:\Program Files\Sports Interactive\Football Manager 2008\data\db\unins000.exe"
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WINFLASH V2.15-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\WINFLASH\Uninst.isu"
World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Worms World Party-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~
Bonsoir,
Merci de visiter ce lien pour savoir comment installer et exécuter ComboFix :
http://www.bleepingcomputer.com/co [...] r-combofix
Cela inclut l'installation de la console de récupération windows si jamais elle n'est pas déjà été installée sur le PC. Il est vivement recommandé d'installer la console de récupération windows, car elle permet d'avoir accès à un très grand nombre de fonctionnalités dans le cas où le PC ne redémarrerait plus. C'est une sécurité supplémentaire en quelque sorte.
Une fois la console de récupération installée, vous aurez le choix au démarrage entre votre windows habituel et la console de récupération. Lancez votre windows habituel, puisque nous n'avons pas besoin d'utiliser la console de récupération, qui ne sert qu'en cas de problèmes. Par défaut, votre OS est sélectionné et il se lance automatiquement au bout de deux secondes. C'est normal
Merci de me poster dans ta prochaine réponse le rapport de combofix accompagné d'un nouveau rapport HijackThis.
Sécurité / Prévention
Répondre à Egwene
Bonsoir !
Les deux nouveaux rapports :
ComboFix 08-10-10.01 - utilisateur 2008-10-10 21:35:30.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.381 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\utilisateur\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\utilisateur\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\config.ini
C:\WINDOWS\system32\baicqurp.ini
C:\WINDOWS\system32\bvooii.dll
C:\WINDOWS\system32\ckksvjny.dll
C:\WINDOWS\system32\gfyvyyxr.ini
C:\WINDOWS\system32\gitnhk.dll
C:\WINDOWS\system32\gvualqyk.ini
C:\WINDOWS\system32\jnmqmgkl.ini
C:\WINDOWS\system32\laamsmwf.ini
C:\WINDOWS\system32\mwtmjsyo.ini
C:\WINDOWS\system32\nagynrdh.ini
C:\WINDOWS\system32\ngiqgryh.ini
C:\WINDOWS\system32\pmvnlqyn.ini
C:\WINDOWS\system32\ptnkqkvq.ini
C:\WINDOWS\system32\snrhdpna.ini
C:\WINDOWS\system32\tdioelcu.dll
C:\WINDOWS\system32\umfecoiw.ini
C:\WINDOWS\system32\welhmcfr.ini
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-10 au 2008-10-10 ))))))))))))))))))))))))))))))))))))
.
2008-10-10 20:58 . 2008-10-10 20:58 <REP> d-------- C:\ERDNT
2008-10-09 19:49 . 2008-10-09 19:49 <REP> d-------- C:\rsit
2008-10-08 12:11 . 2008-10-08 12:11 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Malwarebytes
2008-10-08 12:11 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-08 12:10 . 2008-10-08 12:11 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-08 12:10 . 2008-10-08 12:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-08 12:10 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-07 13:09 . 2008-10-07 19:14 <REP> d-------- C:\Program Files\Navilog1
2008-10-07 04:00 . 2008-10-07 04:14 <REP> d-------- C:\Lop SD
2008-10-06 23:34 . 2008-10-06 23:35 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-06 18:33 . 2008-10-06 18:33 <REP> d-------- C:\Program Files\Trend Micro
2008-10-03 03:15 . 2008-10-03 03:20 <REP> d-------- C:\Program Files\SpywareBlaster
2008-10-03 03:12 . 2008-10-03 03:12 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-10-03 03:12 . 2008-10-03 03:12 <REP> d-------- C:\Program Files\Bluetack
2008-10-03 01:47 . 2008-10-03 01:47 <REP> d-------- C:\Program Files\Avira
2008-10-03 01:47 . 2008-10-03 01:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-02 23:36 . 2008-10-10 12:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-02 23:36 . 2008-10-02 23:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-02 03:12 . 2008-10-02 03:12 <REP> d-------- C:\Program Files\Power Tab Software
2008-09-16 06:27 . 2008-10-06 00:17 3,580 --a------ C:\WINDOWS\wininit.ini
2008-09-16 04:55 . 2008-10-06 23:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 17:52 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\REN163.tmp
2008-09-15 17:50 . 2008-09-15 17:50 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-09-15 17:14 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\RENB1.tmp
2008-09-15 17:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\REN9F.tmp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-10 19:39 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-09 23:02 --------- d-----w C:\Program Files\Steam
2008-10-08 01:35 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\OpenOffice.org2
2008-10-07 20:45 --------- d-----w C:\Program Files\World of Warcraft
2008-10-07 01:33 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\uTorrent
2008-10-05 23:36 --------- d-----w C:\Program Files\Mario Forever
2008-10-05 23:24 --------- d-----w C:\Program Files\Corel
2008-10-05 23:10 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-30 22:24 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-29 10:11 --------- d-----w C:\Program Files\MSN Messenger
2008-09-20 05:38 --------- d-----w C:\Program Files\uTorrent
2008-09-17 22:32 --------- d-----w C:\Program Files\Nvu
2008-09-17 22:30 --------- d-----w C:\Program Files\RiseofAtlantis_at
2008-09-17 22:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 22:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 00:49 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\vlc
2008-09-16 04:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-09-15 15:52 --------- d-----w C:\Program Files\Java
2008-09-15 11:03 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-12 18:50 168 --sh--r C:\WINDOWS\system32\88DB2A202A.sys
2008-03-26 13:13 6,266 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-16 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-16 688218]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-10-12 100056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SSC_UserPrompt"="c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 218240]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 81920]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"NB Probe"="C:\Program Files\ASUS\NB Probe\NBProbe.exe" [2004-12-08 765952]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-08-06 385024]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2004-11-03 94208]
"FLMOFFICE4DMOUSE"="C:\Program Files\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe" [2007-10-21 370176]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-08-06 356352]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 344064]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 172032]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SoundMan"="SOUNDMAN.EXE" [2004-12-16 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe [2005-05-06 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-08-06 16:48 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=uebogk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-09-14 67456]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 44544]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 5824]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe
*Newly Created Service* - PROCEXP90
*Newly Created Service* - RMEDIA
.
Contenu du dossier 'Tâches planifiées'
2008-10-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{036371A5-B1C3-44AD-B8C4-5EE36A1CB180} - (no file)
BHO-{2D7210C4-686D-4691-B370-7D5775EA9230} - (no file)
BHO-{4E8126E1-FB11-4A3C-979D-7C72EABAB1E3} - (no file)
BHO-{530dc8af-ff87-44e2-848e-1f9bf6a932a6} - (no file)
BHO-{75B001FD-1270-4656-9D5F-882F9552F370} - (no file)
BHO-{9d5f27ea-4b24-4539-a49f-88f85ec89a0d} - (no file)
BHO-{A26F0EEC-3FBB-4177-8791-CC23CC27223E} - (no file)
BHO-{baca1d50-ccb3-4a19-bfdf-922e09490604} - (no file)
BHO-{BBD0E43A-1DEE-4241-B140-53E5AD96B342} - (no file)
BHO-{BCBA2385-F533-4E16-8D7F-F1B103F7D404} - (no file)
BHO-{BF4C3097-35EB-41CC-BCA5-FE18554A8F4D} - (no file)
BHO-{C8BEBA79-ED8B-4204-A042-A945C2BAB845} - (no file)
BHO-{D868C9E0-7BAE-4B42-94A2-A0E37E30D1E0} - (no file)
BHO-{E47A633F-8359-4971-9166-10EF6E9AA907} - (no file)
HKLM-Run-BM2b76f54f - C:\WINDOWS\system32\vgsrayfn.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\utilisateur\Application Data\Mozilla\Firefox\Profiles\tieua13g.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-10 21:39:28
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-10 21:42:00
Avant-CF: 13,962,179,584 octets libres
Après-CF: 13,949,012,480 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
189 --- E O F --- 2008-05-16 12:38:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:31, on 10/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {036371A5-B1C3-44AD-B8C4-5EE36A1CB180} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2D7210C4-686D-4691-B370-7D5775EA9230} - (no file)
O2 - BHO: (no name) - {4E8126E1-FB11-4A3C-979D-7C72EABAB1E3} - (no file)
O2 - BHO: (no name) - {530dc8af-ff87-44e2-848e-1f9bf6a932a6} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {75B001FD-1270-4656-9D5F-882F9552F370} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9d5f27ea-4b24-4539-a49f-88f85ec89a0d} - (no file)
O2 - BHO: (no name) - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - (no file)
O2 - BHO: (no name) - {A26F0EEC-3FBB-4177-8791-CC23CC27223E} - (no file)
O2 - BHO: (no name) - {baca1d50-ccb3-4a19-bfdf-922e09490604} - (no file)
O2 - BHO: (no name) - {BBD0E43A-1DEE-4241-B140-53E5AD96B342} - (no file)
O2 - BHO: (no name) - {BCBA2385-F533-4E16-8D7F-F1B103F7D404} - (no file)
O2 - BHO: (no name) - {BF4C3097-35EB-41CC-BCA5-FE18554A8F4D} - (no file)
O2 - BHO: (no name) - {C8BEBA79-ED8B-4204-A042-A945C2BAB845} - (no file)
O2 - BHO: (no name) - {D868C9E0-7BAE-4B42-94A2-A0E37E30D1E0} - (no file)
O2 - BHO: (no name) - {E47A633F-8359-4971-9166-10EF6E9AA907} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [tempreg] regsvr32 /s "C:\Program Files\s300\s300_1202966199.dll"
O4 - HKLM\..\Run: [BM2b76f54f] Rundll32.exe "C:\WINDOWS\system32\vgsrayfn.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2113210220
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - AppInit_DLLs: uebogk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
--
End of file - 12339 bytes
Re,
Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !
Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )
Registry::
|
=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes
- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes
Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
* Poste un nouveau rapport hijackthis.
Sécurité / Prévention
Répondre à Egwene
Bonsoir !
Voila les nouveaux rapports :
ComboFix 08-10-14.03 - utilisateur 2008-10-15 0:28:58.3 - NTFSx86
Lancé depuis: C:\Documents and Settings\utilisateur\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\utilisateur\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
.
2008-10-14 01:52 . 2008-10-14 01:52 <REP> d-------- C:\Program Files\X'nBeep 1.1
2008-10-13 03:00 . 2008-10-13 03:03 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-12 20:42 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-12 20:42 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-10 20:58 . 2008-10-10 20:58 <REP> d-------- C:\ERDNT
2008-10-09 19:49 . 2008-10-09 19:49 <REP> d-------- C:\rsit
2008-10-08 12:11 . 2008-10-08 12:11 <REP> d-------- C:\Documents and Settings\utilisateur\Application Data\Malwarebytes
2008-10-08 12:11 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-08 12:10 . 2008-10-08 12:11 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-08 12:10 . 2008-10-08 12:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-08 12:10 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-07 13:09 . 2008-10-07 19:14 <REP> d-------- C:\Program Files\Navilog1
2008-10-07 04:00 . 2008-10-07 04:14 <REP> d-------- C:\Lop SD
2008-10-06 23:34 . 2008-10-06 23:35 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-06 18:33 . 2008-10-06 18:33 <REP> d-------- C:\Program Files\Trend Micro
2008-10-03 03:15 . 2008-10-03 03:20 <REP> d-------- C:\Program Files\SpywareBlaster
2008-10-03 03:12 . 2008-10-03 03:12 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-10-03 03:12 . 2008-10-03 03:12 <REP> d-------- C:\Program Files\Bluetack
2008-10-03 01:47 . 2008-10-03 01:47 <REP> d-------- C:\Program Files\Avira
2008-10-03 01:47 . 2008-10-03 01:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-02 23:36 . 2008-10-10 12:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-02 23:36 . 2008-10-02 23:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-02 03:12 . 2008-10-02 03:12 <REP> d-------- C:\Program Files\Power Tab Software
2008-09-16 06:27 . 2008-10-06 00:17 3,580 --a------ C:\WINDOWS\wininit.ini
2008-09-16 04:55 . 2008-10-06 23:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 17:52 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\REN163.tmp
2008-09-15 17:50 . 2008-09-15 17:50 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-09-15 17:14 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\RENB1.tmp
2008-09-15 17:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\REN9F.tmp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 07:06 --------- d-----w C:\Program Files\Steam
2008-10-10 19:39 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-08 01:35 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\OpenOffice.org2
2008-10-07 20:45 --------- d-----w C:\Program Files\World of Warcraft
2008-10-07 01:33 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\uTorrent
2008-10-05 23:36 --------- d-----w C:\Program Files\Mario Forever
2008-10-05 23:24 --------- d-----w C:\Program Files\Corel
2008-10-05 23:10 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-30 22:24 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-29 10:11 --------- d-----w C:\Program Files\MSN Messenger
2008-09-20 05:38 --------- d-----w C:\Program Files\uTorrent
2008-09-17 22:32 --------- d-----w C:\Program Files\Nvu
2008-09-17 22:30 --------- d-----w C:\Program Files\RiseofAtlantis_at
2008-09-17 22:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-17 22:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 00:49 --------- d-----w C:\Documents and Settings\utilisateur\Application Data\vlc
2008-09-16 04:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-09-15 15:52 --------- d-----w C:\Program Files\Java
2008-09-15 11:03 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-12 18:50 168 --sh--r C:\WINDOWS\system32\88DB2A202A.sys
2008-03-26 13:13 6,266 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-10-12_21.33.17,35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:49:32 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:34:33 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:34:38 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:34:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:34:56 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:35:48 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2008-07-07 20:18:27 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:28:20 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:24:11 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-05-07 04:55:47 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:11:24 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:59 1,294,336 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:13:24 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:37:01 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:37:01 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:47:22 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:47:22 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:44:02 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:44:02 247,808 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:29 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:29 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:29 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:26 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:29 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-06-24 16:30:27 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:44:02 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:52 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 11:19:06 18,296 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-14 17:59:52 272,768 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 12:58:06 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2008-03-01 12:58:06 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2008-03-01 12:58:06 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2008-03-01 12:58:06 133,120 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2008-03-01 12:58:06 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2008-02-29 08:56:41 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2008-03-01 12:58:06 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2008-03-01 12:58:06 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2008-03-01 12:58:07 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2008-03-01 12:58:07 384,512 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2008-03-01 12:58:08 6,066,176 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2008-03-01 12:58:08 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2008-03-01 12:58:08 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2008-02-29 08:57:05 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2008-03-01 12:58:08 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2008-03-01 12:58:08 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2008-03-01 12:58:08 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2008-03-01 16:28:10 3,591,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2008-03-01 12:58:09 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2008-03-01 12:58:10 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2008-03-01 12:58:10 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2008-03-01 12:58:10 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2008-03-01 12:58:10 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:34:38 216,800 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:48 394,976 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2008-03-01 12:58:10 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2008-03-01 12:58:10 1,159,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2008-03-01 12:58:11 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2008-03-01 12:58:11 826,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
- 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:28:17 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:28:17 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2004-08-05 12:00:00 138,496 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:06 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:28:17 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:28:17 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2005-07-26 04:39:58 243,200 ----a-w C:\WINDOWS\system32\dllcache\es.dll
+ 2008-07-07 20:31:48 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
- 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:28:17 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-06-23 16:28:17 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-02-29 08:56:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-06-23 09:21:30 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:28:18 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:28:18 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-06-23 16:28:18 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:28:18 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-06-23 16:28:19 6,066,176 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:28:19 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-06-23 16:28:20 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-02-29 08:57:05 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-06-23 09:21:49 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-21 06:17:24 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:51:06 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:28:20 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-05 12:00:00 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll
+ 2008-05-01 14:31:48 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll
- 2005-06-29 01:49:42 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2008-06-24 16:23:56 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
- 2004-08-05 12:00:00 294,400 ----a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 12:00:31 294,912 ----a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-06-23 16:28:20 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-06-23 16:28:20 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-24 08:28:24 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:28:22 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:28:22 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:28:22 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-05 14:00:00 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:06 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:28:22 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:28:22 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:32 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:15:36 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-06-23 16:28:22 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:28:23 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-06-23 16:28:23 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:28:23 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-20 05:35:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:06 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-05 12:00:00 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:28:17 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:28:17 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2005-07-26 04:39:58 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2008-07-07 20:31:48 253,952 ----a-w C:\WINDOWS\system32\es.dll
- 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:28:17 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-06-23 16:28:17 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:56:41 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:21:30 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:28:18 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:28:18 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 12:58:07 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-06-23 16:28:18 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 12:58:07 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:28:18 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-06-23 16:28:19 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:28:19 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-06-23 16:28:20 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-21 06:17:24 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:51:06 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:28:20 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2005-06-29 01:49:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2008-06-24 16:23:56 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2004-08-05 12:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 12:00:31 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-06-23 16:28:20 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-06-23 16:28:20 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 08:28:24 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 12:58:09 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:28:22 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:28:22 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:28:22 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-05 12:00:00 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
+ 2008-06-20 17:41:06 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
- 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:28:22 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:28:22 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-29 22:43:32 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:15:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
- 2006-10-16 14:10:58 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:28:22 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:28:23 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 12:58:11 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:28:23 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-03-01 12:58:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-06-23 16:28:23 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
- 2006-10-18 19:47:20 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
+ 2008-06-24 16:12:58 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
+ 2008-04-15 17:56:59 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-10-08 1410296]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"X'nBeep"="C:\Program Files\X'nBeep 1.1\XnBeep.exe" [2007-01-06 1067520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-16 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-16 688218]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-10-12 100056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SSC_UserPrompt"="c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 218240]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 81920]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"NB Probe"="C:\Program Files\ASUS\NB Probe\NBProbe.exe" [2004-12-08 765952]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-08-06 385024]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2004-11-03 94208]
"FLMOFFICE4DMOUSE"="C:\Program Files\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe" [2007-10-21 370176]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-08-06 356352]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-01-09 58984]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 344064]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 172032]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SoundMan"="SOUNDMAN.EXE" [2004-12-16 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe [2005-05-06 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-08-06 16:48 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2004-09-14 67456]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 44544]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 5824]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{036371A5-B1C3-44AD-B8C4-5EE36A1CB180} - (no file)
BHO-{2D7210C4-686D-4691-B370-7D5775EA9230} - (no file)
BHO-{4E8126E1-FB11-4A3C-979D-7C72EABAB1E3} - (no file)
BHO-{530dc8af-ff87-44e2-848e-1f9bf6a932a6} - (no file)
BHO-{75B001FD-1270-4656-9D5F-882F9552F370} - (no file)
BHO-{9d5f27ea-4b24-4539-a49f-88f85ec89a0d} - (no file)
BHO-{A26F0EEC-3FBB-4177-8791-CC23CC27223E} - (no file)
BHO-{baca1d50-ccb3-4a19-bfdf-922e09490604} - (no file)
BHO-{BBD0E43A-1DEE-4241-B140-53E5AD96B342} - (no file)
BHO-{BCBA2385-F533-4E16-8D7F-F1B103F7D404} - (no file)
BHO-{BF4C3097-35EB-41CC-BCA5-FE18554A8F4D} - (no file)
BHO-{C8BEBA79-ED8B-4204-A042-A945C2BAB845} - (no file)
BHO-{D868C9E0-7BAE-4B42-94A2-A0E37E30D1E0} - (no file)
BHO-{E47A633F-8359-4971-9166-10EF6E9AA907} - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 00:33:23
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-15 0:35:59
ComboFix-quarantined-files.txt 2008-10-14 22:35:23
ComboFix2.txt 2008-10-12 19:34:29
ComboFix3.txt 2008-10-10 19:42:03
Avant-CF: 13 499 587 072 octets libres
Après-CF: 13,490,051,072 octets libres
419 --- E O F --- 2008-10-13 01:04:05
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:00:30, on 15/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = "http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {036371A5-B1C3-44AD-B8C4-5EE36A1CB180} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2D7210C4-686D-4691-B370-7D5775EA9230} - (no file)
O2 - BHO: (no name) - {4E8126E1-FB11-4A3C-979D-7C72EABAB1E3} - (no file)
O2 - BHO: (no name) - {530dc8af-ff87-44e2-848e-1f9bf6a932a6} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {75B001FD-1270-4656-9D5F-882F9552F370} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9d5f27ea-4b24-4539-a49f-88f85ec89a0d} - (no file)
O2 - BHO: (no name) - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - (no file)
O2 - BHO: (no name) - {A26F0EEC-3FBB-4177-8791-CC23CC27223E} - (no file)
O2 - BHO: (no name) - {baca1d50-ccb3-4a19-bfdf-922e09490604} - (no file)
O2 - BHO: (no name) - {BBD0E43A-1DEE-4241-B140-53E5AD96B342} - (no file)
O2 - BHO: (no name) - {BCBA2385-F533-4E16-8D7F-F1B103F7D404} - (no file)
O2 - BHO: (no name) - {BF4C3097-35EB-41CC-BCA5-FE18554A8F4D} - (no file)
O2 - BHO: (no name) - {C8BEBA79-ED8B-4204-A042-A945C2BAB845} - (no file)
O2 - BHO: (no name) - {D868C9E0-7BAE-4B42-94A2-A0E37E30D1E0} - (no file)
O2 - BHO: (no name) - {E47A633F-8359-4971-9166-10EF6E9AA907} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [X'nBeep] C:\Program Files\X'nBeep 1.1\XnBeep.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2113210220
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
--
End of file - 12286 bytes
Bonjour,
~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://www.kaspersky.com/kos/eng/p [...] bscan.html
- Clique sur Accept
- Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
- clique une nouvelle fois sur "Accept"
- Les bases de mises à jour vont s'installer, patiente un moment
- Clique sur Next.
- Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera. Et poste-moi le rapport que tu obtiens.
Comment va le PC ? Toujours des problèmes ?
Sécurité / Prévention
Répondre à Egwene
Bonjour !
Désolé de ne pas avoir répondu plus tôt, j'ai été pas mal occupé ces derniers temps.
Mon PC va très bien, plus de problème non !
Voila donc le rapport de Kaspersky :
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, November 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, October 31, 2008 21:39:28
Records in database: 1365321
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 111713
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:26:22
File name / Threat name / Threats count
E:\Outils\Nav\Mirc\Setup.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
The selected area was scanned.
A bientôt !
Bonsoir,
Poste-moi un nouveau rapport HijackThis stp.
Sécurité / Prévention
Répondre à Egwene
Bonsoir / Bonjour !
Le nouveau rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:12:26, on 03/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = "http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {036371A5-B1C3-44AD-B8C4-5EE36A1CB180} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2D7210C4-686D-4691-B370-7D5775EA9230} - (no file)
O2 - BHO: (no name) - {4E8126E1-FB11-4A3C-979D-7C72EABAB1E3} - (no file)
O2 - BHO: (no name) - {530dc8af-ff87-44e2-848e-1f9bf6a932a6} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {75B001FD-1270-4656-9D5F-882F9552F370} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9d5f27ea-4b24-4539-a49f-88f85ec89a0d} - (no file)
O2 - BHO: (no name) - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - (no file)
O2 - BHO: (no name) - {A26F0EEC-3FBB-4177-8791-CC23CC27223E} - (no file)
O2 - BHO: (no name) - {baca1d50-ccb3-4a19-bfdf-922e09490604} - (no file)
O2 - BHO: (no name) - {BBD0E43A-1DEE-4241-B140-53E5AD96B342} - (no file)
O2 - BHO: (no name) - {BCBA2385-F533-4E16-8D7F-F1B103F7D404} - (no file)
O2 - BHO: (no name) - {BF4C3097-35EB-41CC-BCA5-FE18554A8F4D} - (no file)
O2 - BHO: (no name) - {C8BEBA79-ED8B-4204-A042-A945C2BAB845} - (no file)
O2 - BHO: (no name) - {D868C9E0-7BAE-4B42-94A2-A0E37E30D1E0} - (no file)
O2 - BHO: (no name) - {E47A633F-8359-4971-9166-10EF6E9AA907} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [X'nBeep] C:\Program Files\X'nBeep 1.1\XnBeep.exe
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 2113210220
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
--
End of file - 12476 bytes
