Tom's Guide > Forum > Sécurité - Virus > [Résolu]PB Zapchast (Trojan) : a.bat

[Résolu]PB Zapchast (Trojan) : a.bat

Forum Sécurité - Virus : [Résolu]PB Zapchast (Trojan) : a.bat

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
shiv   24-11-2008 à 13:30:58

Bonjour,

j'ai moi aussi le problème avec ce fichier a.bat... qui se recrée à chaque démarrage de windows.

Voici le rapport Hijackthis en mode normal :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:32, on 24/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
D:\Jeux\Steam\Steam.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\Explorer.EXE
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\winnt32.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 11142 bytes





Et le rapport Hijackthis effectué en mode sans échec :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21:06, on 24/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9119 bytes

Quelqu'un a une idée ? :)
Merci d'avance pour votre aide, bonne journée !


Message édité par shiv le 04-01-2009 à 21:41:30
Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Destrio5   24-11-2008 à 13:45:23
- 0 +

Salut,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparait à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).


Note : Les rapports sont sauvegardés dans le dossier C:\rsit

Répondre à Destrio5
shiv   24-11-2008 à 13:52:28
- 0 +

Salut,

voila info.txt :

info.txt logfile of random's system information tool 1.04 2008-11-24 13:50:16

======Uninstall list======

-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acronis Disk Director Suite 10 build 2160-->C:\Program Files\Acronis Disk Director Suite 10 build 2160\Uninstal.exe
Acronis Disk Director Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
Avira AntiVir Personal – Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Bink and Smacker-->C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
Counter-Strike-->"D:\Jeux\Steam\steam.exe" steam://uninstall/10
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
ESU for Microsoft Vista-->MsiExec.exe /I{AD3FDC40-BCF4-476D-A2D6-C4B154DD9DF5}
EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FileZilla Client 3.1.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly
Garry's Mod-->"D:\Jeux\Steam\steam.exe" steam://uninstall/4000
Giants-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97370293-96EC-11D4-9DEF-00104B70C5FB}\setup.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Imaging Device Functions 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart All-In-One Software 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Solution Center 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HP User Guides 0088-->MsiExec.exe /I{8347A7A5-4AB8-433F-82AA-496B0D189A9B}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Launchy 2.1.2-->"C:\Program Files\Launchy\unins000.exe"
Left 4 Dead-->"D:\Jeux\Steam\steam.exe" steam://uninstall/500
Ma-Config.com-->MsiExec.exe /X{DD987A54-122B-4CFD-A8C5-5577027A6B78}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /I{E87F5651-CE15-493F-AE99-3B670E25A54E}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
nLite 1.4.9.1-->"C:\Program Files\nLite\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
On2 VP7 Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PVK-->D:\Jeux\Counter-Strike 1.6 + Half-Life\pvk\uninstall.exe
Quake III Arena Point Release 1.32-->C:\Windows\unvise32.exe d:\jeux\q3\uninstal5.log
Quake III Arena-->C:\Windows\IsUninst.exe -fd:\jeux\q3\QIII.isu
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
Rocket Arena 3 1.76 (remove only)-->"D:\Jeux\Q3\arena\uninstall.exe"
Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Team Fortress 2-->"D:\Jeux\Steam\steam.exe" steam://uninstall/440
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
VistaBootPRO 3.3-->MsiExec.exe /I{6C9FA746-8759-4040-A436-42922CB3492E}
Warkeys 1.8.1.0b-->C:\Program Files\Warkeys\uninst.exe
WC3Banlist-->"C:\Program Files\WC3Banlist\unins000.exe"
Windows Live Bêta (tous les programmes)-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Bêta (tous les programmes)-->MsiExec.exe /I{9C4AB6FB-43CD-4ADF-8B59-6C52A6B74324}
Windows Live Call-->MsiExec.exe /I{868EC13B-52DA-43B9-8C05-50CD897674DF}
Windows Live Messenger-->MsiExec.exe /X{F72F8316-91E8-4C80-9E39-EBE933E1EDFB}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe

======Security center information======

AV: Avira AntiVir PersonalEdition
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Services en ligne
"USERPART"=F:
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------



et log.txt :

Logfile of random's system information tool 1.04 (written by random/random)
Run by Shiv at 2008-11-24 13:50:14
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 18 GB (34%) free of 54 GB
Total RAM: 3070 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:15, on 24/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
D:\Jeux\Steam\Steam.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\Explorer.EXE
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\winnt32.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Shiv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 11423 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUser.job
C:\Windows\tasks\User_Feed_Synchronization-{122E98E7-B0DB-4DBC-AEBA-1C3CCD2AAC49}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-05 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-05 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-09-12 182808]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-05 144792]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-02-12 262401]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-02-27 13515296]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-02-27 92704]
"Windows NT Service"=C:\Windows\system32\winnt32.exe [2008-01-19 1272320]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-09-08 3513344]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Steam"=d:\jeux\steam\steam.exe [2008-10-11 1410296]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"Google Update"=C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 133104]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
My_AutoWarkey_Script.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
Warkeys Update.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B:*:Enabled:Windows NT Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a94c31c0-7b58-11dd-a01b-001e685f61ec}]
shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a94c31da-7b58-11dd-a01b-001e685f61ec}]
shell\AutoRun\command - wd_windows_tools\WDSetup.exe


======List of files/folders created in the last 1 months======

2008-11-24 13:50:14 ----D---- C:\rsit
2008-11-24 13:18:18 ----D---- C:\Program Files\CCleaner
2008-11-24 13:12:36 ----D---- C:\Program Files\Trend Micro
2008-11-24 12:55:30 ----D---- C:\VundoFix Backups
2008-11-24 12:55:30 ----A---- C:\VundoFix.txt
2008-11-21 16:33:23 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-11-21 16:33:14 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-11-21 16:31:43 ----A---- C:\Windows\system32\paul.dll
2008-11-21 16:29:47 ----D---- C:\Users\Shiv\AppData\Roaming\Leadertech
2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvexpbar.dll
2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcpluir.dll
2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcplui.exe
2008-11-20 21:30:51 ----D---- C:\NVIDIA
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wups2.dll
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wucltux.dll
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-20 09:15:04 ----A---- C:\Windows\system32\wups.dll
2008-11-20 09:15:04 ----A---- C:\Windows\system32\wudriver.dll
2008-11-20 09:15:04 ----A---- C:\Windows\system32\wuapi.dll
2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuapp.exe
2008-11-11 22:57:19 ----A---- C:\Windows\system32\msxml3.dll
2008-11-11 22:57:09 ----A---- C:\Windows\system32\msxml6.dll
2008-11-10 15:15:05 ----A---- C:\Windows\system32\XMLConfig_SYSID.ini
2008-11-09 15:46:58 ----RHD---- C:\Users\Shiv\AppData\Roaming\SecuROM
2008-11-09 15:46:56 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAudio2_2.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\xactengine3_2.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\d3dx10_39.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2008-11-09 15:37:26 ----A---- C:\Windows\system32\D3DX9_39.dll
2008-11-09 15:36:51 ----A---- C:\Windows\system32\wrap_oal.dll
2008-11-09 15:36:51 ----A---- C:\Windows\system32\OpenAL32.dll
2008-11-09 15:21:27 ----D---- C:\Windows\system32\AGEIA
2008-11-09 15:21:26 ----D---- C:\Program Files\AGEIA Technologies
2008-11-09 15:21:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAudio2_3.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\xactengine3_3.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DX9_40.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\d3dx10_40.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2008-11-08 19:19:52 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-11-08 19:19:50 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-11-08 19:19:50 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-11-08 19:19:49 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-11-08 19:19:49 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-11-08 19:19:49 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-11-08 19:19:48 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-11-08 19:19:48 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-11-08 19:19:48 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-11-08 19:19:46 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-11-08 19:19:46 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-11-08 19:19:45 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-11-08 19:19:45 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-11-08 19:19:44 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-11-08 19:19:44 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-11-08 19:19:42 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-11-08 19:19:42 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-11-08 19:19:40 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-11-08 19:19:40 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-11-08 19:19:39 ----A---- C:\Windows\system32\xinput1_3.dll
2008-11-08 19:19:39 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-11-08 19:19:38 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-11-08 19:19:38 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-11-08 19:19:37 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-11-08 19:19:36 ----A---- C:\Windows\system32\d3dx10.dll
2008-11-08 19:19:35 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-11-08 19:19:35 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-11-08 19:19:35 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-11-08 19:19:34 ----A---- C:\Windows\system32\xinput1_2.dll
2008-11-08 19:19:34 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-11-08 19:19:34 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-11-08 19:19:33 ----A---- C:\Windows\system32\xinput1_1.dll
2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-11-08 19:19:26 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-11-08 19:19:24 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-11-08 19:19:22 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-11-08 11:22:40 ----D---- C:\Program Files\Lavalys
2008-11-08 10:24:29 ----D---- C:\ProgramData\ma-config.com
2008-11-08 10:24:29 ----D---- C:\Program Files\ma-config.com
2008-11-07 21:31:44 ----SH---- C:\boot.ini
2008-11-07 18:44:15 ----A---- C:\Windows\system32\AutoPartNt.exe
2008-11-07 18:43:34 ----D---- C:\ProgramData\Acronis
2008-11-07 18:28:42 ----D---- C:\Program Files\Acronis
2008-11-07 18:28:41 ----D---- C:\Program Files\Common Files\Acronis
2008-11-07 18:26:58 ----D---- C:\Program Files\Acronis Disk Director Suite 10 build 2160
2008-11-07 17:21:37 ----D---- C:\Program Files\OurToolbar
2008-11-07 14:24:24 ----D---- C:\Program Files\WinImage
2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCRTD.DLL
2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCP60D.DLL
2008-11-05 21:04:40 ----A---- C:\Windows\system32\WMAFile.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\TABCTFR.DLL
2008-11-05 21:04:39 ----A---- C:\Windows\system32\MSCMCFR.DLL
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudPlayer.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioVisu.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioRecord.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioInfos.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudFile.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDisplay.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDesign.dll
2008-11-05 21:04:38 ----D---- C:\Program Files\Free Audio Pack
2008-11-05 21:04:38 ----A---- C:\Windows\system32\msvcr70.dll
2008-11-05 21:04:38 ----A---- C:\Windows\system32\lame_enc.dll
2008-11-05 05:33:51 ----A---- C:\Windows\system32\EncDec.dll
2008-11-05 05:33:50 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-03 15:50:54 ----D---- C:\Intel
2008-11-03 15:50:49 ----D---- C:\Users\Shiv\AppData\Roaming\InstallShield
2008-11-03 15:44:23 ----D---- C:\Windows\Minidump
2008-10-29 08:35:08 ----A---- C:\Windows\system32\win32spl.dll
2008-10-29 08:35:08 ----A---- C:\Windows\system32\wersvc.dll
2008-10-29 08:35:08 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-27 17:45:30 ----D---- C:\Program Files\On2 Technologies
2008-10-27 17:45:30 ----A---- C:\Windows\system32\vp7vfw.dll
2008-10-25 13:31:41 ----D---- C:\Users\Shiv\AppData\Roaming\FrostWire
2008-10-25 13:31:36 ----D---- C:\Program Files\FrostWire

======List of files/folders modified in the last 1 months======

2008-11-24 13:50:15 ----D---- C:\Windows\Prefetch
2008-11-24 13:50:07 ----D---- C:\Windows\Temp
2008-11-24 13:37:19 ----D---- C:\Users\Shiv\AppData\Roaming\Skype
2008-11-24 13:36:55 ----SHD---- C:\System Volume Information
2008-11-24 13:29:11 ----D---- C:\Windows\System32
2008-11-24 13:29:10 ----D---- C:\Windows\inf
2008-11-24 13:29:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-24 13:24:59 ----D---- C:\Windows
2008-11-24 13:20:02 ----D---- C:\Windows\Debug
2008-11-24 13:18:18 ----RD---- C:\Program Files
2008-11-24 12:45:42 ----D---- C:\Users\Shiv\AppData\Roaming\skypePM
2008-11-24 12:43:32 ----HD---- C:\Config.Msi
2008-11-24 12:41:53 ----D---- C:\Users\Shiv\AppData\Roaming\uTorrent
2008-11-23 23:25:31 ----D---- C:\Program Files\Mozilla Firefox
2008-11-23 15:57:09 ----SHD---- C:\Windows\Installer
2008-11-23 15:56:25 ----D---- C:\ProgramData\Adobe
2008-11-23 15:56:18 ----D---- C:\Program Files\Common Files\Adobe
2008-11-23 15:56:17 ----D---- C:\Program Files\Adobe
2008-11-23 15:56:09 ----D---- C:\Windows\winsxs
2008-11-22 20:29:12 ----D---- C:\Users\Shiv\AppData\Roaming\Hamachi
2008-11-22 20:18:52 ----D---- C:\Users\Shiv\AppData\Roaming\teamspeak2
2008-11-22 15:10:15 ----D---- C:\Program Files\Common Files\Steam
2008-11-21 16:33:21 ----D---- C:\Windows\system32\drivers
2008-11-21 16:29:37 ----D---- C:\Windows\system32\LogFiles
2008-11-21 16:22:53 ----RSD---- C:\Windows\assembly
2008-11-20 23:20:58 ----D---- C:\ProgramData\NVIDIA
2008-11-20 23:20:33 ----HD---- C:\ProgramData
2008-11-20 23:17:02 ----D---- C:\Windows\system32\catroot
2008-11-20 23:17:01 ----D---- C:\Windows\system32\catroot2
2008-11-20 23:15:54 ----D---- C:\SWSETUP
2008-11-20 22:03:18 ----D---- C:\Windows\rescache
2008-11-20 21:42:41 ----D---- C:\Windows\Help
2008-11-20 21:28:13 ----D---- C:\Windows\system32\fr-FR
2008-11-20 10:09:29 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-19 22:14:17 ----D---- C:\Windows\Tasks
2008-11-17 21:40:59 ----D---- C:\Program Files\Full Tilt Poker
2008-11-12 18:16:27 ----SD---- C:\Users\Shiv\AppData\Roaming\Microsoft
2008-11-12 14:08:34 ----N---- C:\Windows\win.ini
2008-11-09 15:21:19 ----D---- C:\Program Files\Common Files
2008-11-07 19:08:09 ----D---- C:\Windows\Logs
2008-11-07 16:36:53 ----SD---- C:\ProgramData\Microsoft
2008-11-07 16:23:27 ----D---- C:\Program Files\nLite
2008-11-07 16:21:40 ----D---- C:\XPiso
2008-11-06 10:59:36 ----D---- C:\Program Files\Microsoft Office
2008-11-05 10:46:38 ----D---- C:\Windows\Microsoft.NET
2008-11-05 10:21:12 ----D---- C:\Windows\ehome
2008-11-04 01:10:25 ----A---- C:\Windows\system32\mrt.exe
2008-10-25 15:29:10 ----D---- C:\Users\Shiv\AppData\Roaming\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-03-04 79424]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-02-18 49472]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-10-11 25280]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-02-27 7602688]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 98816]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-17 983936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 asg1xfbp;asg1xfbp; C:\Windows\system32\drivers\asg1xfbp.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-11-02 15360]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-03-07 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-03-26 147201]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-09-12 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-02-27 49152]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-11-21 66872]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-11-22 104944]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-02 195752]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]

-----------------EOF-----------------

En espérant que ça aide !

Répondre à shiv
Destrio5   24-11-2008 à 14:02:22
- 0 +

  • Désactive l'UAC le temps de la désinfection.


  • Télécharge UsbFix (de Chiquitine29) sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Clique droit sur le raccourci UsbFix situé sur ton Bureau et choisis Exécuter en tant qu'administrateur.
  • Choisis l'option 1 (Nettoyage).
  • Le PC va redémarrer.
  • Après redémarrage, poste le rapport UsbFix.txt


Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

Répondre à Destrio5
shiv   24-11-2008 à 14:17:35
- 0 +

Voici le rapport :



-------------- UsbFix V2.413 ---------------

* User : Shiv - PC-DE-SHIV
* Outils mis a jours le 23/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 14:13:28 le 24/11/2008
* Windows Vista - Internet Explorer 7.0.6001.18000


--------------- [ Processus actifs ] ----------------


C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Shiv\AppData\Local\Temp\95D8.tmp\b2e.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\PresentationSettings.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
G: - Lecteur fixe
H: - Lecteur fixe
J: - Lecteur fixe
K: - Lecteur amovible

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

+- Listing des fichiers présents :

[27/11/2007 00:48][--a------] C:\autoexec.bat
[04/08/2004 12:00][-rahs----] C:\NTDETECT.COM
[07/11/2008 21:35][---hs----] C:\boot.ini
[24/11/2008 14:13][--a------] C:\UsbFix.txt
[24/11/2008 14:13][--a------] C:\VundoFix.txt
[18/09/2006 22:43][--a------] C:\config.sys
[18/09/2006 22:43][--a------] C:\hiberfil.sys
[18/09/2006 22:43][--a------] C:\IO.SYS
[18/09/2006 22:43][--a------] C:\MSDOS.SYS
[18/09/2006 22:43][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe

+- Listing des fichiers présents :


--------------- [ Lecteur E ] ----------------

E: - Lecteur fixe

+- Listing des fichiers présents :

[06/09/2008 12:19][---hs----] E:\Desktop.ini
[10/09/2002 17:14][---hs----] E:\Folder.htt

--------------- [ Lecteur G ] ----------------

G: - Lecteur fixe

+- Listing des fichiers présents :


--------------- [ Lecteur H ] ----------------

H: - Lecteur fixe

+- Listing des fichiers présents :

[07/11/2008 21:45][--ahs----] H:\pagefile.sys

--------------- [ Lecteur J ] ----------------

J: - Lecteur fixe

+- Listing des fichiers présents :


--------------- [ Lecteur K ] ----------------

K: - Lecteur amovible

+- Listing des fichiers présents :

[07/11/2008 21:43][--a------] K:\dotnetfx.exe
[07/11/2008 21:43][--a------] K:\VistaBootPRO_3.3.0.exe
[07/11/2008 21:43][--a------] K:\everest-ultimate_everest_ultimate_4.60_anglais_12281.exe
[07/11/2008 21:43][--a------] K:\sp33411(2).exe
[07/11/2008 21:43][--a------] K:\Sacred2-UK-2_10_0_0-2_12_0_0.exe

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ehTray.exe=C:\Windows\ehome\ehTray.exe
Steam="d:\jeux\steam\steam.exe" -silent
DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
Google Update="C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

SynTPStart=C:\Program Files\Synaptics\SynTP\SynTPStart.exe
SMSERIAL=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
RtHDVCpl=RtHDVCpl.exe
IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
QPService="C:\Program Files\HP\QuickPlay\QPService.exe"
QlbCtrl=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
OnScreenDisplay=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
HP Health Check Scheduler=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
hpWirelessAssistant=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
WAWifiMessage=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HP Software Update=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
AppleSyncNotifier=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Windows NT Service=winnt32.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a94c31c0-7b58-11dd-a01b-001e685f61ec}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a94c31da-7b58-11dd-a01b-001e685f61ec}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [20/09/2007 21:05][--a------] C:\Windows\system32\autorun.inf
Supprimé ! - [10/09/2002 17:14][---hs----] E:\Folder.htt

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

[27/11/2007 00:48][--a------] C:\autoexec.bat
[04/08/2004 12:00][-rahs----] C:\NTDETECT.COM
[07/11/2008 21:35][---hs----] C:\boot.ini
[06/09/2008 12:19][---hs----] E:\Desktop.ini
[07/11/2008 21:43][--a------] K:\dotnetfx.exe
[07/11/2008 21:43][--a------] K:\VistaBootPRO_3.3.0.exe
[07/11/2008 21:43][--a------] K:\everest-ultimate_everest_ultimate_4.60_anglais_12281.exe
[07/11/2008 21:43][--a------] K:\sp33411(2).exe
[07/11/2008 21:43][--a------] K:\Sacred2-UK-2_10_0_0-2_12_0_0.exe

--------------- ! Fin du rapport ! ----------------



Par contre suite au redémarrage, j'ai des processus qui n'ont pas démarrés automatiquement : antivir, skype, steam etc.. c'est normal ?

En tout cas, le fichier a.bat n'est plus présent, ça m'a tout l'air d'être réglé ! Et pas de pop up de mon antivirus.


Message édité par shiv le 24-11-2008 à 14:19:22
Répondre à shiv
Destrio5   24-11-2008 à 15:05:59
- 0 +

Citation :

Par contre suite au redémarrage, j'ai des processus qui n'ont pas démarrés automatiquement : antivir, skype, steam etc.. c'est normal ?


---> Si tu redémarres encore, je pense qu'ils reviendront.

  • Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) sur ton Bureau.
  • Clique droit sur SmitfraudFix.exe et choisis Exécuter en tant qu'administrateur.
  • Choisis l'option 1 puis Entrée.
  • Un rapport sera généré, poste-le dans ta prochaine réponse.


/!\ process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus./!\

** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix.

Répondre à Destrio5
Egwene   24-11-2008 à 16:18:18
- 0 +

Bonjour,

Poste pour suivre.

;)

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene
shiv   24-11-2008 à 18:43:17
- 0 +

Bon, j'ai du redemarrer mon pc, et apres ce reboot, j'ai eu une fois de plus mon antivirus qui s'affolait, toujours avec ce a.bat !

Voila le nouveau rapport :

SmitFraudFix v2.376

Scan done at 18:36:57,78, 24/11/2008
Run from C:\Users\Shiv\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
D:\Jeux\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\program files\avira\antivir personaledition classic\avconfig.exe
C:\Windows\system32\winnt32.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Shiv


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Shiv\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Shiv\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Shiv\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{201DADFC-C498-463F-A53D-7757B614A55E}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{36ABEDAD-47D5-42BE-A889-6FD9457E357A}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{201DADFC-C498-463F-A53D-7757B614A55E}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{36ABEDAD-47D5-42BE-A889-6FD9457E357A}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{201DADFC-C498-463F-A53D-7757B614A55E}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{36ABEDAD-47D5-42BE-A889-6FD9457E357A}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Sinon effectivement les processus sont revenus :)

Répondre à shiv
Destrio5   24-11-2008 à 20:02:48
- 0 +

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen complet.
  • Clique sur Rechercher.
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.


  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Répondre à Destrio5
shiv   24-11-2008 à 22:26:39
- 0 +

Voici le resultat ... :

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1419
Windows 6.0.6001 Service Pack 1

24/11/2008 22:23:19
mbam-log-2008-11-24 (22-23-19).txt

Type de recherche: Examen complet (C:\|D:\|E:\|G:\|H:\|)
Eléments examinés: 228695
Temps écoulé: 2 hour(s), 0 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)



Répondre à shiv
Destrio5   25-11-2008 à 00:52:28
- 0 +

a.bat est détecté à quel endroit ?

Répondre à Destrio5
shiv   25-11-2008 à 07:02:34
- 0 +

Dans C:\a.bat

Répondre à shiv
Destrio5   25-11-2008 à 13:41:55
- 0 +

  • Supprime le dossier RSIT situé dans C:\
  • Refais un scan RSIT et poste les deux rapports.

Répondre à Destrio5
shiv   25-11-2008 à 13:45:21
- 0 +

Tu penses qu'il vaudrait mieux que je reboot (a.bat va revenir) et que je lance RSIT avant que mon antivirus delete a.bat ??


Message édité par shiv le 25-11-2008 à 13:47:21
Répondre à shiv
shiv   25-11-2008 à 14:04:05
- 0 +

Donc j'ai reboot, a.bat est revenu, cette fois je ne l'ai pas delete avec antivir.

Voila log.txt :

Logfile of random's system information tool 1.04 (written by random/random)
Run by Shiv at 2008-11-25 13:59:48
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 18 GB (34%) free of 54 GB
Total RAM: 3070 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:59:56, on 25/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
D:\Jeux\Steam\Steam.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\winnt32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Users\Shiv\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Shiv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10925 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUser.job
C:\Windows\tasks\User_Feed_Synchronization-{122E98E7-B0DB-4DBC-AEBA-1C3CCD2AAC49}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-05 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-05 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-09-12 182808]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-05 144792]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-11-25 266497]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-02-27 13515296]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-02-27 92704]
"Windows NT Service"=C:\Windows\system32\winnt32.exe [2008-01-19 1272320]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-09-08 3513344]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Steam"=d:\jeux\steam\steam.exe [2008-10-11 1410296]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"Google Update"=C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 133104]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
My_AutoWarkey_Script.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
Warkeys Update.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†­uÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†­uÿÿÿÿc°B:*:Enabled:Windows NT Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-11-25 13:59:48 ----D---- C:\rsit
2008-11-25 13:59:28 ----A---- C:\a.bat
2008-11-24 20:15:39 ----D---- C:\Users\Shiv\AppData\Roaming\Malwarebytes
2008-11-24 20:15:35 ----D---- C:\ProgramData\Malwarebytes
2008-11-24 20:15:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-24 18:37:00 ----A---- C:\Windows\system32\tmp.txt
2008-11-24 18:36:57 ----A---- C:\rapport.txt
2008-11-24 18:36:45 ----A---- C:\Windows\system32\WS2Fix.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\VCCLSID.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\VACFix.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\swxcacls.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\swsc.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\swreg.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\SrchSTS.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\Process.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\o4Patch.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\IEDFix.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\IEDFix.C.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\dumphive.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\404Fix.exe
2008-11-24 14:13:28 ----A---- C:\UsbFix.txt
2008-11-24 14:07:57 ----D---- C:\Program Files\UsbFix
2008-11-24 13:18:18 ----D---- C:\Program Files\CCleaner
2008-11-24 13:12:36 ----D---- C:\Program Files\Trend Micro
2008-11-24 12:55:30 ----D---- C:\VundoFix Backups
2008-11-24 12:55:30 ----A---- C:\VundoFix.txt
2008-11-21 16:33:23 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-11-21 16:33:14 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-11-21 16:31:43 ----A---- C:\Windows\system32\paul.dll
2008-11-21 16:29:47 ----D---- C:\Users\Shiv\AppData\Roaming\Leadertech
2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvexpbar.dll
2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcpluir.dll
2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcplui.exe
2008-11-20 21:30:51 ----D---- C:\NVIDIA
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wups2.dll
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wucltux.dll
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-20 09:15:04 ----A---- C:\Windows\system32\wups.dll
2008-11-20 09:15:04 ----A---- C:\Windows\system32\wudriver.dll
2008-11-20 09:15:04 ----A---- C:\Windows\system32\wuapi.dll
2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuapp.exe
2008-11-11 22:57:19 ----A---- C:\Windows\system32\msxml3.dll
2008-11-11 22:57:09 ----A---- C:\Windows\system32\msxml6.dll
2008-11-10 15:15:05 ----A---- C:\Windows\system32\XMLConfig_SYSID.ini
2008-11-09 15:46:58 ----RHD---- C:\Users\Shiv\AppData\Roaming\SecuROM
2008-11-09 15:46:56 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAudio2_2.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\xactengine3_2.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\d3dx10_39.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2008-11-09 15:37:26 ----A---- C:\Windows\system32\D3DX9_39.dll
2008-11-09 15:36:51 ----A---- C:\Windows\system32\wrap_oal.dll
2008-11-09 15:36:51 ----A---- C:\Windows\system32\OpenAL32.dll
2008-11-09 15:21:27 ----D---- C:\Windows\system32\AGEIA
2008-11-09 15:21:26 ----D---- C:\Program Files\AGEIA Technologies
2008-11-09 15:21:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAudio2_3.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\xactengine3_3.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DX9_40.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\d3dx10_40.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2008-11-08 19:19:52 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-11-08 19:19:50 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-11-08 19:19:50 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-11-08 19:19:49 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-11-08 19:19:49 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-11-08 19:19:49 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-11-08 19:19:48 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-11-08 19:19:48 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-11-08 19:19:48 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-11-08 19:19:46 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-11-08 19:19:46 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-11-08 19:19:45 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-11-08 19:19:45 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-11-08 19:19:44 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-11-08 19:19:44 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-11-08 19:19:42 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-11-08 19:19:42 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-11-08 19:19:40 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-11-08 19:19:40 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-11-08 19:19:39 ----A---- C:\Windows\system32\xinput1_3.dll
2008-11-08 19:19:39 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-11-08 19:19:38 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-11-08 19:19:38 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-11-08 19:19:37 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-11-08 19:19:36 ----A---- C:\Windows\system32\d3dx10.dll
2008-11-08 19:19:35 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-11-08 19:19:35 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-11-08 19:19:35 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-11-08 19:19:34 ----A---- C:\Windows\system32\xinput1_2.dll
2008-11-08 19:19:34 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-11-08 19:19:34 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-11-08 19:19:33 ----A---- C:\Windows\system32\xinput1_1.dll
2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-11-08 19:19:26 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-11-08 19:19:24 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-11-08 19:19:22 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-11-08 11:22:40 ----D---- C:\Program Files\Lavalys
2008-11-08 10:24:29 ----D---- C:\ProgramData\ma-config.com
2008-11-08 10:24:29 ----D---- C:\Program Files\ma-config.com
2008-11-07 21:31:44 ----SH---- C:\boot.ini
2008-11-07 18:44:15 ----A---- C:\Windows\system32\AutoPartNt.exe
2008-11-07 18:43:34 ----D---- C:\ProgramData\Acronis
2008-11-07 18:28:42 ----D---- C:\Program Files\Acronis
2008-11-07 18:28:41 ----D---- C:\Program Files\Common Files\Acronis
2008-11-07 18:26:58 ----D---- C:\Program Files\Acronis Disk Director Suite 10 build 2160
2008-11-07 17:21:37 ----D---- C:\Program Files\OurToolbar
2008-11-07 14:24:24 ----D---- C:\Program Files\WinImage
2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCRTD.DLL
2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCP60D.DLL
2008-11-05 21:04:40 ----A---- C:\Windows\system32\WMAFile.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\TABCTFR.DLL
2008-11-05 21:04:39 ----A---- C:\Windows\system32\MSCMCFR.DLL
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudPlayer.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioVisu.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioRecord.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioInfos.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudFile.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDisplay.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDesign.dll
2008-11-05 21:04:38 ----D---- C:\Program Files\Free Audio Pack
2008-11-05 21:04:38 ----A---- C:\Windows\system32\msvcr70.dll
2008-11-05 21:04:38 ----A---- C:\Windows\system32\lame_enc.dll
2008-11-05 05:33:51 ----A---- C:\Windows\system32\EncDec.dll
2008-11-05 05:33:50 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-03 15:50:54 ----D---- C:\Intel
2008-11-03 15:50:49 ----D---- C:\Users\Shiv\AppData\Roaming\InstallShield
2008-11-03 15:44:23 ----D---- C:\Windows\Minidump
2008-10-29 08:35:08 ----A---- C:\Windows\system32\win32spl.dll
2008-10-29 08:35:08 ----A---- C:\Windows\system32\wersvc.dll
2008-10-29 08:35:08 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-27 17:45:30 ----D---- C:\Program Files\On2 Technologies
2008-10-27 17:45:30 ----A---- C:\Windows\system32\vp7vfw.dll

======List of files/folders modified in the last 1 months======

2008-11-25 13:59:56 ----D---- C:\Windows\Temp
2008-11-25 13:59:56 ----D---- C:\Windows\Prefetch
2008-11-25 13:55:53 ----D---- C:\Users\Shiv\AppData\Roaming\uTorrent
2008-11-25 13:55:44 ----D---- C:\Users\Shiv\AppData\Roaming\Skype
2008-11-25 11:44:33 ----D---- C:\Windows\System32
2008-11-25 11:44:33 ----D---- C:\Windows\inf
2008-11-25 11:44:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-25 08:24:07 ----SHD---- C:\System Volume Information
2008-11-25 08:05:06 ----D---- C:\Users\Shiv\AppData\Roaming\skypePM
2008-11-24 20:15:38 ----D---- C:\Windows\system32\drivers
2008-11-24 20:15:35 ----HD---- C:\ProgramData
2008-11-24 20:15:34 ----RD---- C:\Program Files
2008-11-24 15:40:46 ----D---- C:\Windows\system32\WDI
2008-11-24 14:05:42 ----D---- C:\Windows
2008-11-24 13:20:02 ----D---- C:\Windows\Debug
2008-11-24 12:43:32 ----HD---- C:\Config.Msi
2008-11-23 23:25:31 ----D---- C:\Program Files\Mozilla Firefox
2008-11-23 16:13:38 ----D---- C:\Users\Shiv\AppData\Roaming\FrostWire
2008-11-23 15:57:09 ----SHD---- C:\Windows\Installer
2008-11-23 15:56:25 ----D---- C:\ProgramData\Adobe
2008-11-23 15:56:18 ----D---- C:\Program Files\Common Files\Adobe
2008-11-23 15:56:17 ----D---- C:\Program Files\Adobe
2008-11-23 15:56:09 ----D---- C:\Windows\winsxs
2008-11-22 20:29:12 ----D---- C:\Users\Shiv\AppData\Roaming\Hamachi
2008-11-22 20:18:52 ----D---- C:\Users\Shiv\AppData\Roaming\teamspeak2
2008-11-22 15:10:15 ----D---- C:\Program Files\Common Files\Steam
2008-11-21 16:29:37 ----D---- C:\Windows\system32\LogFiles
2008-11-21 16:22:53 ----RSD---- C:\Windows\assembly
2008-11-20 23:20:58 ----D---- C:\ProgramData\NVIDIA
2008-11-20 23:17:02 ----D---- C:\Windows\system32\catroot
2008-11-20 23:17:01 ----D---- C:\Windows\system32\catroot2
2008-11-20 23:15:54 ----D---- C:\SWSETUP
2008-11-20 22:03:18 ----D---- C:\Windows\rescache
2008-11-20 21:42:41 ----D---- C:\Windows\Help
2008-11-20 21:28:13 ----D---- C:\Windows\system32\fr-FR
2008-11-20 10:09:29 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-19 22:14:17 ----D---- C:\Windows\Tasks
2008-11-17 21:40:59 ----D---- C:\Program Files\Full Tilt Poker
2008-11-12 18:16:27 ----SD---- C:\Users\Shiv\AppData\Roaming\Microsoft
2008-11-12 14:08:34 ----N---- C:\Windows\win.ini
2008-11-09 15:21:19 ----D---- C:\Program Files\Common Files
2008-11-07 19:08:09 ----D---- C:\Windows\Logs
2008-11-07 16:36:53 ----SD---- C:\ProgramData\Microsoft
2008-11-07 16:23:27 ----D---- C:\Program Files\nLite
2008-11-07 16:21:40 ----D---- C:\XPiso
2008-11-06 10:59:36 ----D---- C:\Program Files\Microsoft Office
2008-11-05 10:46:38 ----D---- C:\Windows\Microsoft.NET
2008-11-05 10:21:12 ----D---- C:\Windows\ehome
2008-11-04 01:10:25 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-11-25 52032]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-10-11 25280]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-02-27 7602688]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 98816]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-17 983936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 awoqp2cz;awoqp2cz; C:\Windows\system32\drivers\awoqp2cz.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-11-02 15360]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-25 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-25 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-09-12 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-02-27 49152]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-11-21 66872]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-11-22 104944]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-02 195752]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]

-----------------EOF-----------------





et info.txt :

info.txt logfile of random's system information tool 1.04 2008-11-25 13:59:59

======Uninstall list======

-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acronis Disk Director Suite 10 build 2160-->C:\Program Files\Acronis Disk Director Suite 10 build 2160\Uninstal.exe
Acronis Disk Director Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Bink and Smacker-->C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
Counter-Strike-->"D:\Jeux\Steam\steam.exe" steam://uninstall/10
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
ESU for Microsoft Vista-->MsiExec.exe /I{AD3FDC40-BCF4-476D-A2D6-C4B154DD9DF5}
EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FileZilla Client 3.1.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly
Garry's Mod-->"D:\Jeux\Steam\steam.exe" steam://uninstall/4000
Giants-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97370293-96EC-11D4-9DEF-00104B70C5FB}\setup.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Imaging Device Functions 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart All-In-One Software 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Solution Center 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HP User Guides 0088-->MsiExec.exe /I{8347A7A5-4AB8-433F-82AA-496B0D189A9B}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Launchy 2.1.2-->"C:\Program Files\Launchy\unins000.exe"
Left 4 Dead-->"D:\Jeux\Steam\steam.exe" steam://uninstall/500
Ma-Config.com-->MsiExec.exe /X{DD987A54-122B-4CFD-A8C5-5577027A6B78}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /I{E87F5651-CE15-493F-AE99-3B670E25A54E}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
nLite 1.4.9.1-->"C:\Program Files\nLite\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
On2 VP7 Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PVK-->D:\Jeux\Counter-Strike 1.6 + Half-Life\pvk\uninstall.exe
Quake III Arena Point Release 1.32-->C:\Windows\unvise32.exe d:\jeux\q3\uninstal5.log
Quake III Arena-->C:\Windows\IsUninst.exe -fd:\jeux\q3\QIII.isu
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
Rocket Arena 3 1.76 (remove only)-->"D:\Jeux\Q3\arena\uninstall.exe"
Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Team Fortress 2-->"D:\Jeux\Steam\steam.exe" steam://uninstall/440
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
UsbFix-->C:\Program Files\UsbFix\Uninstal.exe
VistaBootPRO 3.3-->MsiExec.exe /I{6C9FA746-8759-4040-A436-42922CB3492E}
Warkeys 1.8.1.0b-->C:\Program Files\Warkeys\uninst.exe
WC3Banlist-->"C:\Program Files\WC3Banlist\unins000.exe"
Windows Live Bêta (tous les programmes)-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Bêta (tous les programmes)-->MsiExec.exe /I{9C4AB6FB-43CD-4ADF-8B59-6C52A6B74324}
Windows Live Call-->MsiExec.exe /I{868EC13B-52DA-43B9-8C05-50CD897674DF}
Windows Live Messenger-->MsiExec.exe /X{F72F8316-91E8-4C80-9E39-EBE933E1EDFB}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe

======Security center information======

AV: Avira AntiVir PersonalEdition
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Services en ligne
"USERPART"=F:
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Voila tout.. en tout cas merci du temps que tu prends pour m'aider !

Répondre à shiv
Destrio5   25-11-2008 à 14:16:57
- 0 +

1/

 
  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Clique droit sur OTMoveIt3.exe et choisis Exécuter en tant qu'administrateur.
  • Copie (Ctrl+C) le texte suivant ci-dessous :


:processes
explorer.exe

 

:files
C:\Windows\system32\winnt32.exe
C:\a.bat
C:\rsit

 

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

 
  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.


---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

 
  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\

---> Le nom du rapport correspond au moment de sa création : date_heure.log

 


2/

 
  • Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar).
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).
 

3/

 
  • Refais un scan RSIT et poste les deux rapports.


Message édité par Destrio5 le 25-11-2008 à 14:17:32
Répondre à Destrio5
shiv   25-11-2008 à 14:40:39
- 0 +

Alors j'ai lancé OTMoveIt une premiere fois, mais apres quelques secondes il a planté.. j'ai attendu, puis je l'ai fermé et j'ai relancé explorer.exe pour pouvoir le relancer.

Cette fois ci tout s'est bien passé, voila le log :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Windows\system32\winnt32.exe not found.
File/Folder C:\a.bat not found.
C:\rsit moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Shiv\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\Shiv\AppData\Local\Temp\etilqs_3jBBC2iw3pK1IqB scheduled to be deleted on reboot.
File delete failed. C:\Users\Shiv\AppData\Local\Temp\etilqs_RL9aGy4O4EYR5hy scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\TMP0000005FDDC93F56F193C176 scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11252008_143221

Files moved on Reboot...
C:\Users\Shiv\AppData\Local\Temp\ehmsas.txt moved successfully.
File C:\Users\Shiv\AppData\Local\Temp\etilqs_3jBBC2iw3pK1IqB not found!
File C:\Users\Shiv\AppData\Local\Temp\etilqs_RL9aGy4O4EYR5hy not found!
File C:\Windows\temp\TMP0000005FDDC93F56F193C176 not found!



A savoir que suite a la 1ere execution (celle qui a planté), il m'a deplacé "winnt32.exe" dans le dossier : C:\_OTMoveIt\MovedFiles\11252008_142723\Windows\system32

EDIT : pas d'alerte pour a.bat suite au reboot demandé par OTMoveIt


Message édité par shiv le 25-11-2008 à 14:42:15
Répondre à shiv
Destrio5   25-11-2008 à 14:51:06
- 0 +

Bien, fais la suite ;)

Répondre à Destrio5
shiv   25-11-2008 à 16:05:17
- 0 +

Ah oui j'avais oublié tiens :p

CCleaner done.

Rapport RSIT :

Logfile of random's system information tool 1.04 (written by random/random)
Run by Shiv at 2008-11-25 16:04:36
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 16 GB (29%) free of 54 GB
Total RAM: 3070 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:04:40, on 25/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
D:\Jeux\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Launchy\Launchy.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Shiv\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Shiv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10956 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUser.job
C:\Windows\tasks\User_Feed_Synchronization-{122E98E7-B0DB-4DBC-AEBA-1C3CCD2AAC49}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-05 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-05 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-09-12 182808]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-05 144792]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-11-25 266497]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-02-27 13515296]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-02-27 92704]
"Windows NT Service"=winnt32.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-09-08 3513344]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Steam"=d:\jeux\steam\steam.exe [2008-10-11 1410296]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"Google Update"=C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 133104]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
My_AutoWarkey_Script.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
Warkeys Update.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†­uÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†­uÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$ŒÌw>†‚vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$ŒÌw>†‚vÿÿÿÿc°B:*:Enabled:Windows NT Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-11-25 16:04:36 ----D---- C:\rsit
2008-11-25 14:27:23 ----D---- C:\_OTMoveIt
2008-11-24 20:15:39 ----D---- C:\Users\Shiv\AppData\Roaming\Malwarebytes
2008-11-24 20:15:35 ----D---- C:\ProgramData\Malwarebytes
2008-11-24 20:15:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-24 18:37:00 ----A---- C:\Windows\system32\tmp.txt
2008-11-24 18:36:57 ----A---- C:\rapport.txt
2008-11-24 18:36:45 ----A---- C:\Windows\system32\WS2Fix.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\VCCLSID.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\VACFix.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\swxcacls.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\swsc.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\swreg.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\SrchSTS.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\Process.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\o4Patch.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\IEDFix.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\IEDFix.C.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\dumphive.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\404Fix.exe
2008-11-24 14:13:28 ----A---- C:\UsbFix.txt
2008-11-24 14:07:57 ----D---- C:\Program Files\UsbFix
2008-11-24 13:18:18 ----D---- C:\Program Files\CCleaner
2008-11-24 13:12:36 ----D---- C:\Program Files\Trend Micro
2008-11-24 12:55:30 ----D---- C:\VundoFix Backups
2008-11-24 12:55:30 ----A---- C:\VundoFix.txt
2008-11-21 16:33:23 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-11-21 16:33:14 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-11-21 16:31:43 ----A---- C:\Windows\system32\paul.dll
2008-11-21 16:29:47 ----D---- C:\Users\Shiv\AppData\Roaming\Leadertech
2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvexpbar.dll
2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcpluir.dll
2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcplui.exe
2008-11-20 21:30:51 ----D---- C:\NVIDIA
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wups2.dll
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wucltux.dll
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-20 09:15:04 ----A---- C:\Windows\system32\wups.dll
2008-11-20 09:15:04 ----A---- C:\Windows\system32\wudriver.dll
2008-11-20 09:15:04 ----A---- C:\Windows\system32\wuapi.dll
2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuapp.exe
2008-11-11 22:57:19 ----A---- C:\Windows\system32\msxml3.dll
2008-11-11 22:57:09 ----A---- C:\Windows\system32\msxml6.dll
2008-11-10 15:15:05 ----A---- C:\Windows\system32\XMLConfig_SYSID.ini
2008-11-09 15:46:58 ----RHD---- C:\Users\Shiv\AppData\Roaming\SecuROM
2008-11-09 15:46:56 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAudio2_2.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\xactengine3_2.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\d3dx10_39.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2008-11-09 15:37:26 ----A---- C:\Windows\system32\D3DX9_39.dll
2008-11-09 15:36:51 ----A---- C:\Windows\system32\wrap_oal.dll
2008-11-09 15:36:51 ----A---- C:\Windows\system32\OpenAL32.dll
2008-11-09 15:21:27 ----D---- C:\Windows\system32\AGEIA
2008-11-09 15:21:26 ----D---- C:\Program Files\AGEIA Technologies
2008-11-09 15:21:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAudio2_3.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\xactengine3_3.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DX9_40.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\d3dx10_40.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2008-11-08 19:19:52 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-11-08 19:19:50 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-11-08 19:19:50 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-11-08 19:19:49 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-11-08 19:19:49 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-11-08 19:19:49 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-11-08 19:19:48 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-11-08 19:19:48 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-11-08 19:19:48 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-11-08 19:19:46 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-11-08 19:19:46 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-11-08 19:19:45 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-11-08 19:19:45 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-11-08 19:19:44 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-11-08 19:19:44 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-11-08 19:19:42 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-11-08 19:19:42 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-11-08 19:19:40 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-11-08 19:19:40 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-11-08 19:19:39 ----A---- C:\Windows\system32\xinput1_3.dll
2008-11-08 19:19:39 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-11-08 19:19:38 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-11-08 19:19:38 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-11-08 19:19:37 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-11-08 19:19:36 ----A---- C:\Windows\system32\d3dx10.dll
2008-11-08 19:19:35 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-11-08 19:19:35 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-11-08 19:19:35 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-11-08 19:19:34 ----A---- C:\Windows\system32\xinput1_2.dll
2008-11-08 19:19:34 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-11-08 19:19:34 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-11-08 19:19:33 ----A---- C:\Windows\system32\xinput1_1.dll
2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-11-08 19:19:26 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-11-08 19:19:24 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-11-08 19:19:22 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-11-08 11:22:40 ----D---- C:\Program Files\Lavalys
2008-11-08 10:24:29 ----D---- C:\ProgramData\ma-config.com
2008-11-08 10:24:29 ----D---- C:\Program Files\ma-config.com
2008-11-07 21:31:44 ----SH---- C:\boot.ini
2008-11-07 18:44:15 ----A---- C:\Windows\system32\AutoPartNt.exe
2008-11-07 18:43:34 ----D---- C:\ProgramData\Acronis
2008-11-07 18:28:42 ----D---- C:\Program Files\Acronis
2008-11-07 18:28:41 ----D---- C:\Program Files\Common Files\Acronis
2008-11-07 18:26:58 ----D---- C:\Program Files\Acronis Disk Director Suite 10 build 2160
2008-11-07 17:21:37 ----D---- C:\Program Files\OurToolbar
2008-11-07 14:24:24 ----D---- C:\Program Files\WinImage
2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCRTD.DLL
2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCP60D.DLL
2008-11-05 21:04:40 ----A---- C:\Windows\system32\WMAFile.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\TABCTFR.DLL
2008-11-05 21:04:39 ----A---- C:\Windows\system32\MSCMCFR.DLL
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudPlayer.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioVisu.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioRecord.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioInfos.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudFile.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDisplay.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDesign.dll
2008-11-05 21:04:38 ----D---- C:\Program Files\Free Audio Pack
2008-11-05 21:04:38 ----A---- C:\Windows\system32\msvcr70.dll
2008-11-05 21:04:38 ----A---- C:\Windows\system32\lame_enc.dll
2008-11-05 05:33:51 ----A---- C:\Windows\system32\EncDec.dll
2008-11-05 05:33:50 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-03 15:50:54 ----D---- C:\Intel
2008-11-03 15:50:49 ----D---- C:\Users\Shiv\AppData\Roaming\InstallShield
2008-11-03 15:44:23 ----D---- C:\Windows\Minidump
2008-10-29 08:35:08 ----A---- C:\Windows\system32\win32spl.dll
2008-10-29 08:35:08 ----A---- C:\Windows\system32\wersvc.dll
2008-10-29 08:35:08 ----A---- C:\Windows\system32\Faultrep.dll
2008-10-27 17:45:30 ----D---- C:\Program Files\On2 Technologies
2008-10-27 17:45:30 ----A---- C:\Windows\system32\vp7vfw.dll

======List of files/folders modified in the last 1 months======

2008-11-25 16:04:36 ----D---- C:\Windows\Temp
2008-11-25 16:04:12 ----D---- C:\Users\Shiv\AppData\Roaming\uTorrent
2008-11-25 16:02:57 ----D---- C:\Users\Shiv\AppData\Roaming\Skype
2008-11-25 16:01:31 ----D---- C:\Windows\Prefetch
2008-11-25 16:01:31 ----D---- C:\Windows
2008-11-25 14:40:22 ----D---- C:\Windows\System32
2008-11-25 14:40:22 ----D---- C:\Windows\inf
2008-11-25 14:40:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-25 14:00:06 ----D---- C:\Users\Shiv\AppData\Roaming\skypePM
2008-11-25 08:24:07 ----SHD---- C:\System Volume Information
2008-11-24 20:15:38 ----D---- C:\Windows\system32\drivers
2008-11-24 20:15:35 ----HD---- C:\ProgramData
2008-11-24 20:15:34 ----RD---- C:\Program Files
2008-11-24 15:40:46 ----D---- C:\Windows\system32\WDI
2008-11-24 13:20:02 ----D---- C:\Windows\Debug
2008-11-24 12:43:32 ----HD---- C:\Config.Msi
2008-11-23 23:25:31 ----D---- C:\Program Files\Mozilla Firefox
2008-11-23 16:13:38 ----D---- C:\Users\Shiv\AppData\Roaming\FrostWire
2008-11-23 15:57:09 ----SHD---- C:\Windows\Installer
2008-11-23 15:56:25 ----D---- C:\ProgramData\Adobe
2008-11-23 15:56:18 ----D---- C:\Program Files\Common Files\Adobe
2008-11-23 15:56:17 ----D---- C:\Program Files\Adobe
2008-11-23 15:56:09 ----D---- C:\Windows\winsxs
2008-11-22 20:29:12 ----D---- C:\Users\Shiv\AppData\Roaming\Hamachi
2008-11-22 20:18:52 ----D---- C:\Users\Shiv\AppData\Roaming\teamspeak2
2008-11-22 15:10:15 ----D---- C:\Program Files\Common Files\Steam
2008-11-21 16:29:37 ----D---- C:\Windows\system32\LogFiles
2008-11-21 16:22:53 ----RSD---- C:\Windows\assembly
2008-11-20 23:20:58 ----D---- C:\ProgramData\NVIDIA
2008-11-20 23:17:02 ----D---- C:\Windows\system32\catroot
2008-11-20 23:17:01 ----D---- C:\Windows\system32\catroot2
2008-11-20 23:15:54 ----D---- C:\SWSETUP
2008-11-20 22:03:18 ----D---- C:\Windows\rescache
2008-11-20 21:42:41 ----D---- C:\Windows\Help
2008-11-20 21:28:13 ----D---- C:\Windows\system32\fr-FR
2008-11-20 10:09:29 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-19 22:14:17 ----D---- C:\Windows\Tasks
2008-11-17 21:40:59 ----D---- C:\Program Files\Full Tilt Poker
2008-11-12 18:16:27 ----SD---- C:\Users\Shiv\AppData\Roaming\Microsoft
2008-11-12 14:08:34 ----N---- C:\Windows\win.ini
2008-11-09 15:21:19 ----D---- C:\Program Files\Common Files
2008-11-07 19:08:09 ----D---- C:\Windows\Logs
2008-11-07 16:36:53 ----SD---- C:\ProgramData\Microsoft
2008-11-07 16:23:27 ----D---- C:\Program Files\nLite
2008-11-07 16:21:40 ----D---- C:\XPiso
2008-11-06 10:59:36 ----D---- C:\Program Files\Microsoft Office
2008-11-05 10:46:38 ----D---- C:\Windows\Microsoft.NET
2008-11-05 10:21:12 ----D---- C:\Windows\ehome
2008-11-04 01:10:25 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-11-25 52032]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-10-11 25280]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-02-27 7602688]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 98816]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-17 983936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 asp7icqx;asp7icqx; C:\Windows\system32\drivers\asp7icqx.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-11-02 15360]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-25 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-25 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-09-12 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-02-27 49152]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-11-21 66872]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-11-22 104944]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-02 195752]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]

-----------------EOF-----------------

Répondre à shiv
shiv   25-11-2008 à 16:09:09
- 0 +

et voila le info.txt, je l'avais oublié... décidement..

info.txt logfile of random's system information tool 1.04 2008-11-25 16:04:43

======Uninstall list======

-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acronis Disk Director Suite 10 build 2160-->C:\Program Files\Acronis Disk Director Suite 10 build 2160\Uninstal.exe
Acronis Disk Director Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Bink and Smacker-->C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
Counter-Strike-->"D:\Jeux\Steam\steam.exe" steam://uninstall/10
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
ESU for Microsoft Vista-->MsiExec.exe /I{AD3FDC40-BCF4-476D-A2D6-C4B154DD9DF5}
EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FileZilla Client 3.1.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly
Garry's Mod-->"D:\Jeux\Steam\steam.exe" steam://uninstall/4000
Giants-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97370293-96EC-11D4-9DEF-00104B70C5FB}\setup.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Imaging Device Functions 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart All-In-One Software 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Solution Center 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HP User Guides 0088-->MsiExec.exe /I{8347A7A5-4AB8-433F-82AA-496B0D189A9B}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Launchy 2.1.2-->"C:\Program Files\Launchy\unins000.exe"
Left 4 Dead-->"D:\Jeux\Steam\steam.exe" steam://uninstall/500
Ma-Config.com-->MsiExec.exe /X{DD987A54-122B-4CFD-A8C5-5577027A6B78}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /I{E87F5651-CE15-493F-AE99-3B670E25A54E}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
nLite 1.4.9.1-->"C:\Program Files\nLite\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
On2 VP7 Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PVK-->D:\Jeux\Counter-Strike 1.6 + Half-Life\pvk\uninstall.exe
Quake III Arena Point Release 1.32-->C:\Windows\unvise32.exe d:\jeux\q3\uninstal5.log
Quake III Arena-->C:\Windows\IsUninst.exe -fd:\jeux\q3\QIII.isu
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
Rocket Arena 3 1.76 (remove only)-->"D:\Jeux\Q3\arena\uninstall.exe"
Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Team Fortress 2-->"D:\Jeux\Steam\steam.exe" steam://uninstall/440
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
UsbFix-->C:\Program Files\UsbFix\Uninstal.exe
VistaBootPRO 3.3-->MsiExec.exe /I{6C9FA746-8759-4040-A436-42922CB3492E}
Warkeys 1.8.1.0b-->C:\Program Files\Warkeys\uninst.exe
WC3Banlist-->"C:\Program Files\WC3Banlist\unins000.exe"
Windows Live Bêta (tous les programmes)-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Bêta (tous les programmes)-->MsiExec.exe /I{9C4AB6FB-43CD-4ADF-8B59-6C52A6B74324}
Windows Live Call-->MsiExec.exe /I{868EC13B-52DA-43B9-8C05-50CD897674DF}
Windows Live Messenger-->MsiExec.exe /X{F72F8316-91E8-4C80-9E39-EBE933E1EDFB}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe

======Security center information======

AV: Avira AntiVir PersonalEdition
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Services en ligne
"USERPART"=F:
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Répondre à shiv
Destrio5   25-11-2008 à 17:05:41
- 0 +

J'ai remarqué quelque chose que je n'ai jamais vu avant.

J'ai demandé conseil à un collègue ;)

Répondre à Destrio5
shiv   28-11-2008 à 17:12:02
- 0 +

Pas de nouvelles? :(

Répondre à shiv
Destrio5   28-11-2008 à 17:31:38
- 0 +

Toujours le même problème ?

Répondre à Destrio5
shiv   28-11-2008 à 21:59:20
- 0 +

Ecoute je viens de reboot mon pc, et effectivement le trojan a disparu, mais en fait c'était ton dernier message qui m'avait laissé un petit peu inquiet :p

En tout cas merci de ton efficacité et de ton temps ;)

Répondre à shiv
Destrio5   28-11-2008 à 22:13:15
- 0 +

Oui mais ça va en fait ;)

- Fais un scan en ligne ici : http://webscanner.kaspersky.fr/ (Avec Internet Explorer)

- En bas à droite, clique sur Démarrer Online-scanner.

- Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte.

- Accepte les Contrôles ActiveX.

- Choisis Poste de travail pour le scan.

- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport.

- Pour t'aider à utiliser le scan en ligne : Tutoriel

Note : Si tu reçois le message La licence de Kaspersky On-line Scanner est périmée, va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.

- Lis ceci en cas de problème d'installation du Contrôle ActiveX : Tutoriel

Répondre à Destrio5
shiv   29-11-2008 à 15:34:11
- 0 +

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, November 29, 2008 3:25:47 PM
Système d'exploitation : Home Edition, Service Pack 1 (Build 6001)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 29/11/2008
Enregistrements dans la base antivirus Kaspersky : 1277613
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Statistiques de l'analyse:
Total d'objets analysés: 582507
Nombre de virus trouvés: 1
Nombre d'objets infectés: 1 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 03:51:48

Nom de l'objet infecté / Nom du virus / Dernière action
C:\boot\bcd L'objet est verrouillé ignoré
C:\boot\BCD.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ehmsas.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_dWZZGMerc9fR5zm L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_fwfdSFkvgZAa4aH L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_PxKFE5HmWih8t7k L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF14AE.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_0 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_1 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_2 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_3 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\index L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\ContactsLog.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\MsnMsgr.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG1 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG2 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ehmsas.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_dWZZGMerc9fR5zm L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_fwfdSFkvgZAa4aH L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_PxKFE5HmWih8t7k L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF14AE.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Archived History L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_0 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_1 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_2 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_3 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\index L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Current Session L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Visited Links L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112820081129\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112920081130\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\ContactsLog.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\MsnMsgr.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG1 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG2 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ehmsas.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_dWZZGMerc9fR5zm L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_fwfdSFkvgZAa4aH L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_PxKFE5HmWih8t7k L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF14AE.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Archived History L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_0 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_1 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_2 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_3 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\index L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Current Session L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Visited Links L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112820081129\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112920081130\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\ContactsLog.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\MsnMsgr.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012008112820081129\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012008112920081130\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG1 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG2 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{59f26d2d-f378-11db-be55-001e685f61ec}.TM.blf L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\FileTracker\{AC1414B2-7E65-4F95-8D40-4C8FFD8C9841} L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ehmsas.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_dWZZGMerc9fR5zm L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_fwfdSFkvgZAa4aH L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_PxKFE5HmWih8t7k L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF14AE.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Archived History L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_0 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_1 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_2 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_3 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\index L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Current Session L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Visited Links L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112820081129\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112920081130\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\ContactsLog.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\MsnMsgr.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012008112820081129\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012008112920081130\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG1 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG2 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{59f26d2d-f378-11db-be55-001e685f61ec}.TM.blf L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\FileTracker\{AC1414B2-7E65-4F95-8D40-4C8FFD8C9841} L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live Contacts\{133c0bc0-c360-455b-bfeb-9581db0c0342}\DBStore\contacts.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live Contacts\{133c0bc0-c360-455b-bfeb-9581db0c0342}\DBStore\LogFiles\edb.log L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live Contacts\{133c0bc0-c360-455b-bfeb-9581db0c0342}\DBStore\tempedb.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ehmsas.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_dWZZGMerc9fR5zm L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_fwfdSFkvgZAa4aH L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_PxKFE5HmWih8t7k L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF14AE.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Archived History L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_0 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_1 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_2 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_3 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\index L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Current Session L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Visited Links L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112820081129\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112920081130\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\ContactsLog.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\MsnMsgr.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012008112820081129\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012008112920081130\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG1 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG2 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{59f26d2d-f378-11db-be55-001e685f61ec}.TM.blf L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{59f26d2d-f378-11db-be55-001e685f61ec}.TMContainer00000000000000000001.regtrans-ms L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{59f26d2d-f378-11db-be55-001e685f61ec}.TMContainer00000000000000000002.regtrans-ms L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\FileTracker\{AC1414B2-7E65-4F95-8D40-4C8FFD8C9841} L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live Contacts\{133c0bc0-c360-455b-bfeb-9581db0c0342}\DBStore\contacts.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live Contacts\{133c0bc0-c360-455b-bfeb-9581db0c0342}\DBStore\LogFiles\edb.log L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live Contacts\{133c0bc0-c360-455b-bfeb-9581db0c0342}\DBStore\LogFiles\edbtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live Contacts\{133c0bc0-c360-455b-bfeb-9581db0c0342}\DBStore\tempedb.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ehmsas.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_dWZZGMerc9fR5zm L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_fwfdSFkvgZAa4aH L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_PxKFE5HmWih8t7k L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF14AE.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Archived History L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_0 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_1 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_2 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_3 L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\index L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Current Session L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History L'objet est verrouillé ignoré
C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Hist

Répondre à shiv
Destrio5   29-11-2008 à 16:25:06
- 0 +

Le rapport n'est pas complet, upload-le sur Mediafire.

---> Uploader un fichier sur Mediafire :

  • Rends-toi sur ce lien : http://www.mediafire.com/
  • Clique en haut sur Upload files To Media fire. Choisis ensuite I want to upload without an account.
  • Une fenêtre de ton explorateur windows va s'ouvrir. Navigue jusqu'au rapport que je te demande d'uploader, sélectionne-le puis clique sur ouvrir.
  • Clique ensuite sur Upload.
  • A droite de l'écran, choisis : upload to a new folder. Laisse le nom par défaut (= la date).
  • Valide et laisse l'upload se faire.
  • Clique sur View uploaded file et copie-moi l'url (= le lien) du nouvel onglet ou de la nouvelle fenêtre qui va s'ouvrir dans ton prochain message. Ainsi, je pourrais télécharger le rapport demandé.

Répondre à Destrio5
shiv   29-11-2008 à 20:49:13
- 0 +

Tiens, d'ailleurs je viens de faire un scan Antivir :

detection de : EXP/ASF.GetCodec.Gen, j'ai mis en quarantaine.

Besoin d'un nouveau rapport ?

Répondre à shiv
Destrio5   30-11-2008 à 01:34:35
- 0 +

As-tu le rapport d'Antivir ?

Répondre à Destrio5
shiv   30-11-2008 à 10:09:43
- 0 +



Avira AntiVir Personal
Report file date: samedi 29 novembre 2008 20:01

Scanning for 1059552 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-SHIV

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 12:51:39
AVSCAN.DLL : 8.1.4.0 40705 Bytes 25/11/2008 12:51:39
LUKE.DLL : 8.1.4.5 164097 Bytes 25/11/2008 12:51:40
LUKERES.DLL : 8.1.4.0 12033 Bytes 25/11/2008 12:51:40
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:03:42
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 11:50:53
ANTIVIR2.VDF : 7.1.0.124 376832 Bytes 23/11/2008 11:47:05
ANTIVIR3.VDF : 7.1.0.158 206336 Bytes 29/11/2008 18:58:36
Engineversion : 8.2.0.36
AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 11:01:15
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 12/11/2008 11:47:28
AESCN.DLL : 8.1.1.5 123251 Bytes 08/11/2008 11:47:52
AERDL.DLL : 8.1.1.3 438645 Bytes 07/11/2008 11:47:43
AEPACK.DLL : 8.1.3.4 393591 Bytes 12/11/2008 11:47:27
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 08/11/2008 11:47:51
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 08/11/2008 11:47:50
AEHELP.DLL : 8.1.2.0 119159 Bytes 19/11/2008 11:47:16
AEGEN.DLL : 8.1.1.6 323955 Bytes 29/11/2008 18:58:38
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 11:01:07
AECORE.DLL : 8.1.5.2 172405 Bytes 29/11/2008 18:58:37
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 11:01:05
AVWINLL.DLL : 1.0.0.12 15105 Bytes 25/11/2008 12:51:39
AVPREF.DLL : 8.0.2.0 38657 Bytes 25/11/2008 12:51:39
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 15:54:28
AVREG.DLL : 8.0.0.1 33537 Bytes 25/11/2008 12:51:39
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 25/11/2008 12:51:39
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 25/11/2008 12:51:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 25/11/2008 12:51:36
RCTEXT.DLL : 8.0.52.0 86273 Bytes 25/11/2008 12:51:36

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, G:, H:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 29 novembre 2008 20:01

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SteamService.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'chrome.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'Launchy.exe' - '1' Module(s) have been scanned
Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'HPKBDAPP.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'QPService.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPStart.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'QPSched.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'QPCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
81 processes with 81 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '51' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DATA>
D:\pagefile.sys
[WARNING] The file could not be opened!
D:\Downloads\FrostWire\DJ STEELO - Chamillionaire feat Lil Wayne - Rock Star.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49519cc3.qua'!
D:\Downloads\Incomplete\T-3545425-too tough.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49649cac.qua'!
D:\Mes Drivers\Vista\Vista_R208.exe
[0] Archive type: CAB SFX (self extracting)
--> \data1.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Mes Drivers\XP\WDM_R208.exe
[0] Archive type: CAB SFX (self extracting)
--> \data1.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'E:\' <HP_RECOVERY>
Begin scan in 'G:\' <DATA2>
Begin scan in 'H:\' <XP>


End of the scan: samedi 29 novembre 2008 21:10
Used time: 1:08:45 Hour(s)

The scan has been done completely.

24499 Scanning directories
837964 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
837958 Files not concerned
11187 Archives were scanned
6 Warnings
2 Notes

Répondre à shiv
Destrio5   30-11-2008 à 16:20:18
- 0 +

1/

 

- FrostWire 4.17.0

 

Je te conseille de désinstaller et de supprimer tous tes logiciels de P2P : 50% de ce que tu télécharges via P2P est piégé. Le P2P est le premier vecteur d'infection de nos jours.
Plus d'informations disponibles en cliquant sur le lien suivant : Cracks / P2P

 
  • Désinstalle les programmes suivants :

- Java 6 Update 2
- Java 6 Update 7
- UsbFix

 


2/

 
  • Clique droit sur HijackThis et choisis Exécuter en tant qu'administrateur.
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :


O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

 

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

 

O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe

 

O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe

 
  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Redémarre ton PC.
 

3/

 
  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :


:processes
explorer.exe

 

:services
asp7icqx

 

:files
C:\rsit
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.daT
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat

 

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

 
  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.


---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

 
  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\

---> Le nom du rapport correspond au moment de sa création : date_heure.log

 


4/

 
  • Mets à jour Adobe Reader.
  • Refais un scan RSIT et poste les deux rapports.


Message édité par Destrio5 le 30-11-2008 à 16:20:37
Répondre à Destrio5
shiv   30-11-2008 à 17:20:40
- 0 +

Rapport OTmoveIt :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service asp7icqx .
========== FILES ==========
C:\rsit moved successfully.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\0ok1UVewRp5JJjUYEOO2FgRz8MkQ= scheduled to be deleted on reboot.
File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\cFtL9FRVS5VNc3uNud4CT34uRJE= scheduled to be deleted on reboot.
File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\G2Fj668G+UyXbjBM5eFc8On6ugI= scheduled to be deleted on reboot.
File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\GkyIAaYy0a4mXkH6yWpWcUMGvwM= scheduled to be deleted on reboot.
File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\GwFkDYiVRPWiG1B2FSiuPubD0hWU= scheduled to be deleted on reboot.
File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\j1UFn8foswAgknjsdwsVfW61jPA= scheduled to be deleted on reboot.
File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\mT8oRtcFIwLRhvMpqs7wQ2Xlm5Y= scheduled to be deleted on reboot.
File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\op0R4pACNAP9g5e4wr4aXqZ2FZhQ= scheduled to be deleted on reboot.
File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\pqd2g3pXDIE1nan2FfJzXafF1xdE= scheduled to be deleted on reboot.
File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\qlqaEf7OwViJYYq7mmzW5XjLOIg= scheduled to be deleted on reboot.
File delete failed. C:\Users\Shiv\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\Shiv\AppData\Local\Temp\etilqs_acuXOa9QdzQRHli scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_171034

Files moved on Reboot...
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully.
File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
File C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
File C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
File C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
File C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
File C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat not found!
File C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat not found!
C:\Users\Shiv\AppData\Local\Temp\MessengerCache\0ok1UVewRp5JJjUYEOO2FgRz8MkQ= moved successfully.
C:\Users\Shiv\AppData\Local\Temp\MessengerCache\cFtL9FRVS5VNc3uNud4CT34uRJE= moved successfully.
C:\Users\Shiv\AppData\Local\Temp\MessengerCache\G2Fj668G+UyXbjBM5eFc8On6ugI= moved successfully.
C:\Users\Shiv\AppData\Local\Temp\MessengerCache\GkyIAaYy0a4mXkH6yWpWcUMGvwM= moved successfully.
C:\Users\Shiv\AppData\Local\Temp\MessengerCache\GwFkDYiVRPWiG1B2FSiuPubD0hWU= moved successfully.
C:\Users\Shiv\AppData\Local\Temp\MessengerCache\j1UFn8foswAgknjsdwsVfW61jPA= moved successfully.
C:\Users\Shiv\AppData\Local\Temp\MessengerCache\mT8oRtcFIwLRhvMpqs7wQ2Xlm5Y= moved successfully.
C:\Users\Shiv\AppData\Local\Temp\MessengerCache\op0R4pACNAP9g5e4wr4aXqZ2FZhQ= moved successfully.
C:\Users\Shiv\AppData\Local\Temp\MessengerCache\pqd2g3pXDIE1nan2FfJzXafF1xdE= moved successfully.
C:\Users\Shiv\AppData\Local\Temp\MessengerCache\qlqaEf7OwViJYYq7mmzW5XjLOIg= moved successfully.
C:\Users\Shiv\AppData\Local\Temp\ehmsas.txt moved successfully.
File C:\Users\Shiv\AppData\Local\Temp\etilqs_acuXOa9QdzQRHli not found!




Répondre à shiv
shiv   30-11-2008 à 17:21:47
- 0 +

log.txt :


Logfile of random's system information tool 1.04 (written by random/random)
Run by Shiv at 2008-11-30 17:20:30
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 17 GB (32%) free of 54 GB
Total RAM: 3070 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:47, on 30/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
D:\Jeux\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Launchy\Launchy.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Shiv\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Shiv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10246 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUser.job
C:\Windows\tasks\User_Feed_Synchronization-{122E98E7-B0DB-4DBC-AEBA-1C3CCD2AAC49}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-05 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-05 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-09-12 182808]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-11-25 266497]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-02-27 13515296]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-02-27 92704]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-05 144792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-09-08 3513344]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Steam"=d:\jeux\steam\steam.exe [2008-10-11 1410296]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"Google Update"=C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 133104]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
My_AutoWarkey_Script.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
Warkeys Update.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†­uÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†­uÿÿÿÿc°B:*:Enabled:Windows NT Service"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$ŒÌw>†‚vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$ŒÌw>†‚vÿÿÿÿc°B:*:Enabled:Windows NT Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-11-30 17:20:30 ----D---- C:\rsit
2008-11-29 02:48:51 ----D---- C:\Windows\system32\Kaspersky Lab
2008-11-28 14:39:26 ----D---- C:\Users\Shiv\AppData\Roaming\Google
2008-11-28 14:38:59 ----D---- C:\Program Files\Google
2008-11-27 14:22:20 ----D---- C:\Program Files\iPod
2008-11-27 14:22:17 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-27 14:22:17 ----D---- C:\Program Files\iTunes
2008-11-27 14:21:07 ----D---- C:\Program Files\QuickTime
2008-11-27 00:29:53 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-25 14:27:23 ----D---- C:\_OTMoveIt
2008-11-24 20:15:39 ----D---- C:\Users\Shiv\AppData\Roaming\Malwarebytes
2008-11-24 20:15:35 ----D---- C:\ProgramData\Malwarebytes
2008-11-24 20:15:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-24 18:37:00 ----A---- C:\Windows\system32\tmp.txt
2008-11-24 18:36:57 ----A---- C:\rapport.txt
2008-11-24 18:36:45 ----A---- C:\Windows\system32\WS2Fix.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\VCCLSID.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\VACFix.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\swxcacls.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\swsc.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\swreg.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\SrchSTS.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\Process.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\o4Patch.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\IEDFix.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\IEDFix.C.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\dumphive.exe
2008-11-24 18:36:45 ----A---- C:\Windows\system32\404Fix.exe
2008-11-24 14:13:28 ----A---- C:\UsbFix.txt
2008-11-24 14:07:57 ----D---- C:\Program Files\UsbFix
2008-11-24 13:18:18 ----D---- C:\Program Files\CCleaner
2008-11-24 13:12:36 ----D---- C:\Program Files\Trend Micro
2008-11-24 12:55:30 ----D---- C:\VundoFix Backups
2008-11-24 12:55:30 ----A---- C:\VundoFix.txt
2008-11-21 16:33:23 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-11-21 16:33:14 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-11-21 16:31:43 ----A---- C:\Windows\system32\paul.dll
2008-11-21 16:29:47 ----D---- C:\Users\Shiv\AppData\Roaming\Leadertech
2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvexpbar.dll
2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcpluir.dll
2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcplui.exe
2008-11-20 21:30:51 ----D---- C:\NVIDIA
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wups2.dll
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wucltux.dll
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-20 09:15:04 ----A---- C:\Windows\system32\wups.dll
2008-11-20 09:15:04 ----A---- C:\Windows\system32\wudriver.dll
2008-11-20 09:15:04 ----A---- C:\Windows\system32\wuapi.dll
2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuapp.exe
2008-11-11 22:57:19 ----A---- C:\Windows\system32\msxml3.dll
2008-11-11 22:57:09 ----A---- C:\Windows\system32\msxml6.dll
2008-11-10 15:15:05 ----A---- C:\Windows\system32\XMLConfig_SYSID.ini
2008-11-09 15:46:58 ----RHD---- C:\Users\Shiv\AppData\Roaming\SecuROM
2008-11-09 15:46:56 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAudio2_2.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\xactengine3_2.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\d3dx10_39.dll
2008-11-09 15:37:27 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2008-11-09 15:37:26 ----A---- C:\Windows\system32\D3DX9_39.dll
2008-11-09 15:36:51 ----A---- C:\Windows\system32\wrap_oal.dll
2008-11-09 15:36:51 ----A---- C:\Windows\system32\OpenAL32.dll
2008-11-09 15:21:27 ----D---- C:\Windows\system32\AGEIA
2008-11-09 15:21:26 ----D---- C:\Program Files\AGEIA Technologies
2008-11-09 15:21:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAudio2_3.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\xactengine3_3.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DX9_40.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\d3dx10_40.dll
2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2008-11-08 19:19:52 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAudio2_1.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\xactengine3_1.dll
2008-11-08 19:19:51 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2008-11-08 19:19:50 ----A---- C:\Windows\system32\d3dx10_38.dll
2008-11-08 19:19:50 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2008-11-08 19:19:49 ----A---- C:\Windows\system32\XAudio2_0.dll
2008-11-08 19:19:49 ----A---- C:\Windows\system32\xactengine3_0.dll
2008-11-08 19:19:49 ----A---- C:\Windows\system32\D3DX9_38.dll
2008-11-08 19:19:48 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2008-11-08 19:19:48 ----A---- C:\Windows\system32\d3dx10_37.dll
2008-11-08 19:19:48 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2008-11-08 19:19:46 ----A---- C:\Windows\system32\xactengine2_10.dll
2008-11-08 19:19:46 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-11-08 19:19:45 ----A---- C:\Windows\system32\d3dx10_36.dll
2008-11-08 19:19:45 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2008-11-08 19:19:44 ----A---- C:\Windows\system32\xactengine2_9.dll
2008-11-08 19:19:44 ----A---- C:\Windows\system32\d3dx9_36.dll
2008-11-08 19:19:42 ----A---- C:\Windows\system32\d3dx10_35.dll
2008-11-08 19:19:42 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-11-08 19:19:40 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-11-08 19:19:40 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-11-08 19:19:39 ----A---- C:\Windows\system32\xinput1_3.dll
2008-11-08 19:19:39 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-11-08 19:19:38 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-11-08 19:19:38 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-11-08 19:19:37 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-11-08 19:19:36 ----A---- C:\Windows\system32\d3dx10.dll
2008-11-08 19:19:35 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-11-08 19:19:35 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-11-08 19:19:35 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-11-08 19:19:34 ----A---- C:\Windows\system32\xinput1_2.dll
2008-11-08 19:19:34 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-11-08 19:19:34 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-11-08 19:19:33 ----A---- C:\Windows\system32\xinput1_1.dll
2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-11-08 19:19:26 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-11-08 19:19:24 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-11-08 19:19:22 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-11-08 11:22:40 ----D---- C:\Program Files\Lavalys
2008-11-08 10:24:29 ----D---- C:\ProgramData\ma-config.com
2008-11-08 10:24:29 ----D---- C:\Program Files\ma-config.com
2008-11-07 21:31:44 ----SH---- C:\boot.ini
2008-11-07 18:44:15 ----A---- C:\Windows\system32\AutoPartNt.exe
2008-11-07 18:43:34 ----D---- C:\ProgramData\Acronis
2008-11-07 18:28:42 ----D---- C:\Program Files\Acronis
2008-11-07 18:28:41 ----D---- C:\Program Files\Common Files\Acronis
2008-11-07 18:26:58 ----D---- C:\Program Files\Acronis Disk Director Suite 10 build 2160
2008-11-07 17:21:37 ----D---- C:\Program Files\OurToolbar
2008-11-07 14:24:24 ----D---- C:\Program Files\WinImage
2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCRTD.DLL
2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCP60D.DLL
2008-11-05 21:04:40 ----A---- C:\Windows\system32\WMAFile.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\TABCTFR.DLL
2008-11-05 21:04:39 ----A---- C:\Windows\system32\MSCMCFR.DLL
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudPlayer.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioVisu.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioRecord.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioInfos.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudFile.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDisplay.dll
2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDesign.dll
2008-11-05 21:04:38 ----D---- C:\Program Files\Free Audio Pack
2008-11-05 21:04:38 ----A---- C:\Windows\system32\msvcr70.dll
2008-11-05 21:04:38 ----A---- C:\Windows\system32\lame_enc.dll
2008-11-05 05:33:51 ----A---- C:\Windows\system32\EncDec.dll
2008-11-05 05:33:50 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-03 15:50:54 ----D---- C:\Intel
2008-11-03 15:50:49 ----D---- C:\Users\Shiv\AppData\Roaming\InstallShield
2008-11-03 15:44:23 ----D---- C:\Windows\Minidump

======List of files/folders modified in the last 1 months======

2008-11-30 17:20:46 ----D---- C:\Windows\Temp
2008-11-30 17:20:41 ----D---- C:\Windows\Prefetch
2008-11-30 17:20:20 ----D---- C:\Windows\Installer
2008-11-30 17:20:19 ----HD---- C:\Config.Msi
2008-11-30 17:20:19 ----D---- C:\ProgramData\Adobe
2008-11-30 17:20:12 ----D---- C:\Users\Shiv\AppData\Roaming\Skype
2008-11-30 17:19:42 ----D---- C:\Program Files\Common Files\Adobe
2008-11-30 17:19:27 ----D---- C:\Windows\System32
2008-11-30 17:19:27 ----D---- C:\Windows\inf
2008-11-30 17:19:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-30 17:19:26 ----D---- C:\Program Files\Adobe
2008-11-30 17:19:18 ----SHD---- C:\System Volume Information
2008-11-30 17:07:55 ----D---- C:\Users\Shiv\AppData\Roaming\skypePM
2008-11-30 17:01:03 ----D---- C:\Windows\system32\Tasks
2008-11-30 17:00:27 ----SD---- C:\Windows\Downloaded Program Files
2008-11-30 17:00:11 ----D---- C:\Program Files\Java
2008-11-30 17:00:10 ----D---- C:\Program Files\Common Files
2008-11-30 05:00:00 ----D---- C:\Windows
2008-11-29 19:50:03 ----D---- C:\Program Files\Common Files\Steam
2008-11-29 13:48:25 ----D---- C:\Users\Shiv\AppData\Roaming\uTorrent
2008-11-28 14:38:59 ----RD---- C:\Program Files
2008-11-27 14:30:55 ----D---- C:\Program Files\Mozilla Firefox
2008-11-27 14:22:19 ----D---- C:\Program Files\Common Files\Apple
2008-11-27 14:22:17 ----HD---- C:\ProgramData
2008-11-27 13:26:25 ----D---- C:\Users\Shiv\AppData\Roaming\FrostWire
2008-11-24 20:15:38 ----D---- C:\Windows\system32\drivers
2008-11-24 15:40:46 ----D---- C:\Windows\system32\WDI
2008-11-24 13:20:02 ----D---- C:\Windows\Debug
2008-11-23 15:56:09 ----D---- C:\Windows\winsxs
2008-11-22 20:29:12 ----D---- C:\Users\Shiv\AppData\Roaming\Hamachi
2008-11-22 20:18:52 ----D---- C:\Users\Shiv\AppData\Roaming\teamspeak2
2008-11-21 16:29:37 ----D---- C:\Windows\system32\LogFiles
2008-11-21 16:22:53 ----RSD---- C:\Windows\assembly
2008-11-20 23:20:58 ----D---- C:\ProgramData\NVIDIA
2008-11-20 23:17:02 ----D---- C:\Windows\system32\catroot
2008-11-20 23:17:01 ----D---- C:\Windows\system32\catroot2
2008-11-20 23:15:54 ----D---- C:\SWSETUP
2008-11-20 22:03:18 ----D---- C:\Windows\rescache
2008-11-20 21:42:41 ----D---- C:\Windows\Help
2008-11-20 21:28:13 ----D---- C:\Windows\system32\fr-FR
2008-11-20 10:09:29 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-19 22:14:17 ----D---- C:\Windows\Tasks
2008-11-17 21:40:59 ----D---- C:\Program Files\Full Tilt Poker
2008-11-12 18:16:27 ----SD---- C:\Users\Shiv\AppData\Roaming\Microsoft
2008-11-12 14:08:34 ----N---- C:\Windows\win.ini
2008-11-07 19:08:09 ----D---- C:\Windows\Logs
2008-11-07 16:36:53 ----SD---- C:\ProgramData\Microsoft
2008-11-07 16:23:27 ----D---- C:\Program Files\nLite
2008-11-07 16:21:40 ----D---- C:\XPiso
2008-11-06 10:59:36 ----D---- C:\Program Files\Microsoft Office
2008-11-05 10:46:38 ----D---- C:\Windows\Microsoft.NET
2008-11-05 10:21:12 ----D---- C:\Windows\ehome
2008-11-04 01:10:25 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-11-25 52032]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-10-11 25280]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-02-27 7602688]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 98816]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-17 983936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 anvrc0g7;anvrc0g7; C:\Windows\system32\drivers\anvrc0g7.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-11-02 15360]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-25 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-25 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-09-12 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-02-27 49152]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-11-21 66872]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-11-29 104944]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-02 195752]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]

-----------------EOF-----------------



info.txt

info.txt logfile of random's system information tool 1.04 2008-11-30 17:20:49

======Uninstall list======

-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acronis Disk Director Suite 10 build 2160-->C:\Program Files\Acronis Disk Director Suite 10 build 2160\Uninstal.exe
Acronis Disk Director Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Bink and Smacker-->C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
Counter-Strike-->"D:\Jeux\Steam\steam.exe" steam://uninstall/10
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
ESU for Microsoft Vista-->MsiExec.exe /I{AD3FDC40-BCF4-476D-A2D6-C4B154DD9DF5}
EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FileZilla Client 3.1.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly
Garry's Mod-->"D:\Jeux\Steam\steam.exe" steam://uninstall/4000
Giants-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97370293-96EC-11D4-9DEF-00104B70C5FB}\setup.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Imaging Device Functions 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart All-In-One Software 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Solution Center 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
HP User Guides 0088-->MsiExec.exe /I{8347A7A5-4AB8-433F-82AA-496B0D189A9B}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Kaspersky On-line Scanner-->C:\Windows\system32\KASPER~1\KASPER~1\kavuninstall.exe
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Launchy 2.1.2-->"C:\Program Files\Launchy\unins000.exe"
Left 4 Dead-->"D:\Jeux\Steam\steam.exe" steam://uninstall/500
Ma-Config.com-->MsiExec.exe /X{DD987A54-122B-4CFD-A8C5-5577027A6B78}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /I{E87F5651-CE15-493F-AE99-3B670E25A54E}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
nLite 1.4.9.1-->"C:\Program Files\nLite\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
On2 VP7 Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PVK-->D:\Jeux\Counter-Strike 1.6 + Half-Life\pvk\uninstall.exe
Quake III Arena Point Release 1.32-->C:\Windows\unvise32.exe d:\jeux\q3\uninstal5.log
Quake III Arena-->C:\Windows\IsUninst.exe -fd:\jeux\q3\QIII.isu
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
Rocket Arena 3 1.76 (remove only)-->"D:\Jeux\Q3\arena\uninstall.exe"
Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Team Fortress 2-->"D:\Jeux\Steam\steam.exe" steam://uninstall/440
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
VistaBootPRO 3.3-->MsiExec.exe /I{6C9FA746-8759-4040-A436-42922CB3492E}
Warkeys 1.8.1.0b-->C:\Program Files\Warkeys\uninst.exe
WC3Banlist-->"C:\Program Files\WC3Banlist\unins000.exe"
Windows Live Bêta (tous les programmes)-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Bêta (tous les programmes)-->MsiExec.exe /I{9C4AB6FB-43CD-4ADF-8B59-6C52A6B74324}
Windows Live Call-->MsiExec.exe /I{868EC13B-52DA-43B9-8C05-50CD897674DF}
Windows Live Messenger-->MsiExec.exe /X{F72F8316-91E8-4C80-9E39-EBE933E1EDFB}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe

=====HijackThis Backups=====

O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe
O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

======Security center information======

AV: Avira AntiVir PersonalEdition
AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Services en ligne
"USERPART"=F:
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Répondre à shiv
Destrio5   30-11-2008 à 17:28:07
- 0 +

Pour la manip' avec OTMoveIt3, refais-la en mode sans échec.

 

Pour redémarrer en mode sans échec :

  • Redémarre ton PC.
  • Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
  • Dans le menu d'options avancées, choisis Mode sans échec.
  • Choisis ta session.


Message édité par Destrio5 le 30-11-2008 à 17:28:33
Répondre à Destrio5
shiv   30-11-2008 à 18:02:47
- 0 +

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service asp7icqx .
========== FILES ==========
C:\rsit moved successfully.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully.
File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
File/Folder C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat not found.
File/Folder C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_175825

Files moved on Reboot...
File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!

Répondre à shiv
shiv   30-11-2008 à 19:15:16
- 0 +

Je refait un scan ce soir et je te dis ca :)

Répondre à shiv
shiv   01-12-2008 à 23:05:57
- 0 +

Tout va bien merci :)

Répondre à shiv
Destrio5   02-12-2008 à 21:36:06
- 0 +

1/

  • Désinstalle HijackThis.


  • Réactive l'UAC de Vista.



2/

  • Télécharge OTCleanIt sur ton Bureau.
  • Clique droit sur OTCleanIt et choisis Exécuter en tant qu'administrateur.
  • Clique sur CleanUp! puis clique sur Yes à la fenêtre Confirm.
  • Redémarre ton PC comme demandé.



3/

  • Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar).
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).



4/




5/

  • Tiens à jour Windows et tes logiciels.


---> Ajoute maintenant [Résolu] au titre. Pour cela :

  • Clique, dans ton premier message, sur le bouton Editer http://img.infos-du-net.com/forum/themes_static/images_forum/3/edit.gif.
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.



Sois plus vigilant sur Internet ;)

Répondre à Destrio5
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > [Résolu]PB Zapchast (Trojan) : a.bat
Aller à :

Il y a 254 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,590 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens