Pub intempestives PC lent [Résolu]
Forum Sécurité - Virus : Pub intempestives PC lent [Résolu]
Bonjour
Depuis un certain temps je reçois des Pub INTEMPESTIVES mon Antivirus G-DATA 2009 ne trouve rien ni Spybot. J’ai nettoyé le PC avec TUNEUP 2008 mais cela ne règle pas mon problème. Je ne sais plus comment faire pour remédier à ce problème, de plus parfois ma souris hachure dans ses déplacements, de même lorsque j’écoute de la musique le son hachure au point ou l’écoute devient impossible. Je compte sur vous pour m’aider à régler se problème Soyez indulgent avec un retraité au grand âge.
Ma configuration matérielle
C.M :Gigabyte X48- DQ6
Proc : Intel 2 core quad q9650
4 go de ram
Win XP Familial
Merci pour votre aide
Message édité par nobody57 le 05-02-2009 à 21:40:16
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
Merci de m'aider voici mon rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:11, on 08/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jacques\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: milehighads - {5262860b-be9d-c70d-f1ee-af145c648bbb} - C:\WINDOWS\system32\nss14.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 3289113812
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareup [...] /CTPID.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 12008 bytes
Re,
Ce n'est pas clean.
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Voici avec un peu de retard...le rapport de Malwarebyte's anti-malware
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1627
Windows 5.1.2600 Service Pack 3
07/01/2009 23:14:01
mbam-log-2009-01-07 (23-14-01).txt
Type de recherche: Examen complet (C:\|M:\|)
Eléments examinés: 438172
Temps écoulé: 5 hour(s), 34 minute(s), 52 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
M:\LOGICIEL\powerdvd 8\Nouveau dossier\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
M:\TOTAL\Maxtor backup\JACQUES\D\SAUVEGARDE GENERAL DE TOUS LES DD\SVG\Logiciel\A_GRAVER\Log_Son\Sony Sound Forge 7.0\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
M:\TOTAL\Maxtor backup\JACQUES\F\SVG\Logiciel\A_GRAVER\Log_Son\Sony Sound Forge 7.0\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Reposte un rapport Hijackthis.
Répondre à Angeldark
Merci encore.. pardon si je ne suis pas trés réactif sur le forum j'ai plein d'occupation en ce moment.
voici donc un second rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:14, on 09/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jacques\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: milehighads - {5262860b-be9d-c70d-f1ee-af145c648bbb} - C:\WINDOWS\system32\nsk1E.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 3289113812
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareup [...] /CTPID.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 12156 bytes
Re,
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
Voici le rapport de ComboFix
ComboFix 09-01-09.03 - Jacques 2009-01-10 17:25:36.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.3326.2507 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jacques\Mes documents\TELECHARGEMENT\ComboFix\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exe
c:\documents and settings\All Users\Application Data\vlc-0.9.6-win32.exe
c:\documents and settings\Jacques\Application Data\inst.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-10 au 2009-01-10 ))))))))))))))))))))))))))))))))))))
.
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\Jacques\Application Data\Malwarebytes
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 16:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 16:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-07 09:42 . 2009-01-07 09:42 <REP> d-------- c:\documents and settings\Jacques\Application Data\TuneUp Software
2009-01-07 09:42 . 2009-01-07 09:42 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-07 09:42 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2009-01-07 09:41 . 2009-01-07 09:45 <REP> d-------- c:\program files\TuneUp Utilities 2008
2009-01-07 09:41 . 2009-01-07 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-07 09:30 . 2009-01-07 09:30 <REP> d-------- c:\program files\AxBx
2009-01-05 20:02 . 2009-01-05 20:02 681,472 --a------ c:\windows\system32\nsk1E.dll
2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\program files\JAM Software
2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\documents and settings\Jacques\Application Data\JAM Software
2009-01-03 12:34 . 2009-01-09 18:56 156 --a------ c:\windows\Twunk001.MTX
2009-01-03 12:34 . 2009-01-09 18:56 4 --a------ c:\windows\Twain001.Mtx
2009-01-03 12:34 . 2009-01-03 12:34 0 --a------ c:\windows\Twunk002.MTX
2009-01-03 10:15 . 2009-01-09 15:31 85,239 --a------ c:\windows\system32\cont_milehighads-remove.exe
2009-01-03 10:15 . 2009-01-03 10:15 68,513 --a------ c:\windows\system32\pujaruyrydgs.dll-uninst.exe
2009-01-03 10:15 . 2009-01-03 10:15 47,576 --a------ c:\windows\system32\rmnajrfcoebsfdb.exe
2009-01-02 13:46 . 2009-01-02 17:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\PixVue
2009-01-02 08:28 . 2008-04-01 13:23 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-01-02 08:28 . 2008-04-01 13:23 118,056 --------- c:\windows\system32\pxcpyi64.exe
2008-12-28 09:08 . 2008-12-28 09:08 0 --a------ c:\windows\nsreg.dat
2008-12-28 08:41 . 2008-12-28 08:41 <REP> d-------- c:\documents and settings\Jacques\Application Data\Windows Live Writer
2008-12-27 19:31 . 2008-12-27 19:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\Fichiers communs\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2008-12-27 16:55 . 2009-01-02 18:40 <REP> d-------- c:\program files\Incomplete
2008-12-27 16:32 . 2008-12-27 16:32 68,424 --a------ c:\windows\system32\drivers\GRD.sys
2008-12-27 16:30 . 2009-01-10 17:28 82,761,760 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-27 16:30 . 2009-01-10 17:28 1,138,208 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-27 16:30 . 2009-01-10 10:36 975,464 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-27 16:30 . 2009-01-10 10:36 112,892 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-27 16:04 . 2008-12-27 16:25 48,712 --a------ c:\windows\system32\drivers\MiniIcpt.sys
2008-12-27 16:04 . 2008-12-27 16:25 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys
2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\G DATA
2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\Fichiers communs\G DATA
2008-12-27 16:03 . 2008-12-27 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
2008-12-27 16:03 . 2008-12-29 08:48 <REP> d--hs---- C:\#GDATA.Trash.Store#
2008-12-27 16:03 . 2008-12-27 16:31 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
2008-12-27 16:03 . 2008-12-27 16:03 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys
2008-12-19 16:34 . 2008-12-19 16:34 <REP> d-------- c:\program files\Xvid
2008-12-19 16:34 . 2008-12-04 21:42 815,104 --a------ c:\windows\system32\xvidcore.dll
2008-12-19 16:34 . 2008-12-04 21:46 180,224 --a------ c:\windows\system32\xvidvfw.dll
2008-12-19 16:34 . 2008-12-13 20:01 77,824 --a------ c:\windows\system32\xvid.ax
2008-12-18 10:02 . 2008-12-18 10:02 <REP> d-------- c:\documents and settings\Jacques\Application Data\muvee Technologies
2008-12-18 10:02 . 2008-12-18 10:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Creative
2008-12-18 09:39 . 2008-12-18 09:39 <REP> d-------- c:\program files\iTunes
2008-12-18 09:39 . 2009-01-02 17:55 <REP> d-------- c:\program files\iPod
2008-12-18 09:39 . 2008-12-18 09:39 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-18 09:39 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-18 09:39 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-18 09:38 . 2008-12-18 09:38 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-18 09:37 . 2009-01-02 17:25 <REP> d-------- c:\program files\Fichiers communs\Apple
2008-12-18 09:21 . 2008-12-18 09:21 <REP> d-------- c:\documents and settings\Jacques\Application Data\Creative
2008-12-18 09:19 . 2000-05-22 09:58 647,872 --------- c:\windows\system32\Mscomct2.ocx
2008-12-18 09:19 . 1999-10-10 18:00 41,984 --------- c:\windows\Ctregrun.exe
2008-12-18 09:19 . 2003-06-12 23:25 7,062 --a------ c:\windows\system32\audiopid.vxd
2008-12-18 09:17 . 2008-12-18 09:17 <REP> d-------- c:\windows\CtDrvInstall
2008-12-18 09:17 . 2006-01-16 18:00 24,576 -ra------ c:\windows\system32\P1370Aor.dll
2008-12-18 09:16 . 2008-12-18 09:16 <REP> d-------- c:\documents and settings\All Users\Application Data\muvee Technologies
2008-12-18 09:15 . 2005-07-06 18:07 36,864 -ra------ c:\windows\system32\CtCamMgr.dll
2008-12-18 09:15 . 2005-10-23 18:01 24,576 --------- c:\windows\system32\CTWEBFUN.DLL
2008-12-18 09:14 . 2008-12-18 09:30 <REP> d-------- c:\program files\Creative
2008-12-18 08:22 . 2009-01-10 15:35 <REP> d-------- c:\documents and settings\Jacques\Tracing
2008-12-18 08:21 . 2008-12-18 08:21 <REP> d-------- c:\program files\Microsoft Silverlight
2008-12-18 08:21 . 2008-12-18 08:21 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
2008-12-18 08:20 . 2008-12-18 08:20 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-12-18 08:18 . 2008-12-18 08:18 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-18 08:18 . 2008-12-18 08:18 <REP> d-------- c:\program files\Microsoft
2008-12-17 10:34 . 2008-12-17 10:34 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-15 10:18 . 2008-12-15 10:18 <REP> d-------- c:\program files\Activision
2008-12-15 10:15 . 2008-12-15 10:15 <REP> d--hs---- c:\windows\ftpcache
2008-12-11 09:18 . 2008-04-14 03:33 221,184 --a------ c:\windows\system32\wmpns.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 08:41 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-05 12:26 --------- d-----w c:\program files\eMule
2009-01-02 16:30 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-02 16:28 --------- d-----w c:\program files\Bonjour
2008-12-29 16:17 --------- d-----w c:\program files\LimeWire
2008-12-29 08:50 --------- d-----w c:\documents and settings\Jacques\Application Data\LimeWire
2008-12-29 07:47 --------- d-----w c:\documents and settings\Jacques\Application Data\uTorrent
2008-12-28 16:58 --------- d-----w c:\program files\Google
2008-12-28 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-27 15:35 --------- d-----w c:\documents and settings\Jacques\Application Data\vlc
2008-12-27 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-18 08:38 --------- d-----w c:\program files\QuickTime
2008-12-18 07:21 --------- d-----w c:\program files\Windows Live
2008-12-17 19:10 --------- d-----w c:\documents and settings\Jacques\Application Data\EPSON
2008-12-16 11:36 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-14 18:56 --------- d-----w c:\program files\SFR
2008-12-14 09:17 --------- d-----w c:\program files\Java
2008-12-08 20:20 16,608 ----a-w c:\windows\gdrv.sys
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-12-01 05:58 --------- d-----w c:\program files\CyberLink
2008-12-01 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-28 16:13 --------- d-----w c:\documents and settings\Jacques\Application Data\Winamp
2008-11-28 15:51 --------- d-----w c:\program files\Winamp
2008-11-28 15:49 --------- d-----w c:\program files\Fichiers communs\CyberLink
2008-11-28 15:47 29,480 ----a-w c:\windows\system32\msxml3a.dll
2008-11-26 00:04 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2008-11-26 00:04 --------- d-----w c:\program files\Fichiers communs\Nikon
2008-11-25 23:44 --------- d-----w c:\documents and settings\Jacques\Application Data\Nikon
2008-11-25 23:44 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
2008-11-25 23:44 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
2008-11-24 10:52 --------- d-----w c:\program files\Foxmail
2008-11-13 10:09 --------- d-----w c:\program files\EPSON Print CD
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-24 13:40 22,328 ----a-w c:\documents and settings\Jacques\Application Data\PnkBstrK.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-12 17:34 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-12 14:24 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-10-12 14:24 2,272 ----a-w c:\windows\system32\w95inf16.dll
2008-10-06 18:24 47,360 ----a-w c:\documents and settings\Jacques\Application Data\pcouffin.sys
2009-01-05 19:02 652,288 ----a-w c:\program files\mozilla firefox\components\nsmilehighads.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5262860b-be9d-c70d-f1ee-af145c648bbb}]
2009-01-05 20:02 681472 --a------ c:\windows\system32\nsk1E.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-06-27 91432]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Adobe Photo Downloader"="c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe" [2008-04-01 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
-ra------ 2008-04-11 19:50 347648 c:\documents and settings\Jacques\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53773:TCP"= 53773:TCP:emule tcp
"16399:UDP"= 16399:UDP:emule udp
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-12-27 22272]
R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2008-12-27 68424]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-30 93696]
R3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-08-15 1407976]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-12-27 48712]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2008-12-27 32328]
R3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-08-22 880200]
R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50:32 61424]
R4 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 1016904]
R4 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
R4 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-08-14 1185496]
R4 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2008-12-27 51016]
S3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-02 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-02 13312]
S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-12-18 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-12-18 4992]
S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-12-18 179328]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b77caa-8f11-11dd-b90a-806d6172696f}]
\Shell\AutoRun\command - J:\Launch.exe
.
Contenu du dossier 'Tâches planifiées'
2009-01-10 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
- - - - ORPHELINS SUPPRIMES - - - -
ShellIconOverlayIdentifiers-{3E57A8B6-849B-476E-A3E9-CFCE49E3662A} - (no file)
ShellIconOverlayIdentifiers-{E3F36090-0540-418f-8136-074D5B255B59} - (no file)
ShellIconOverlayIdentifiers-{E1C1BE26-35A8-4999-A3A6-235CB7BD558B} - (no file)
ShellIconOverlayIdentifiers-{2E9BD3CA-A57F-450b-B1BA-A6A58C0C1D51} - (no file)
ShellIconOverlayIdentifiers-{BCA5FB3A-9FC1-4465-ACE3-8C2072449164} - (no file)
ShellIconOverlayIdentifiers-{F0C13C81-FB8D-464e-873F-F8FF999E3EEC} - (no file)
ShellIconOverlayIdentifiers-{0117FFFB-91FD-414E-AC34-A00531032006} - (no file)
HKLM-Run-Device Detector - DevDetect.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel
FF - ProfilePath - c:\documents and settings\Jacques\Application Data\Mozilla\Firefox\Profiles\4z3izwmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\components\nsmilehighads.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 17:28:25
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1960408961-117609710-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:70,cd,3d,9f,fb,04,c1,88,c0,3e,16,1e,95,be,42,cc,fa,39,1c,35,e6,
2d,56,91,6c,33,af,ce,f6,84,81,11,ec,51,3a,92,4c,df,b4,99,e4,d6,00,b8,34,a8,\
"rkeysecu"=hex:90,35,3a,83,0b,f6,a1,91,59,e3,93,c8,c6,aa,5b,5e
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:fa,1f,4e,6a,ec,41,da,68,df,fc,f3,f4,de,48,a5,31,bb,39,42,b8,86,
01,c2,3b,5b,da,78,a1,ba,6d,f1,8d,29,20,7d,eb,8e,55,d4,52,64,e4,9c,d9,a3,d9,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c5,20,54,f3,8a,c4,b9,7c,43,ed,04,81,39,df,4c,0d,b0,38,34,9a,85,
f1,ad,a4,17,a6,76,aa,18,8c,73,f1,58,ad,64,0c,51,f6,0b,17,79,65,c6,db,0d,1e,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-01-10 17:30:07
ComboFix-quarantined-files.txt 2009-01-10 16:30:04
Avant-CF: 29 651 673 088 octets libres
Après-CF: 29,972,561,920 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
309 --- E O F --- 2008-12-18 13:48:37
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:16, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\VSO\Image Resizer\Resize.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Nikon\Camera Control Pro 2\NControlPro.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jacques\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: milehighads - {5262860b-be9d-c70d-f1ee-af145c648bbb} - C:\WINDOWS\system32\nsk1E.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 3289113812
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareup [...] /CTPID.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 12430 bytes
Quels sont tes problèmes maintenant ?
Répondre à Angeldark
J'ai encore des pages de pub qui s'ouvrent de temps en temps, par contre le PC est plus véloce et la musique ne hachure plus, la souris est fluide.
MSN se ferme tout seul et une annotation de MSN s'ouvre en bas à droite de l'écran avec un message du style " Msn ne peut pas s'ouvrir car vous êtes déjà connecté....ce qui n'est pas le cas! et bien évidement je suis obligé de le relancer. Au bout d'un certain temps le phénomène se reproduit ... Mais bon pour le reste c'est mieux..Merci ! Y a t-il encore quelque chose à faire?
Je pense pas que cela soit lié à une infection.
- Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur
- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail
- Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Répondre à Angeldark
J'ai fais un scan avec Kaspersky..trouvé 6 infections ... Impossible de d'enregistré le rapport ?? (Prob avec kaspersky? je ne sais pas !) j'efface et je recommence je refai une tentatve ce matin ...sachant que le scan dure des plombes...GROS DD 1.4 To
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, January 14, 2009 1:40:04 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 14/01/2009
Enregistrements dans la base antivirus Kaspersky : 1452140
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
R:\
Statistiques de l'analyse:
Total d'objets analysés: 235293
Nombre de virus trouvés: 1
Nombre d'objets infectés: 49 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 02:44:08
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\CyberLink\BDNAV\BRF.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\DRM\drmstore.hds L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Messenger\ContactsLog.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows Live Contacts\{25bb2f8c-9310-4d37-9089-9b1bc3c4fbb8}\DBStore\contacts.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows Live Contacts\{25bb2f8c-9310-4d37-9089-9b1bc3c4fbb8}\DBStore\LogFiles\edb.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows Live Contacts\{25bb2f8c-9310-4d37-9089-9b1bc3c4fbb8}\DBStore\tempedb.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows Live Contacts\{a8a639f1-324f-4d1e-b2c4-c7c4754ff48d}\DBStore\contacts.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows Live Contacts\{a8a639f1-324f-4d1e-b2c4-c7c4754ff48d}\DBStore\LogFiles\edb.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows Live Contacts\{a8a639f1-324f-4d1e-b2c4-c7c4754ff48d}\DBStore\LogFiles\edbtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Application Data\Microsoft\Windows Live Contacts\{a8a639f1-324f-4d1e-b2c4-c7c4754ff48d}\DBStore\tempedb.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Application Data\Neuf\Media Center\access.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Application Data\Neuf\Media Center\error.log L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Historique\History.IE5\MSHist012009011420090115\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\temp\~DFF0BC.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Jacques\Tracing\WindowsLiveMessenger-uccapi-0.uccapilog L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\G DATA\TotalCare\Firewall\GdFwSvc.dat L'objet est verrouillé ignoré
C:\Program Files\G DATA\TotalCare\Firewall\LiveStrm.dat L'objet est verrouillé ignoré
C:\Program Files\G DATA\TotalCare\Firewall\Modules.dat L'objet est verrouillé ignoré
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052281.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab/loader.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052281.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052281.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052281.exe/data0000.cab/Setup_01.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052281.exe/data0000.cab/Setup_01.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052281.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052281.exe Rsrc-Package: infecté - 6 ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052282.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab/loader.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052282.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052282.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052282.exe/data0000.cab/Setup_01.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052282.exe/data0000.cab/Setup_01.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052282.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052282.exe Rsrc-Package: infecté - 6 ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052284.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab/loader.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052284.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052284.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052284.exe/data0000.cab/Setup_01.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052284.exe/data0000.cab/Setup_01.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052284.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052284.exe Rsrc-Package: infecté - 6 ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052286.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab/loader.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052286.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052286.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052286.exe/data0000.cab/Setup_01.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052286.exe/data0000.cab/Setup_01.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052286.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052286.exe Rsrc-Package: infecté - 6 ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052287.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab/loader.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052287.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052287.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052287.exe/data0000.cab/Setup_01.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052287.exe/data0000.cab/Setup_01.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052287.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052287.exe Rsrc-Package: infecté - 6 ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052289.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab/loader.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052289.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052289.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052289.exe/data0000.cab/Setup_01.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052289.exe/data0000.cab/Setup_01.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052289.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052289.exe Rsrc-Package: infecté - 6 ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052291.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab/loader.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052291.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052291.exe/data0000.cab/Setup_01.exe/data0000.cab/Setup_00.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052291.exe/data0000.cab/Setup_01.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052291.exe/data0000.cab/Setup_01.exe Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052291.exe/data0000.cab Infecté : Trojan-Downloader.Win32.Murlo.vn ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP235\A0052291.exe Rsrc-Package: infecté - 6 ignoré
C:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP239\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox.idx L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox2.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox2.idx L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_4ec.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\tmp00000241\tmp00000000 L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector L'objet est verrouillé ignoré
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d2c538efe92ae7beda8bd254b09dfb8e_1d5628a0-efd1-4f60-b409-452fd67e3908 L'objet est verrouillé ignoré
D:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_1d5628a0-efd1-4f60-b409-452fd67e3908 L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\Windows\CSC\v2.0.6\pq L'objet est verrouillé ignoré
D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl L'objet est verrouillé ignoré
D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl L'objet est verrouillé ignoré
D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl L'objet est verrouillé ignoré
D:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl L'objet est verrouillé ignoré
E:\52f07297c4e25054ab3454\update\update.exe L'objet est verrouillé ignoré
E:\autorun.inf\lpt3.This folder was created by Flash_Disinfector L'objet est verrouillé ignoré
E:\d5c09c7537c90a61c21b1e25a86a\update\update.exe L'objet est verrouillé ignoré
E:\f34bb2532dc3a950af1e9abb\update\update.exe L'objet est verrouillé ignoré
E:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
E:\System Volume Information\_restore{6A9ECA4A-6957-4F86-A592-4C1737FA5E59}\RP239\change.log L'objet est verrouillé ignoré
Analyse terminée.
Il te suffit de désactiver puis réactiver la restauration du système 
Répondre à Angeldark
j'avoue ne pas bien saisir le but de cette manoeuvre, et si je dois la faire avant de refaire un scan...ou là maintenant après le scan de Kaspersky? pardon de mon ignorance.
On a ainsi vider la restauration du système qui avait des points de restauration infectés.
Répondre à Angeldark
Ok c'est noté.....
pour l'heure le PC semble tourner correctement mis à part ce message qui arrive de temps en temps... "ATTENTION! Si votre ordinateur est infectés vous pouvez souffrir de la perte de donéees, du fonctionnement instable....Antivirus 2009 va effectuer un balayage rapide et 100% gratuit....voulez vous ..etc...
re-
ben finalment mon prob est tjs présent... je pensai être sorti d'affaire, mais non!
Tjs des pubs et hier, encore une foi ma souris hachurait et impossible d'écouter de la musique via :Winamp ou Vlc...
Après un reboot tout de nouveau OK ! Mis à par les pubs qui arrivent de tps en tps
Ce n'est peut-être pas une infection car du coté de mon Antivirus rien à signalé, ni par spyboot - ad-aware ou Malwarebyte.
Je vais certainement reformater...mais cela ne m'enchante pas!
Reposte un rapport Hijackthis pour voir.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:33, on 19/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTCJE.EXE
C:\Program Files\Foxmail\Foxmail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jacques\Mes documents\TELECHARGEMENT\hitjackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: milehighads - {5262860b-be9d-c70d-f1ee-af145c648bbb} - C:\WINDOWS\system32\nsk1E.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 3289113812
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareup [...] /CTPID.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 12644 bytes
une info si cela peut aider .La page de pub qui vient de s'ouvrit à l'instant sur mon bureau est :" Contextual ads by Milehighads"
J'ai le problème en visu' on va attaquer.
Télécharge Random's System Information Tool (RSIT) par (random/random) et sauvegarde-le sur le Bureau.
- Double-clique sur RSIT.exe afin de lancer le programme.
- Clique Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (affiché)
ainsi que de info.txt (réduit dans la Barre des Tâches).
- Veille bien à poster l'intégralité des rapports. Vérifie qu'ils soient complets une fois que tu les as postés.
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Répondre à Angeldark
Logfile of random's system information tool 1.05 (written by random/random)
Run by Jacques at 2009-01-20 09:20:20
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 28 GB (31%) free of 90 GB
Total RAM: 3326 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:21:05, on 20/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Foxmail\Foxmail.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Documents and Settings\Jacques\Bureau\RSIT.exe
C:\Documents and Settings\Jacques\Mes documents\TELECHARGEMENT\hitjackThis\Jacques.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: milehighads - {5262860b-be9d-c70d-f1ee-af145c648bbb} - C:\WINDOWS\system32\nsk1E.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 3289113812
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareup [...] /CTPID.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 12695 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Maintenance en 1 clic.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
G DATA WebFilter - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll [2008-09-08 656968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5262860b-be9d-c70d-f1ee-af145c648bbb}]
milehighads - C:\WINDOWS\system32\nsk1E.dll [2009-01-05 681472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{0124123D-61B4-456f-AF86-78C53A0790C5} - G DATA WebFilter - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll [2008-09-08 656968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-04-01 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"GDFirewallTray"=C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"=C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe [2008-11-24 958024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Gadwin PrintScreen"=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2007-08-20 495616]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-12-02 3882312]
"Neuf Media Center"=C:\Program Files\SFR\Media Center\MediaCenter.exe [2008-10-10 726336]
"Creative WebCam Tray"=C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]
"Uniblue Registry Booster"=C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe [2006-09-28 1396736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
C:\Documents and Settings\Jacques\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe [2008-04-11 347648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
C:\Documents and Settings\Jacques\Menu Démarrer\Programmes\Démarrage
Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-21 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\SFR\Media Center\httpd\httpd.exe"="C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b77caa-8f11-11dd-b90a-806d6172696f}]
shell\AutoRun\command - J:\Launch.exe
======List of files/folders created in the last 1 months======
2009-01-20 09:20:20 ----D---- C:\rsit
2009-01-19 22:22:29 ----A---- C:\WINDOWS\oodcnt.INI
2009-01-19 18:02:04 ----D---- C:\WINDOWS\system32\oodag
2009-01-19 17:19:07 ----D---- C:\Program Files\OO Software
2009-01-19 10:40:33 ----D---- C:\Program Files\Defraggler
2009-01-18 12:29:37 ----D---- C:\Program Files\Dfx
2009-01-18 12:29:35 ----A---- C:\WINDOWS\system32\dfxg11.dll
2009-01-18 12:25:19 ----D---- C:\Program Files\Uniblue
2009-01-15 09:40:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-14 11:22:19 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-01-14 09:54:19 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2009-01-14 09:50:26 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-01-14 09:50:26 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-01-14 09:50:25 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-01-14 09:50:25 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-01-14 09:50:25 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-01-14 09:50:24 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-01-14 09:50:23 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-01-14 09:43:28 ----A---- C:\Documents and Settings\All Users\Application Data\xml4B.tmp
2009-01-14 09:43:27 ----A---- C:\Documents and Settings\All Users\Application Data\xml4A.tmp
2009-01-14 09:43:27 ----A---- C:\Documents and Settings\All Users\Application Data\xml49.tmp
2009-01-14 09:43:23 ----A---- C:\Documents and Settings\All Users\Application Data\xml42.tmp
2009-01-14 09:43:03 ----D---- C:\Program Files\SiSoftware
2009-01-12 09:39:50 ----D---- C:\Documents and Settings\All Users\Application Data\Vocal Transformer
2009-01-11 15:05:05 ----D---- C:\Documents and Settings\All Users\Application Data\Documentation
2009-01-11 13:56:34 ----A---- C:\WINDOWS\ViewNX.INI
2009-01-11 13:32:06 ----D---- C:\Documents and Settings\All Users\Application Data\Database
2009-01-11 13:27:17 ----D---- C:\Program Files\Fichiers communs\muvee Technologies
2009-01-11 13:27:13 ----D---- C:\Documents and Settings\All Users\Application Data\Nikon
2009-01-11 13:26:41 ----D---- C:\Documents and Settings\All Users\Application Data\Commands
2009-01-11 13:10:53 ----D---- C:\Program Files\Nikon
2009-01-11 11:01:12 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-01-11 11:01:11 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-01-10 19:02:44 ----D---- C:\Documents and Settings\Jacques\Application Data\Babylon
2009-01-10 18:03:55 ----SHD---- C:\RECYCLER
2009-01-10 17:37:30 ----A---- C:\ComboFix.txt
2009-01-10 17:25:04 ----A---- C:\Boot.bak
2009-01-10 17:24:56 ----RASHD---- C:\cmdcons
2009-01-10 17:22:51 ----A---- C:\WINDOWS\zip.exe
2009-01-10 17:22:51 ----A---- C:\WINDOWS\VFIND.exe
2009-01-10 17:22:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-10 17:22:51 ----A---- C:\WINDOWS\SWSC.exe
2009-01-10 17:22:51 ----A---- C:\WINDOWS\SWREG.exe
2009-01-10 17:22:51 ----A---- C:\WINDOWS\sed.exe
2009-01-10 17:22:51 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-10 17:22:51 ----A---- C:\WINDOWS\grep.exe
2009-01-10 17:22:51 ----A---- C:\WINDOWS\fdsv.exe
2009-01-10 17:22:45 ----D---- C:\WINDOWS\ERDNT
2009-01-10 17:22:45 ----D---- C:\Qoobox
2009-01-07 16:37:54 ----D---- C:\Documents and Settings\Jacques\Application Data\Malwarebytes
2009-01-07 16:37:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-07 16:37:38 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-07 09:42:17 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-01-07 09:42:16 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-01-07 09:42:12 ----D---- C:\Documents and Settings\Jacques\Application Data\TuneUp Software
2009-01-07 09:41:56 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-01-07 09:41:48 ----D---- C:\Program Files\TuneUp Utilities 2008
2009-01-07 09:30:16 ----D---- C:\Program Files\AxBx
2009-01-05 20:02:34 ----A---- C:\WINDOWS\system32\nsk1E.dll
2009-01-04 09:52:26 ----D---- C:\Documents and Settings\Jacques\Application Data\JAM Software
2009-01-04 09:52:23 ----D---- C:\Program Files\JAM Software
2009-01-03 10:15:31 ----A---- C:\WINDOWS\system32\pujaruyrydgs.dll-uninst.exe
2009-01-03 10:15:28 ----A---- C:\WINDOWS\system32\cont_milehighads-remove.exe
2009-01-03 10:15:27 ----A---- C:\WINDOWS\system32\rmnajrfcoebsfdb.exe
2009-01-02 13:46:29 ----D---- C:\Documents and Settings\Jacques\Application Data\PixVue
2009-01-02 08:28:12 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-01-02 08:28:12 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-12-28 14:29:27 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-28 09:08:12 ----D---- C:\Documents and Settings\Jacques\Application Data\Mozilla
2008-12-28 09:07:59 ----D---- C:\Program Files\Mozilla Firefox
2008-12-28 08:41:24 ----D---- C:\Documents and Settings\Jacques\Application Data\Windows Live Writer
2008-12-27 19:31:31 ----D---- C:\Documents and Settings\Jacques\Application Data\ACD Systems
2008-12-27 19:28:15 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-12-27 19:28:06 ----D---- C:\Program Files\Fichiers communs\ACD Systems
2008-12-27 19:28:06 ----D---- C:\Program Files\ACD Systems
2008-12-27 16:55:57 ----D---- C:\Program Files\Incomplete
2008-12-27 16:03:19 ----SHD---- C:\#GDATA.Trash.Store#
2008-12-27 16:03:02 ----D---- C:\Program Files\G DATA
2008-12-27 16:03:02 ----D---- C:\Program Files\Fichiers communs\G DATA
2008-12-27 16:03:02 ----D---- C:\Documents and Settings\All Users\Application Data\G DATA
======List of files/folders modified in the last 1 months======
2009-01-20 09:20:59 ----D---- C:\WINDOWS\Prefetch
2009-01-20 09:19:39 ----D---- C:\WINDOWS\Temp
2009-01-20 08:12:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-20 08:11:59 ----D---- C:\WINDOWS\system32
2009-01-19 22:22:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-19 22:22:29 ----D---- C:\WINDOWS
2009-01-19 17:25:56 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-19 17:19:15 ----SHD---- C:\WINDOWS\Installer
2009-01-19 17:19:09 ----D---- C:\Config.Msi
2009-01-19 17:19:07 ----RD---- C:\Program Files
2009-01-19 17:19:07 ----D---- C:\WINDOWS\system32\drivers
2009-01-19 17:19:07 ----D---- C:\WINDOWS\Help
2009-01-18 12:44:21 ----SD---- C:\Documents and Settings\Jacques\Application Data\Microsoft
2009-01-18 12:29:35 ----D---- C:\Program Files\Winamp
2009-01-18 12:25:23 ----D---- C:\Documents and Settings\Jacques\Application Data\Uniblue
2009-01-18 11:46:21 ----D---- C:\Program Files\Bonjour
2009-01-17 11:04:36 ----D---- C:\Program Files\eMule
2009-01-16 20:16:00 ----HD---- C:\WINDOWS\inf
2009-01-16 18:47:32 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-15 19:52:18 ----SHD---- C:\System Volume Information
2009-01-15 19:52:18 ----D---- C:\WINDOWS\system32\Restore
2009-01-15 09:41:09 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-15 09:40:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-15 09:40:28 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-14 09:54:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-14 09:50:28 ----D---- C:\WINDOWS\system32\DirectX
2009-01-12 09:37:58 ----D---- C:\Documents and Settings\Jacques\Application Data\Nikon
2009-01-12 09:33:00 ----D---- C:\Program Files\Fichiers communs\Nikon
2009-01-12 09:32:12 ----D---- C:\Documents and Settings\All Users\Application Data\Ultima_T15
2009-01-12 09:32:12 ----D---- C:\Documents and Settings\All Users\Application Data\EnterNHelp
2009-01-11 13:27:17 ----D---- C:\Program Files\Fichiers communs
2009-01-11 13:11:04 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-11 10:30:10 ----D---- C:\Documents and Settings\Jacques\Application Data\Vso
2009-01-10 17:36:00 ----A---- C:\WINDOWS\system.ini
2009-01-10 17:35:25 ----D---- C:\WINDOWS\AppPatch
2009-01-10 17:25:04 ----RASH---- C:\boot.ini
2009-01-10 02:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-07 09:42:23 ----SD---- C:\WINDOWS\Tasks
2009-01-07 09:41:06 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-01-02 18:19:42 ----D---- C:\Program Files\Adobe
2009-01-02 17:26:00 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-02 17:25:56 ----D---- C:\Program Files\Fichiers communs\Apple
2009-01-02 11:15:45 ----D---- C:\Documents and Settings\Jacques\Application Data\Adobe
2008-12-29 17:17:27 ----D---- C:\Program Files\LimeWire
2008-12-29 09:50:37 ----D---- C:\Documents and Settings\Jacques\Application Data\LimeWire
2008-12-29 08:47:20 ----D---- C:\WINDOWS\Minidump
2008-12-29 08:47:13 ----D---- C:\Program Files\WinRAR
2008-12-29 08:47:13 ----D---- C:\Documents and Settings\Jacques\Application Data\uTorrent
2008-12-29 08:47:05 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-28 17:59:46 ----D---- C:\Documents and Settings\Jacques\Application Data\Google
2008-12-28 17:58:55 ----D---- C:\Program Files\Google
2008-12-28 14:31:14 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-28 14:29:07 ----D---- C:\Program Files\Windows Media Player
2008-12-28 10:19:07 ----D---- C:\Program Files\NetMeeting
2008-12-28 09:35:43 ----D---- C:\Program Files\Fichiers communs\Adobe
2008-12-27 16:35:17 ----D---- C:\Documents and Settings\Jacques\Application Data\vlc
2008-12-27 16:28:42 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 GRD;G DATA Rootkit Detector Driver; \??\C:\WINDOWS\system32\drivers\GRD.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-07 278984]
R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-10-07 25416]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-21 3299840]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 93696]
R3 GDMnIcpt;GDMnIcpt; \??\C:\WINDOWS\system32\drivers\MiniIcpt.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HookCentre;HookCentre; \??\C:\WINDOWS\system32\drivers\HookCentre.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-06 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-08 14604]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys []
S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-07-09 52096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-11 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 P1370Aud;Creative WebCam Audio Control; \??\C:\WINDOWS\system32\Drivers\P1370Aud.sys []
S3 P1370Aul;PD1370 Lower Filter Driver; \??\C:\WINDOWS\system32\Drivers\P1370Aul.sys []
S3 P1370VID;Live! Cam Voice; C:\WINDOWS\system32\DRIVERS\P1370Vid.sys [2006-04-10 179328]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 UltraMonMirror;UltraMonMirror; C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys []
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-04 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-21 573440]
R2 AVKProxy;G DATA AntiVirus Proxy; C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-11-24 1016904]
R2 AVKService;Planificateur G DATA; C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
R2 AVKWCtl;Gardien d'AntiVirus; C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-09-08 1185496]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2004-05-17 184320]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
R3 GDFwSvc;Pare-feu personnel G DATA; C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-10-30 1407976]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]
S2 AVP;Kaspersky Anti-Virus 6.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r []
S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-01 654848]
S3 G DATA Tuner Service;G DATA Tuner Service; C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe []
S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2008-12-11 98488]
S3 Service de sauvegarde G DATA;Service de sauvegarde G DATA; C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-10-28 880200]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-01-07 355584]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2009-01-20 09:21:09
======Uninstall list======
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x40c
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2d3 SteadyMove for Adobe Premiere Pro-->MsiExec.exe /I{94118D5F-2D5D-4BF5-9F84-11FB8A97B566}
ACDSee Pro 2-->MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{5D2398DF-3022-4820-93BA-F1175FBEA9CA}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{21C4D775-368A-46C4-8DC3-4207165B7115}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Ajouter ou supprimer Adobe Creative Suite 3 Master Collection-->C:\Program Files\Fichiers communs\Adobe\Installers\b5d5789539ea1f004a4defceea74312\Setup.exe
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class
ISPLAY -clean
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c
Camera Control Pro 2-->MsiExec.exe /X{FE96C49B-DB90-405E-A00E-09E38372F880}
Camera Control Pro-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C2CD0BD-A92E-499A-862A-60900946739B}\Setup.exe" -l0x40c -removeonly
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x40c UNINST
Capture NX-->C:\Program Files\Nikon\Capture NX\uninstall.exe
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Clean Virus MSN-->"C:\Program Files\AxBx\Clean Virus MSN\unins000.exe"
Contextual Tool Milehighads-->C:\WINDOWS\system32\cont_milehighads-remove.exe
ConvertXtoDVD 3.2.1.55b-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative Live! Cam Voice Driver (1.01.02.0410)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script PD1370.uns -unsext NT -plugin P1370Pin.dll -pluginres CtCamPin.crl
Creative Photo Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x40c /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove
Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
Creative WebCam Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x40c /remove
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
DFX for Winamp-->"C:\Program Files\Winamp\uninstall_dfx.exe"
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Print CD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x40c -SYSTEM
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus Photo RX685_690 Manuel-->C:\Program Files\EPSON\TPMANUAL\ESPRX685_690\FRA\USE_G\DOCUNINS.EXE
ffdshow [rev 497] [2006-11-04]-->"C:\Program Files\ffdshow\unins000.exe"
forteManager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}\setup.exe" -l0x40c -removeonly
Foxmail 5.0 Fr.-->"C:\Program Files\Foxmail\unins000.exe"
G DATA TotalCare-->MsiExec.exe /I{9CBC3C1F-310E-4C4F-89E2-1B8D6C902BF2}
Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
Galerie de photos Windows Live-->MsiExec.exe /X{43563ACB-371B-4C58-8979-B192B390424C}
Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x40c -removeonly
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Jacques\Mes documents\TELECHARGEMENT\hitjackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Le pic rouge-->"C:\Program Files\Anuman interactive\Le pic rouge\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Lightroom-->MsiExec.exe /I{D4134B0B-EA9B-4835-A77A-60BEE6277101}
LimeWire PRO 4.14.8-->"C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaCoder 0.6.1-->C:\Program Files\MediaCoder\uninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
MFC80-->MsiExec.exe /I{818CBFBE-F23E-45E3-B67B-55FBCF945F37}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour de sécurité pour le Codeur Windows Media (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
Nero 8-->MsiExec.exe /X{BE282C23-5484-47FF-B2C1-EBEA5C891036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon Message Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x40c UNINSTALL
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
O&O Defrag Professional Edition-->MsiExec.exe /I{53480520-7555-470E-8C69-750B0472B4BB}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x40c -removeonly
RON Tool Milehighads-->C:\WINDOWS\system32\rmnajrfcoebsfdb.exe
Search Assistant Mysidesearch-->C:\WINDOWS\system32\pujaruyrydgs.dll-uninst.exe
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe
SFR - Media Center-->C:\Program Files\SFR\Media Center\uninstall.exe
SiSoftware Sandra Lite 2009.SP2-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TreeSize Free V2.2.1-->"C:\Program Files\JAM Software\TreeSize Free\unins000.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Uniblue Registry Booster-->"C:\Program Files\Uniblue\Registry Booster\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
Utilitaire Effets vidéos avancés-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D0803DB-8FC8-4C97-AE1F-1C3DCA357B01}\setup.exe" -l0x40c /remove
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
ViewNX-->MsiExec.exe /X{F007CBCE-D714-4C0B-8CE9-9B0D78116468}
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VSO Image Resizer 2.0.2-->"C:\Program Files\VSO\Image Resizer\unins000.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
======Hosts File======
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
======Security center information======
AV: G DATA TotalCare 2009
FW: Pare-feu personnel G DATA
System event log
Computer Name: JACK
Event Code: 15
Message: Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Record Number: 85041
Source Name: Cdrom
Time Written: 20090117094513.000000+060
Event Type: erreur
User:
Computer Name: JACK
Event Code: 15
Message: Le périphérique \Device\CdRom1 n'est pas encore prêt à être accédé.
Record Number: 85040
Source Name: Cdrom
Time Written: 20090117094512.000000+060
Event Type: erreur
User:
Computer Name: JACK
Event Code: 15
Message: Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Record Number: 85039
Source Name: Cdrom
Time Written: 20090117094512.000000+060
Event Type: erreur
User:
Computer Name: JACK
Event Code: 15
Message: Le périphérique \Device\CdRom1 n'est pas encore prêt à être accédé.
Record Number: 85038
Source Name: Cdrom
Time Written: 20090117094511.000000+060
Event Type: erreur
User:
Computer Name: JACK
Event Code: 15
Message: Le périphérique \Device\CdRom0 n'est pas encore prêt à être accédé.
Record Number: 85037
Source Name: Cdrom
Time Written: 20090117094511.000000+060
Event Type: erreur
User:
Application event log
Computer Name: JACK
Event Code: 1
Message:
Record Number: 2113
Source Name: Bonjour Service
Time Written: 20081107134439.000000+060
Event Type: Informations
User:
Computer Name: JACK
Event Code: 105
Message: The service was started.
Record Number: 2112
Source Name: ATI Smart
Time Written: 20081107134437.000000+060
Event Type: Informations
User:
Computer Name: JACK
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 2111
Source Name: SecurityCenter
Time Written: 20081107091404.000000+060
Event Type: Informations
User:
Computer Name: JACK
Event Code: 0
Message:
Record Number: 2110
Source Name: RichVideo
Time Written: 20081107091404.000000+060
Event Type: Informations
User:
Computer Name: JACK
Event Code: 105
Message: The service was started.
Record Number: 2109
Source Name: PLFlash DeviceIoControl Service
Time Written: 20081107091403.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=1707
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2
-----------------EOF-----------------
Re,
Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
:files
|
Double clique sur OTMoveIt3.exe afin de le lancer.
Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Répondre à Angeldark
Error: Unable to interpret <files > in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\nsk1E.dll > in the current context!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5262860b-be9d-c70d-f1ee-af145c648bbb}\\ deleted successfully.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_161855
J'ai pas l'impression que cela à fonctionné??? mais bon ... je refais une tentative
là c'est pas prareil.... c'est p'tet mieux non?
========== FILES ==========
C:\WINDOWS\system32\nsk1E.dll unregistered successfully.
C:\WINDOWS\system32\nsk1E.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5262860b-be9d-c70d-f1ee-af145c648bbb}\\ not found.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_162336
Euh ,
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Euh....! ben c'est ce que j'ai fais 2 x ???
je recommence donc le
1erError: Unable to interpret <files > in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\nsk1E.dll > in the current context!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5262860b-be9d-c70d-f1ee-af145c648bbb}\\ deleted successfully.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_161855
le 2ème
========== FILES ==========
C:\WINDOWS\system32\nsk1E.dll unregistered successfully.
C:\WINDOWS\system32\nsk1E.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5262860b-be9d-c70d-f1ee-af145c648bbb}\\ not found.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_162336
Tu peux patienter aussi ?
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:44:00, on 21/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Jacques\Mes documents\TELECHARGEMENT\hitjackThis\Jacques.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 3289113812
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareup [...] /CTPID.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 12485 bytes
Refais un scan Combofix stp. C'est mieux déjà nan ?
Répondre à Angeldark
Oui en effet j'ai l'impression que cela va mieux...curieux de voir si des pages dde pub vont encore s'ouvrir...
voici le dernier rapport....
ComboFix 09-01-20.05 - Jacques 2009-01-21 17:24:51.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.3326.2308 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jacques\Mes documents\TELECHARGEMENT\ComboFix\ComboFix.exe
AV: G DATA TotalCare 2009 *On-access scanning disabled* (Updated)
FW: Pare-feu personnel G DATA *disabled*
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-21 au 2009-01-21 ))))))))))))))))))))))))))))))))))))
.
2009-01-20 16:18 . 2009-01-20 16:18 <REP> d-------- C:\_OTMoveIt
2009-01-20 13:22 . 2009-01-20 13:22 <REP> d-------- c:\documents and settings\All Users\Application Data\IM
2009-01-20 13:21 . 2009-01-20 13:21 <REP> d-------- c:\program files\IncrediMail
2009-01-20 13:21 . 2009-01-20 13:21 <REP> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
2009-01-20 09:20 . 2009-01-20 09:21 <REP> d-------- C:\rsit
2009-01-20 08:11 . 2009-01-21 15:30 873 --a------ c:\windows\system32\OODBS.lor
2009-01-19 22:22 . 2009-01-19 22:22 109 --a------ c:\windows\oodcnt.INI
2009-01-19 18:02 . 2009-01-19 18:02 <REP> d-------- c:\windows\system32\oodag
2009-01-19 17:19 . 2009-01-19 17:19 <REP> d-------- c:\program files\OO Software
2009-01-19 10:40 . 2009-01-19 10:40 <REP> d-------- c:\program files\Defraggler
2009-01-18 12:29 . 2009-01-18 12:29 <REP> d-------- c:\program files\Dfx
2009-01-18 12:29 . 2009-01-18 12:29 274,432 --a------ c:\windows\system32\dfxg11.dll
2009-01-18 12:25 . 2009-01-18 12:25 <REP> d-------- c:\program files\Uniblue
2009-01-14 11:22 . 2009-01-14 11:22 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-14 09:54 . 2009-01-14 09:54 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-01-14 09:50 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-01-14 09:50 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-01-14 09:50 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-01-14 09:50 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-01-14 09:50 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-01-14 09:50 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-01-14 09:50 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-01-14 09:43 . 2009-01-14 09:43 <REP> d-------- c:\program files\SiSoftware
2009-01-12 09:39 . 2009-01-12 09:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Vocal Transformer
2009-01-12 09:32 . 2009-01-13 11:39 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
2009-01-11 15:05 . 2009-01-11 15:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Documentation
2009-01-11 15:01 . 2009-01-20 10:45 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdy.DAT
2009-01-11 13:56 . 2009-01-11 13:56 0 --a------ c:\windows\ViewNX.INI
2009-01-11 13:32 . 2009-01-11 13:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Database
2009-01-11 13:32 . 2009-01-11 18:37 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Nikon
2009-01-11 13:26 . 2009-01-11 13:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Commands
2009-01-11 13:26 . 2009-01-11 13:53 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-01-11 13:10 . 2009-01-12 09:32 <REP> d-------- c:\program files\Nikon
2009-01-11 13:10 . 2009-01-20 10:43 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLeh.DAT
2009-01-11 11:01 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-11 11:01 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-10 19:02 . 2009-01-10 19:02 <REP> d-------- c:\documents and settings\Jacques\Application Data\Babylon
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\Jacques\Application Data\Malwarebytes
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 16:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 16:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-07 09:42 . 2009-01-07 09:42 <REP> d-------- c:\documents and settings\Jacques\Application Data\TuneUp Software
2009-01-07 09:42 . 2009-01-07 09:42 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-07 09:42 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2009-01-07 09:41 . 2009-01-07 09:45 <REP> d-------- c:\program files\TuneUp Utilities 2008
2009-01-07 09:41 . 2009-01-07 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-07 09:30 . 2009-01-07 09:30 <REP> d-------- c:\program files\AxBx
2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\program files\JAM Software
2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\documents and settings\Jacques\Application Data\JAM Software
2009-01-03 12:34 . 2009-01-18 10:04 156 --a------ c:\windows\Twunk001.MTX
2009-01-03 12:34 . 2009-01-18 10:04 5 --a------ c:\windows\Twain001.Mtx
2009-01-03 12:34 . 2009-01-03 12:34 0 --a------ c:\windows\Twunk002.MTX
2009-01-03 10:15 . 2009-01-09 15:31 85,239 --a------ c:\windows\system32\cont_milehighads-remove.exe
2009-01-03 10:15 . 2009-01-03 10:15 68,513 --a------ c:\windows\system32\pujaruyrydgs.dll-uninst.exe
2009-01-03 10:15 . 2009-01-03 10:15 47,576 --a------ c:\windows\system32\rmnajrfcoebsfdb.exe
2009-01-02 13:46 . 2009-01-02 17:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\PixVue
2009-01-02 08:28 . 2008-04-01 13:23 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-01-02 08:28 . 2008-04-01 13:23 118,056 --------- c:\windows\system32\pxcpyi64.exe
2008-12-28 09:08 . 2008-12-28 09:08 0 --a------ c:\windows\nsreg.dat
2008-12-28 08:41 . 2008-12-28 08:41 <REP> d-------- c:\documents and settings\Jacques\Application Data\Windows Live Writer
2008-12-27 19:31 . 2008-12-27 19:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\Fichiers communs\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2008-12-27 16:55 . 2009-01-17 09:28 <REP> d-------- c:\program files\Incomplete
2008-12-27 16:32 . 2008-12-27 16:32 68,424 --a------ c:\windows\system32\drivers\GRD.sys
2008-12-27 16:30 . 2009-01-21 17:27 121,845,792 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-27 16:30 . 2009-01-21 17:27 1,577,504 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-27 16:30 . 2009-01-21 10:38 1,437,332 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-27 16:30 . 2009-01-21 10:38 155,000 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-27 16:04 . 2008-12-27 16:25 48,712 --a------ c:\windows\system32\drivers\MiniIcpt.sys
2008-12-27 16:04 . 2008-12-27 16:25 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys
2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\G DATA
2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\Fichiers communs\G DATA
2008-12-27 16:03 . 2008-12-27 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
2008-12-27 16:03 . 2008-12-29 08:48 <REP> d--hs---- C:\#GDATA.Trash.Store#
2008-12-27 16:03 . 2008-12-27 16:31 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
2008-12-27 16:03 . 2008-12-27 16:03 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 15:14 --------- d-----w c:\program files\eMule
2009-01-18 11:29 --------- d-----w c:\program files\Winamp
2009-01-18 11:25 --------- d-----w c:\documents and settings\Jacques\Application Data\Uniblue
2009-01-18 10:46 --------- d-----w c:\program files\Bonjour
2009-01-15 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-12 08:37 --------- d-----w c:\documents and settings\Jacques\Application Data\Nikon
2009-01-12 08:33 --------- d-----w c:\program files\Fichiers communs\Nikon
2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
2009-01-11 12:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 09:30 --------- d-----w c:\documents and settings\Jacques\Application Data\Vso
2009-01-07 08:41 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-02 16:25 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-29 16:17 --------- d-----w c:\program files\LimeWire
2008-12-29 08:50 --------- d-----w c:\documents and settings\Jacques\Application Data\LimeWire
2008-12-29 07:47 --------- d-----w c:\documents and settings\Jacques\Application Data\uTorrent
2008-12-28 16:58 --------- d-----w c:\program files\Google
2008-12-28 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-27 15:35 --------- d-----w c:\documents and settings\Jacques\Application Data\vlc
2008-12-27 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-19 15:34 --------- d-----w c:\program files\Xvid
2008-12-18 09:02 --------- d-----w c:\documents and settings\Jacques\Application Data\muvee Technologies
2008-12-18 09:02 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-12-18 08:39 --------- d-----w c:\program files\iTunes
2008-12-18 08:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-18 08:38 --------- d-----w c:\program files\QuickTime
2008-12-18 08:38 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-18 08:30 --------- d-----w c:\program files\Creative
2008-12-18 08:21 --------- d-----w c:\documents and settings\Jacques\Application Data\Creative
2008-12-18 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
2008-12-18 07:21 --------- d-----w c:\program files\Windows Live
2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-12-18 07:20 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-18 07:18 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-18 07:18 --------- d-----w c:\program files\Microsoft
2008-12-17 19:10 --------- d-----w c:\documents and settings\Jacques\Application Data\EPSON
2008-12-17 09:34 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-15 09:18 --------- d-----w c:\program files\Activision
2008-12-14 18:56 --------- d-----w c:\program files\SFR
2008-12-14 09:17 --------- d-----w c:\program files\Java
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 20:20 16,608 ----a-w c:\windows\gdrv.sys
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-04 20:46 180,224 ----a-w c:\windows\system32\xvidvfw.dll
2008-12-04 20:42 815,104 ----a-w c:\windows\system32\xvidcore.dll
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-12-01 05:58 --------- d-----w c:\program files\CyberLink
2008-12-01 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-28 16:13 --------- d-----w c:\documents and settings\Jacques\Application Data\Winamp
2008-11-28 15:49 --------- d-----w c:\program files\Fichiers communs\CyberLink
2008-11-28 15:47 29,480 ----a-w c:\windows\system32\msxml3a.dll
2008-11-26 00:04 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2008-11-24 10:52 --------- d-----w c:\program files\Foxmail
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-24 13:40 22,328 ----a-w c:\documents and settings\Jacques\Application Data\PnkBstrK.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-06 18:24 47,360 ----a-w c:\documents and settings\Jacques\Application Data\pcouffin.sys
2009-01-05 19:02 652,288 ----a-w c:\program files\mozilla firefox\components\nsmilehighads.dll
2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092920081006\index.dat
2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101120081012\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-10_17.28.59,78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-19 16:19:09 18,646 ----a-r c:\windows\Installer\{53480520-7555-470E-8C69-750B0472B4BB}\ARPPRODUCTICON.exe
+ 2009-01-19 16:19:09 57,344 ----a-r c:\windows\Installer\{53480520-7555-470E-8C69-750B0472B4BB}\NewShortcut3.53480DE0_BEBF_45BA_BF20_24D2DA550CAA.exe
+ 2009-01-19 16:19:09 57,344 ----a-r c:\windows\Installer\{53480520-7555-470E-8C69-750B0472B4BB}\NewShortcut5_1.53480DE0_BEBF_45BA_BF20_24D2DA550CAA.exe
+ 2009-01-11 12:11:10 10,134 ----a-r c:\windows\Installer\{818CBFBE-F23E-45E3-B67B-55FBCF945F37}\ARPPRODUCTICON.exe
- 2008-12-10 19:45:33 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-01-15 08:41:12 1,165,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-12-10 19:45:33 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-01-15 08:41:12 20,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-12-10 19:45:33 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-01-15 08:41:12 159,504 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-12-10 19:45:33 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2009-01-15 08:41:12 217,864 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-12-10 19:45:34 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-01-15 08:41:12 18,704 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-12-10 19:45:34 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-01-15 08:41:12 35,088 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-12-10 19:45:33 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-01-15 08:41:12 845,584 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-12-10 19:45:33 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-01-15 08:41:12 922,384 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-12-10 19:45:33 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-01-15 08:41:12 272,648 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-12-10 19:45:34 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-01-15 08:41:12 888,080 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-12-10 19:45:33 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-15 08:41:12 1,172,240 ----a-r c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-01-11 12:32:24 8,854 ----a-r c:\windows\Installer\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}\New_Shortcut_F007CBCED7144C0B8CE99B0D78116468.exe
+ 2009-01-11 12:32:24 409,600 ----a-r c:\windows\Installer\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}\NewShortcut3_F007CBCED7144C0B8CE99B0D78116468.exe
+ 2009-01-11 12:32:24 409,600 ----a-r c:\windows\Installer\{F007CBCE-D714-4C0B-8CE9-9B0D78116468}\NewShortcut4_F007CBCED7144C0B8CE99B0D78116468.exe
+ 2009-01-11 14:02:06 393,216 ----a-r c:\windows\Installer\{FE96C49B-DB90-405E-A00E-09E38372F880}\ARPPRODUCTICON.exe
+ 2009-01-11 14:02:06 8,854 ----a-r c:\windows\Installer\{FE96C49B-DB90-405E-A00E-09E38372F880}\New_Shortcut_4C2CD0BDA92E499A862A60900946739B.exe
+ 2009-01-11 14:02:06 393,216 ----a-r c:\windows\Installer\{FE96C49B-DB90-405E-A00E-09E38372F880}\NewShortcut1_4C2CD0BDA92E499A862A60900946739B.exe
+ 2009-01-11 14:02:06 393,216 ----a-r c:\windows\Installer\{FE96C49B-DB90-405E-A00E-09E38372F880}\NewShortcut4_FE96C49BDB90405EA00E09E38372F880.exe
- 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 -c----w c:\windows\system32\dllcache\srv.sys
+ 2004-05-17 12:01:46 26,624 ----a-w c:\windows\system32\drivers\oobctm.sys
+ 2005-05-16 18:34:48 213,048 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 14:03:26 65,536 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 14:03:26 798,720 ----a-w c:\windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2003-03-19 12:28:40 2,179,072 ----a-w c:\windows\system32\mfc71d.dll
+ 2006-12-01 23:25:52 1,101,824 ----a-w c:\windows\system32\mfc80.dll
+ 2006-12-01 23:25:56 1,093,120 ----a-w c:\windows\system32\mfc80u.dll
+ 2006-12-01 23:25:58 69,632 ----a-w c:\windows\system32\mfcm80.dll
+ 2006-12-01 23:26:00 57,856 ----a-w c:\windows\system32\mfcm80u.dll
- 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2006-12-01 21:54:32 479,232 ----a-w c:\windows\system32\msvcm80.dll
+ 2003-03-19 11:04:24 765,952 ----a-w c:\windows\system32\msvcp71d.dll
+ 2006-12-01 21:54:34 548,864 ----a-w c:\windows\system32\msvcp80.dll
+ 2003-03-19 11:03:52 544,768 ----a-w c:\windows\system32\msvcr71d.dll
+ 2006-12-01 21:54:32 626,688 ----a-w c:\windows\system32\msvcr80.dll
+ 2004-05-17 13:57:00 184,320 ----a-w c:\windows\system32\oodag.exe
+ 2004-05-17 13:52:24 11,776 ----a-w c:\windows\system32\oodagmg.dll
+ 2004-05-17 13:54:46 3,584 ----a-w c:\windows\system32\oodagrs.dll
+ 2004-05-17 14:07:04 95,639 ----a-w c:\windows\system32\oodbs.exe
+ 2004-05-17 14:07:16 4,096 ----a-w c:\windows\system32\oodbsrs.dll
+ 2004-05-17 12:02:10 9,216 ----a-w c:\windows\system32\ootmapi.dll
- 2006-09-25 16:58:48 14,640 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
+ 2009-01-21 08:40:06 39,332 ----a-w c:\windows\Temp\cteng_1_1_111232517903.dat
+ 2009-01-21 14:41:02 37,536 ----a-w c:\windows\Temp\cteng_1_1_121232546455.dat
+ 2009-01-19 17:30:22 44,456 ----a-w c:\windows\Temp\cteng_1_1_131232384699.dat
+ 2009-01-20 10:25:02 39,484 ----a-w c:\windows\Temp\cteng_1_1_141232446973.dat
+ 2009-01-21 14:41:02 32,776 ----a-w c:\windows\Temp\cteng_1_1_161232544939.dat
+ 2009-01-20 11:15:51 95,524 ----a-w c:\windows\Temp\cteng_1_1_181232449496.dat
+ 2009-01-19 14:08:52 37,096 ----a-w c:\windows\Temp\cteng_1_1_201232373899.dat
+ 2009-01-21 08:40:06 34,240 ----a-w c:\windows\Temp\cteng_1_1_211232525101.dat
+ 2009-01-11 08:14:16 34,476 ----a-w c:\windows\Temp\cteng_1_1_221231648038.dat
+ 2009-01-21 16:19:14 40,192 ----a-w c:\windows\Temp\cteng_1_1_231232553798.dat
+ 2009-01-21 14:41:02 39,136 ----a-w c:\windows\Temp\cteng_1_1_41232546492.dat
+ 2009-01-21 14:41:02 37,308 ----a-w c:\windows\Temp\cteng_1_1_71232546507.dat
+ 2009-01-20 12:24:50 42,436 ----a-w c:\windows\Temp\cteng_1_1_81232453382.dat
+ 2009-01-19 15:29:40 44,864 ----a-w c:\windows\Temp\cteng_1_1_91232376641.dat
+ 2009-01-21 15:41:04 363,656 ----a-w c:\windows\Temp\cteng_1_2_131232552290.dat
+ 2009-01-20 10:25:02 295,552 ----a-w c:\windows\Temp\cteng_1_2_141232446962.dat
+ 2009-01-18 09:05:52 237,148 ----a-w c:\windows\Temp\cteng_1_2_151232269371.dat
+ 2009-01-20 13:44:44 206,088 ----a-w c:\windows\Temp\cteng_1_2_161232458044.dat
+ 2009-01-21 14:41:03 276,436 ----a-w c:\windows\Temp\cteng_1_2_171232536580.dat
+ 2009-01-18 09:00:47 333,328 ----a-w c:\windows\Temp\cteng_1_2_181232208268.dat
+ 2009-01-18 16:45:55 357,832 ----a-w c:\windows\Temp\cteng_1_2_201232294226.dat
+ 2009-01-21 08:40:08 303,388 ----a-w c:\windows\Temp\cteng_1_2_211232520260.dat
+ 2009-01-18 11:44:19 298,420 ----a-w c:\windows\Temp\cteng_1_2_221232276440.dat
+ 2009-01-21 14:41:03 356,448 ----a-w c:\windows\Temp\cteng_1_2_231232530104.dat
+ 2009-01-19 09:17:40 175,904 ----a-w c:\windows\Temp\cteng_1_2_251232335808.dat
+ 2009-01-21 14:41:04 237,920 ----a-w c:\windows\Temp\cteng_1_2_261232540524.dat
+ 2009-01-19 09:17:40 284,256 ----a-w c:\windows\Temp\cteng_1_2_271232345088.dat
+ 2009-01-21 14:41:04 286,212 ----a-w c:\windows\Temp\cteng_1_2_281232537233.dat
+ 2009-01-21 16:19:14 345,792 ----a-w c:\windows\Temp\cteng_1_2_291232553913.dat
+ 2009-01-21 14:41:05 305,056 ----a-w c:\windows\Temp\cteng_1_2_301232540197.dat
+ 2009-01-21 08:40:09 219,196 ----a-w c:\windows\Temp\cteng_1_2_311232486485.dat
+ 2009-01-21 08:40:10 199,780 ----a-w c:\windows\Temp\cteng_1_2_331232522784.dat
+ 2009-01-20 08:11:05 288,208 ----a-w c:\windows\Temp\cteng_1_2_341232436999.dat
+ 2009-01-15 14:14:49 253,424 ----a-w c:\windows\Temp\cteng_1_2_41232028280.dat
+ 2009-01-21 14:41:05 272,052 ----a-w c:\windows\Temp\cteng_1_2_71232546505.dat
+ 2009-01-21 14:30:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_320.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2006-09-28 1396736]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-01-15 251264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]
c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]
c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
-ra------ 2008-04-11 19:50 347648 c:\documents and settings\Jacques\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53773:TCP"= 53773:TCP:emule tcp
"16399:UDP"= 16399:UDP:emule udp
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-12-27 22272]
R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2008-12-27 68424]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-30 93696]
R3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-08-15 1407976]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-12-27 48712]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2008-12-27 32328]
R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50:32 61424]
R4 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 1016904]
R4 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
R4 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-08-14 1185496]
R4 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2008-12-27 51016]
S3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-02 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-02 13312]
S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-12-18 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-12-18 4992]
S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-12-18 179328]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-01-14 98488]
S3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-08-22 880200]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b77caa-8f11-11dd-b90a-806d6172696f}]
\Shell\AutoRun\command - J:\Launch.exe
.
Contenu du dossier 'Tâches planifiées'
2009-01-21 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-BDRegion - c:\program files\Cyberlink\Shared Files\brs.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel
FF - ProfilePath - c:\documents and settings\Jacques\Application Data\Mozilla\Firefox\Profiles\4z3izwmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - MyStart Rechercher
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - component: c:\program files\Mozilla Firefox\components\nsmilehighads.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
=);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-21 17:27:26
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1960408961-117609710-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:70,cd,3d,9f,fb,04,c1,88,c0,3e,16,1e,95,be,42,cc,fa,39,1c,35,e6,
2d,56,91,6c,33,af,ce,f6,84,81,11,ec,51,3a,92,4c,df,b4,99,e4,d6,00,b8,34,a8,\
"rkeysecu"=hex:90,35,3a,83,0b,f6,a1,91,59,e3,93,c8,c6,aa,5b,5e
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:fa,1f,4e,6a,ec,41,da,68,df,fc,f3,f4,de,48,a5,31,bb,39,42,b8,86,
01,c2,3b,5b,da,78,a1,ba,6d,f1,8d,29,20,7d,eb,8e,55,d4,52,64,e4,9c,d9,a3,d9,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="55B7733310162CB888C7860131300449D1A069E7434D25A4272B8D9A8E07EE98BB6238A8497947BEF678953B72B4D239B78CA1D8842E8B0068E8E3BA6B511FBF61D7F1B5D3981EC9238550AFC7B57E13547293A59AD0E93E1B755B42A54D6240C04F1D05D3A82D09A1CD397981E318C679FAE47AA27C86B270E1628C47F953EB85640CC36005836EBD15A6B5E2134388ADB211862FA0376ECAA5387BCE0020D71013612305AC442FF382C088A4B9B94DAC0AE57E42FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D1407789133A894319A28CE3858370EDD2A2F47931148E4143B99EAC0FA1F699C57B512EC513F7435EFAA569A25B6977BA3A60E2C302DE2AA95DCCD4A304BB39BD0508D0F56709CA2C4F14B0D46305039478BCC17A5302B712BFC60E838C6434268C741148FF00A9D536D7CBEC9967D5C5F1BEC38E0A06F75F925C4D7055AD281ED542A29902A211ADA025EF48411CD81BC867C0B1502C41581734064CA89001E301FE3142FBA2BE21D0707088C79519532F1AA1B3B0D2586C7F83DF003074E328649332A84F250956148B364BCDDFADB18F74D8A102CECCE553D4AF3EA3C23A84BE500D7EFD82324F185C30AB482A56ACA24DD0E9200DDCB353917788344C9435AF9D31B122695D21EF33C0C575C8C2E287778EE86DA1E2CF95C7B1B92F26F969682DC89D2487D3EB8BA43144C164EE315685D8B764436743706718F20C8A80B66EDEFC7DB6019D11775A6DEFD8F729FF7DE73D3ABF7157B068E151C7901695F311E82149AC386CF143654BB1CD8DF473EB7C14DB7E60A6E02BFAA9AB0078DA165EB303B417D49CE8FFEE10F99BB6216D5C47692EEB24B4B4DD595799A7B53387521B620C64948B6EBC785D0ADAFAB1A34CA614FE93373678C05E1B9CFB35C5B57FD7ABCE49ACF480F7E9D0F54E4CE38CE02F74583757DE9E6F13D73AE37B0188334029999158E13648028674BBD45A42318D2CADB374DCD8A387850D74239CFF76BF8D8A713977D5A25C91096D0EA6B31AEAF47D76C27E427E30A8E2F47C335B6BD2C2B94A16341E231C9CF7C6781EA7AD96E3920BDB4D071F78B01DEE80553453C10D7AA83CD6BF4E2940589812BD5882414B12085028AA26A3B0CD3001285ADE7BABC78AC145F0CE8B91E8BD1F034E5874B5508D282DDF6A5FA2D401965FD7CB86847CFC7DAD126686D21963DC05FA2F75EDECB6A8A6A2F07D06F18F5DC40431AF57AC532AACCC5F787A4015F6986525A3F9A244353231061E5F6150ABBA4996A676EB6FC6C2E72268354E60820AC0D0504690D89FAD162F90978B37E2859977CE4CD3FED72A735EF0273A7B67CA76E48E3C1C69C8210720BAC40B5"
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c5,20,54,f3,8a,c4,b9,7c,43,ed,04,81,39,df,4c,0d,b0,38,34,9a,85,
f1,ad,a4,17,a6,76,aa,18,8c,73,f1,58,ad,64,0c,51,f6,0b,17,79,65,c6,db,0d,1e,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-01-21 17:29:13
ComboFix-quarantined-files.txt 2009-01-21 16:29:09
ComboFix2.txt 2009-01-10 16:37:30
ComboFix3.txt 2009-01-10 16:30:08
Avant-CF: 27 596 783 616 octets libres
Après-CF: 28,278,452,224 octets libres
424 --- E O F --- 2009-01-15 08:41:14
Re,
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Rootkit::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" (les guillemets sont importantes).
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.
* le nom de la partition peut changer
Répondre à Angeldark
ComboFix 09-01-21.04 - Jacques 2009-01-22 19:06:40.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.3326.2441 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jacques\Mes documents\TELECHARGEMENT\ComboFix\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Jacques\Mes documents\pour botix\CFScript.txt
AV: G DATA TotalCare 2009 *On-access scanning disabled* (Updated)
FW: Pare-feu personnel G DATA *disabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\components\nsmilehighads.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-22 au 2009-01-22 ))))))))))))))))))))))))))))))))))))
.
2009-01-21 18:04 . 2009-01-21 18:04 <REP> d-------- c:\program files\Magentic
2009-01-21 18:04 . 2008-08-04 09:51 750,984 --a------ c:\windows\system32\Magentic Screensaver.scr
2009-01-20 16:18 . 2009-01-20 16:18 <REP> d-------- C:\_OTMoveIt
2009-01-20 13:22 . 2009-01-20 13:22 <REP> d-------- c:\documents and settings\All Users\Application Data\IM
2009-01-20 13:21 . 2009-01-20 13:21 <REP> d-------- c:\program files\IncrediMail
2009-01-20 13:21 . 2009-01-20 13:21 <REP> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
2009-01-20 09:20 . 2009-01-20 09:21 <REP> d-------- C:\rsit
2009-01-20 08:11 . 2009-01-22 19:11 1,746 --a------ c:\windows\system32\OODBS.lor
2009-01-19 22:22 . 2009-01-19 22:22 109 --a------ c:\windows\oodcnt.INI
2009-01-19 18:02 . 2009-01-19 18:02 <REP> d-------- c:\windows\system32\oodag
2009-01-19 17:19 . 2009-01-19 17:19 <REP> d-------- c:\program files\OO Software
2009-01-19 10:40 . 2009-01-19 10:40 <REP> d-------- c:\program files\Defraggler
2009-01-18 12:29 . 2009-01-18 12:29 <REP> d-------- c:\program files\Dfx
2009-01-18 12:29 . 2009-01-18 12:29 274,432 --a------ c:\windows\system32\dfxg11.dll
2009-01-18 12:25 . 2009-01-18 12:25 <REP> d-------- c:\program files\Uniblue
2009-01-14 11:22 . 2009-01-14 11:22 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-14 09:54 . 2009-01-14 09:54 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-01-14 09:50 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-01-14 09:50 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-01-14 09:50 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-01-14 09:50 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-01-14 09:50 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-01-14 09:50 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-01-14 09:50 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-01-14 09:43 . 2009-01-14 09:43 <REP> d-------- c:\program files\SiSoftware
2009-01-12 09:39 . 2009-01-12 09:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Vocal Transformer
2009-01-12 09:32 . 2009-01-13 11:39 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
2009-01-11 15:05 . 2009-01-11 15:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Documentation
2009-01-11 15:01 . 2009-01-20 10:45 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdy.DAT
2009-01-11 13:56 . 2009-01-11 13:56 0 --a------ c:\windows\ViewNX.INI
2009-01-11 13:32 . 2009-01-11 13:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Database
2009-01-11 13:32 . 2009-01-11 18:37 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Nikon
2009-01-11 13:26 . 2009-01-11 13:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Commands
2009-01-11 13:26 . 2009-01-11 13:53 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-01-11 13:10 . 2009-01-12 09:32 <REP> d-------- c:\program files\Nikon
2009-01-11 13:10 . 2009-01-20 10:43 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLeh.DAT
2009-01-11 11:01 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-11 11:01 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-10 19:02 . 2009-01-10 19:02 <REP> d-------- c:\documents and settings\Jacques\Application Data\Babylon
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\Jacques\Application Data\Malwarebytes
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 16:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 16:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-07 09:42 . 2009-01-07 09:42 <REP> d-------- c:\documents and settings\Jacques\Application Data\TuneUp Software
2009-01-07 09:42 . 2009-01-07 09:42 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-07 09:42 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2009-01-07 09:41 . 2009-01-07 09:45 <REP> d-------- c:\program files\TuneUp Utilities 2008
2009-01-07 09:41 . 2009-01-07 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-07 09:30 . 2009-01-07 09:30 <REP> d-------- c:\program files\AxBx
2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\program files\JAM Software
2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\documents and settings\Jacques\Application Data\JAM Software
2009-01-03 12:34 . 2009-01-18 10:04 156 --a------ c:\windows\Twunk001.MTX
2009-01-03 12:34 . 2009-01-18 10:04 5 --a------ c:\windows\Twain001.Mtx
2009-01-03 12:34 . 2009-01-03 12:34 0 --a------ c:\windows\Twunk002.MTX
2009-01-03 10:15 . 2009-01-09 15:31 85,239 --a------ c:\windows\system32\cont_milehighads-remove.exe
2009-01-03 10:15 . 2009-01-03 10:15 68,513 --a------ c:\windows\system32\pujaruyrydgs.dll-uninst.exe
2009-01-03 10:15 . 2009-01-03 10:15 47,576 --a------ c:\windows\system32\rmnajrfcoebsfdb.exe
2009-01-02 13:46 . 2009-01-02 17:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\PixVue
2009-01-02 08:28 . 2008-04-01 13:23 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-01-02 08:28 . 2008-04-01 13:23 118,056 --------- c:\windows\system32\pxcpyi64.exe
2008-12-28 09:08 . 2008-12-28 09:08 0 --a------ c:\windows\nsreg.dat
2008-12-28 08:41 . 2008-12-28 08:41 <REP> d-------- c:\documents and settings\Jacques\Application Data\Windows Live Writer
2008-12-27 19:31 . 2008-12-27 19:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\Fichiers communs\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2008-12-27 16:55 . 2009-01-17 09:28 <REP> d-------- c:\program files\Incomplete
2008-12-27 16:32 . 2008-12-27 16:32 68,424 --a------ c:\windows\system32\drivers\GRD.sys
2008-12-27 16:30 . 2009-01-22 19:15 122,255,392 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-27 16:30 . 2009-01-22 19:14 1,608,224 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-27 16:30 . 2009-01-22 19:10 1,445,144 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-27 16:30 . 2009-01-22 19:10 159,080 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-27 16:04 . 2008-12-27 16:25 48,712 --a------ c:\windows\system32\drivers\MiniIcpt.sys
2008-12-27 16:04 . 2008-12-27 16:25 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys
2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\G DATA
2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\Fichiers communs\G DATA
2008-12-27 16:03 . 2008-12-27 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
2008-12-27 16:03 . 2008-12-29 08:48 <REP> d--hs---- C:\#GDATA.Trash.Store#
2008-12-27 16:03 . 2008-12-27 16:31 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
2008-12-27 16:03 . 2008-12-27 16:03 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 15:14 --------- d-----w c:\program files\eMule
2009-01-18 11:29 --------- d-----w c:\program files\Winamp
2009-01-18 11:25 --------- d-----w c:\documents and settings\Jacques\Application Data\Uniblue
2009-01-18 10:46 --------- d-----w c:\program files\Bonjour
2009-01-15 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-12 08:37 --------- d-----w c:\documents and settings\Jacques\Application Data\Nikon
2009-01-12 08:33 --------- d-----w c:\program files\Fichiers communs\Nikon
2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
2009-01-11 12:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 09:30 --------- d-----w c:\documents and settings\Jacques\Application Data\Vso
2009-01-07 08:41 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-02 16:25 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-29 16:17 --------- d-----w c:\program files\LimeWire
2008-12-29 08:50 --------- d-----w c:\documents and settings\Jacques\Application Data\LimeWire
2008-12-29 07:47 --------- d-----w c:\documents and settings\Jacques\Application Data\uTorrent
2008-12-28 16:58 --------- d-----w c:\program files\Google
2008-12-28 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-27 15:35 --------- d-----w c:\documents and settings\Jacques\Application Data\vlc
2008-12-27 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-19 15:34 --------- d-----w c:\program files\Xvid
2008-12-18 09:02 --------- d-----w c:\documents and settings\Jacques\Application Data\muvee Technologies
2008-12-18 09:02 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-12-18 08:39 --------- d-----w c:\program files\iTunes
2008-12-18 08:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-18 08:38 --------- d-----w c:\program files\QuickTime
2008-12-18 08:38 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-18 08:30 --------- d-----w c:\program files\Creative
2008-12-18 08:21 --------- d-----w c:\documents and settings\Jacques\Application Data\Creative
2008-12-18 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
2008-12-18 07:21 --------- d-----w c:\program files\Windows Live
2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-12-18 07:20 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-18 07:18 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-18 07:18 --------- d-----w c:\program files\Microsoft
2008-12-17 19:10 --------- d-----w c:\documents and settings\Jacques\Application Data\EPSON
2008-12-17 09:34 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-15 09:18 --------- d-----w c:\program files\Activision
2008-12-14 18:56 --------- d-----w c:\program files\SFR
2008-12-14 09:17 --------- d-----w c:\program files\Java
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 20:20 16,608 ----a-w c:\windows\gdrv.sys
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-01 05:58 --------- d-----w c:\program files\CyberLink
2008-12-01 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-28 16:13 --------- d-----w c:\documents and settings\Jacques\Application Data\Winamp
2008-11-28 15:49 --------- d-----w c:\program files\Fichiers communs\CyberLink
2008-11-26 00:04 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2008-11-24 10:52 --------- d-----w c:\program files\Foxmail
2008-10-24 13:40 22,328 ----a-w c:\documents and settings\Jacques\Application Data\PnkBstrK.sys
2008-10-06 18:24 47,360 ----a-w c:\documents and settings\Jacques\Application Data\pcouffin.sys
2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092920081006\index.dat
2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101120081012\index.dat
.
((((((((((((((((((((((((((((( snapshot_2009-01-21_17.28.04,10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-22 18:11:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_324.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2006-09-28 1396736]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-01-15 251264]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]
c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]
c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
-ra------ 2008-04-11 19:50 347648 c:\documents and settings\Jacques\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53773:TCP"= 53773:TCP:emule tcp
"16399:UDP"= 16399:UDP:emule udp
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-12-27 22272]
R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2008-12-27 68424]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-30 93696]
R3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-08-15 1407976]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-12-27 48712]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2008-12-27 32328]
R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50:32 61424]
R4 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 1016904]
R4 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
R4 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-08-14 1185496]
R4 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2008-12-27 51016]
S3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-02 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-02 13312]
S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-12-18 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-12-18 4992]
S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-12-18 179328]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-01-14 98488]
S3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-08-22 880200]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b77caa-8f11-11dd-b90a-806d6172696f}]
\Shell\AutoRun\command - J:\Launch.exe
.
Contenu du dossier 'Tâches planifiées'
2009-01-22 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel
FF - ProfilePath - c:\documents and settings\Jacques\Application Data\Mozilla\Firefox\Profiles\4z3izwmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - MyStart Rechercher
FF - prefs.js: browser.startup.homepage - hxxp://mystart.magentic.com/
FF - prefs.js: keyword.URL - hxxp://mystart.magentic.com/?loc=FF_Magentic_AddressBar&search=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
=);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-22 19:15:46
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1960408961-117609710-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:70,cd,3d,9f,fb,04,c1,88,c0,3e,16,1e,95,be,42,cc,fa,39,1c,35,e6,
2d,56,91,6c,33,af,ce,f6,84,81,11,ec,51,3a,92,4c,df,b4,99,e4,d6,00,b8,34,a8,\
"rkeysecu"=hex:90,35,3a,83,0b,f6,a1,91,59,e3,93,c8,c6,aa,5b,5e
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:fa,1f,4e,6a,ec,41,da,68,df,fc,f3,f4,de,48,a5,31,bb,39,42,b8,86,
01,c2,3b,5b,da,78,a1,ba,6d,f1,8d,29,20,7d,eb,8e,55,d4,52,64,e4,9c,d9,a3,d9,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="55B7733310162CB888C7860131300449D1A069E7434D25A4272B8D9A8E07EE98BB6238A8497947BEF678953B72B4D239B78CA1D8842E8B0068E8E3BA6B511FBF61D7F1B5D3981EC9238550AFC7B57E13547293A59AD0E93E1B755B42A54D6240C04F1D05D3A82D09A1CD397981E318C679FAE47AA27C86B270E1628C47F953EB85640CC36005836EBD15A6B5E2134388ADB211862FA0376ECAA5387BCE0020D71013612305AC442FF382C088A4B9B94DAC0AE57E42FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D1407789133A894319A28CE3858370EDD2A2F47931148E4143B99EAC0FA1F699C57B512EC513F7435EFAA569A25B6977BA3A60E2C302DE2AA95DCCD4A304BB39BD0508D0F56709CA2C4F14B0D46305039478BCC17A5302B712BFC60E838C6434268C741148FF00A9D536D7CBEC9967D5C5F1BEC38E0A06F75F925C4D7055AD281ED542A29902A211ADA025EF48411CD81BC867C0B1502C41581734064CA89001E301FE3142FBA2BE21D0707088C79519532F1AA1B3B0D2586C7F83DF003074E328649332A84F250956148B364BCDDFADB18F74D8A102CECCE553D4AF3EA3C23A84BE500D7EFD82324F185C30AB482A56ACA24DD0E9200DDCB353917788344C9435AF9D31B122695D21EF33C0C575C8C2E287778EE86DA1E2CF95C7B1B92F26F969682DC89D2487D3EB8BA43144C164EE315685D8B764436743706718F20C8A80B66EDEFC7DB6019D11775A6DEFD8F729FF7DE73D3ABF7157B068E151C7901695F311E82149AC386CF143654BB1CD8DF473EB7C14DB7E60A6E02BFAA9AB0078DA165EB303B417D49CE8FFEE10F99BB6216D5C47692EEB24B4B4DD595799A7B53387521B620C64948B6EBC785D0ADAFAB1A34CA614FE93373678C05E1B9CFB35C5B57FD7ABCE49ACF480F7E9D0F54E4CE38CE02F74583757DE9E6F13D73AE37B0188334029999158E13648028674BBD45A42318D2CADB374DCD8A387850D74239CFF76BF8D8A713977D5A25C91096D0EA6B31AEAF47D76C27E427E30A8E2F47C335B6BD2C2B94A16341E231C9CF7C6781EA7AD96E3920BDB4D071F78B01DEE80553453C10D7AA83CD6BF4E2940589812BD5882414B12085028AA26A3B0CD3001285ADE7BABC78AC145F0CE8B91E8BD1F034E5874B5508D282DDF6A5FA2D401965FD7CB86847CFC7DAD126686D21963DC05FA2F75EDECB6A8A6A2F07D06F18F5DC40431AF57AC532AACCC5F787A4015F6986525A3F9A244353231061E5F6150ABBA4996A676EB6FC6C2E72268354E60820AC0D0504690D89FAD162F90978B37E2859977CE4CD3FED72A735EF0273A7B67CA76E48E3C1C69C8210720BAC40B5"
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c5,20,54,f3,8a,c4,b9,7c,43,ed,04,81,39,df,4c,0d,b0,38,34,9a,85,
f1,ad,a4,17,a6,76,aa,18,8c,73,f1,58,ad,64,0c,51,f6,0b,17,79,65,c6,db,0d,1e,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\oodag.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\IncrediMail\bin\ImApp.exe
c:\program files\SFR\Media Center\httpd\httpd.exe
c:\progra~1\Magentic\bin\MgApp.exe
c:\program files\SFR\Media Center\httpd\httpd.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-22 19:17:59 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-22 18:17:56
ComboFix2.txt 2009-01-21 16:29:14
ComboFix3.txt 2009-01-10 16:37:30
ComboFix4.txt 2009-01-10 16:30:08
Avant-CF: 28 206 743 552 octets libres
Après-CF: 28,232,708,096 octets libres
346 --- E O F --- 2009-01-15 08:41:14
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20:31, on 22/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jacques\Mes documents\TELECHARGEMENT\hitjackThis\Jacques.exe
C:\Program Files\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 3289113812
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareup [...] /CTPID.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: Planificateur G DATA (AVKService) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
O23 - Service: Gardien d'AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: G DATA Tuner Service - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: Service de sauvegarde G DATA - G DATA Software AG - C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 12416 bytes
On va réessayer un script.
Re,
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Firefox::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
Sauvegarde ce fichier sous le nom de "CFScript.txt" (les guillemets sont importantes).
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme dans l'image ci-dessous :
Cela va relancer ComboFix. Après redémarrage, poste le contenu du rapport (C:\combofix.txt*) accompagné d'un rapport HijackThis.
NOTE : S'il n'y a pas de redémarrage, poste quand même les rapports demandés.
* le nom de la partition peut changer
Répondre à Angeldark
voici le rapport de ce matin
ComboFix 09-01-21.04 - Jacques 2009-01-24 9:05:33.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.3326.2320 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jacques\Mes documents\TELECHARGEMENT\ComboFix\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Jacques\Mes documents\CFScript.txt
AV: G DATA TotalCare 2009 *On-access scanning disabled* (Updated)
FW: Pare-feu personnel G DATA *disabled*
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-24 au 2009-01-24 ))))))))))))))))))))))))))))))))))))
.
2009-01-21 18:04 . 2009-01-21 18:04 <REP> d-------- c:\program files\Magentic
2009-01-21 18:04 . 2008-08-04 09:51 750,984 --a------ c:\windows\system32\Magentic Screensaver.scr
2009-01-20 16:18 . 2009-01-20 16:18 <REP> d-------- C:\_OTMoveIt
2009-01-20 13:22 . 2009-01-20 13:22 <REP> d-------- c:\documents and settings\All Users\Application Data\IM
2009-01-20 13:21 . 2009-01-23 14:01 <REP> d-------- c:\program files\IncrediMail
2009-01-20 13:21 . 2009-01-20 13:21 <REP> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
2009-01-20 09:20 . 2009-01-20 09:21 <REP> d-------- C:\rsit
2009-01-20 08:11 . 2009-01-24 07:53 3,201 --a------ c:\windows\system32\OODBS.lor
2009-01-19 22:22 . 2009-01-19 22:22 109 --a------ c:\windows\oodcnt.INI
2009-01-19 18:02 . 2009-01-19 18:02 <REP> d-------- c:\windows\system32\oodag
2009-01-19 17:19 . 2009-01-19 17:19 <REP> d-------- c:\program files\OO Software
2009-01-19 10:40 . 2009-01-19 10:40 <REP> d-------- c:\program files\Defraggler
2009-01-18 12:29 . 2009-01-18 12:29 <REP> d-------- c:\program files\Dfx
2009-01-18 12:29 . 2009-01-18 12:29 274,432 --a------ c:\windows\system32\dfxg11.dll
2009-01-18 12:25 . 2009-01-18 12:25 <REP> d-------- c:\program files\Uniblue
2009-01-14 11:22 . 2009-01-14 11:22 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-14 09:54 . 2009-01-14 09:54 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-01-14 09:50 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-01-14 09:50 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-01-14 09:50 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-01-14 09:50 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-01-14 09:50 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-01-14 09:50 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-01-14 09:50 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-01-14 09:43 . 2009-01-14 09:43 <REP> d-------- c:\program files\SiSoftware
2009-01-12 09:39 . 2009-01-12 09:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Vocal Transformer
2009-01-12 09:32 . 2009-01-13 11:39 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
2009-01-11 15:05 . 2009-01-11 15:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Documentation
2009-01-11 15:01 . 2009-01-20 10:45 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdy.DAT
2009-01-11 13:56 . 2009-01-11 13:56 0 --a------ c:\windows\ViewNX.INI
2009-01-11 13:32 . 2009-01-11 13:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Database
2009-01-11 13:32 . 2009-01-11 18:37 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Nikon
2009-01-11 13:26 . 2009-01-11 13:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Commands
2009-01-11 13:26 . 2009-01-11 13:53 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-01-11 13:10 . 2009-01-12 09:32 <REP> d-------- c:\program files\Nikon
2009-01-11 13:10 . 2009-01-20 10:43 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLeh.DAT
2009-01-11 11:01 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-11 11:01 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-10 19:02 . 2009-01-10 19:02 <REP> d-------- c:\documents and settings\Jacques\Application Data\Babylon
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\Jacques\Application Data\Malwarebytes
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 16:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 16:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-07 09:42 . 2009-01-07 09:42 <REP> d-------- c:\documents and settings\Jacques\Application Data\TuneUp Software
2009-01-07 09:42 . 2009-01-07 09:42 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-07 09:42 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2009-01-07 09:41 . 2009-01-07 09:45 <REP> d-------- c:\program files\TuneUp Utilities 2008
2009-01-07 09:41 . 2009-01-07 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-07 09:30 . 2009-01-07 09:30 <REP> d-------- c:\program files\AxBx
2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\program files\JAM Software
2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\documents and settings\Jacques\Application Data\JAM Software
2009-01-03 12:34 . 2009-01-18 10:04 156 --a------ c:\windows\Twunk001.MTX
2009-01-03 12:34 . 2009-01-18 10:04 5 --a------ c:\windows\Twain001.Mtx
2009-01-03 12:34 . 2009-01-03 12:34 0 --a------ c:\windows\Twunk002.MTX
2009-01-03 10:15 . 2009-01-09 15:31 85,239 --a------ c:\windows\system32\cont_milehighads-remove.exe
2009-01-03 10:15 . 2009-01-03 10:15 68,513 --a------ c:\windows\system32\pujaruyrydgs.dll-uninst.exe
2009-01-03 10:15 . 2009-01-03 10:15 47,576 --a------ c:\windows\system32\rmnajrfcoebsfdb.exe
2009-01-02 13:46 . 2009-01-02 17:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\PixVue
2009-01-02 08:28 . 2008-04-01 13:23 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-01-02 08:28 . 2008-04-01 13:23 118,056 --------- c:\windows\system32\pxcpyi64.exe
2008-12-28 09:08 . 2008-12-28 09:08 0 --a------ c:\windows\nsreg.dat
2008-12-28 08:41 . 2008-12-28 08:41 <REP> d-------- c:\documents and settings\Jacques\Application Data\Windows Live Writer
2008-12-27 19:31 . 2008-12-27 19:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\Fichiers communs\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2008-12-27 16:55 . 2009-01-17 09:28 <REP> d-------- c:\program files\Incomplete
2008-12-27 16:32 . 2008-12-27 16:32 68,424 --a------ c:\windows\system32\drivers\GRD.sys
2008-12-27 16:30 . 2009-01-24 09:07 126,873,632 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-27 16:30 . 2009-01-24 09:07 1,643,040 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-27 16:30 . 2009-01-23 09:36 1,448,240 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-27 16:30 . 2009-01-23 09:36 160,760 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-27 16:04 . 2008-12-27 16:25 48,712 --a------ c:\windows\system32\drivers\MiniIcpt.sys
2008-12-27 16:04 . 2008-12-27 16:25 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys
2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\G DATA
2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\Fichiers communs\G DATA
2008-12-27 16:03 . 2008-12-27 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
2008-12-27 16:03 . 2008-12-29 08:48 <REP> d--hs---- C:\#GDATA.Trash.Store#
2008-12-27 16:03 . 2008-12-27 16:31 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
2008-12-27 16:03 . 2008-12-27 16:03 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 15:14 --------- d-----w c:\program files\eMule
2009-01-18 11:29 --------- d-----w c:\program files\Winamp
2009-01-18 11:25 --------- d-----w c:\documents and settings\Jacques\Application Data\Uniblue
2009-01-18 10:46 --------- d-----w c:\program files\Bonjour
2009-01-15 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-12 08:37 --------- d-----w c:\documents and settings\Jacques\Application Data\Nikon
2009-01-12 08:33 --------- d-----w c:\program files\Fichiers communs\Nikon
2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
2009-01-11 12:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 09:30 --------- d-----w c:\documents and settings\Jacques\Application Data\Vso
2009-01-07 08:41 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-02 16:25 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-29 16:17 --------- d-----w c:\program files\LimeWire
2008-12-29 08:50 --------- d-----w c:\documents and settings\Jacques\Application Data\LimeWire
2008-12-29 07:47 --------- d-----w c:\documents and settings\Jacques\Application Data\uTorrent
2008-12-28 16:58 --------- d-----w c:\program files\Google
2008-12-28 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-27 15:35 --------- d-----w c:\documents and settings\Jacques\Application Data\vlc
2008-12-27 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-19 15:34 --------- d-----w c:\program files\Xvid
2008-12-18 09:02 --------- d-----w c:\documents and settings\Jacques\Application Data\muvee Technologies
2008-12-18 09:02 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-12-18 08:39 --------- d-----w c:\program files\iTunes
2008-12-18 08:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-18 08:38 --------- d-----w c:\program files\QuickTime
2008-12-18 08:38 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-18 08:30 --------- d-----w c:\program files\Creative
2008-12-18 08:21 --------- d-----w c:\documents and settings\Jacques\Application Data\Creative
2008-12-18 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
2008-12-18 07:21 --------- d-----w c:\program files\Windows Live
2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-12-18 07:20 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-18 07:18 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-18 07:18 --------- d-----w c:\program files\Microsoft
2008-12-17 19:10 --------- d-----w c:\documents and settings\Jacques\Application Data\EPSON
2008-12-17 09:34 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-15 09:18 --------- d-----w c:\program files\Activision
2008-12-14 18:56 --------- d-----w c:\program files\SFR
2008-12-14 09:17 --------- d-----w c:\program files\Java
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 20:20 16,608 ----a-w c:\windows\gdrv.sys
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-04 20:46 180,224 ----a-w c:\windows\system32\xvidvfw.dll
2008-12-04 20:42 815,104 ----a-w c:\windows\system32\xvidcore.dll
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-12-01 05:58 --------- d-----w c:\program files\CyberLink
2008-12-01 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-28 16:13 --------- d-----w c:\documents and settings\Jacques\Application Data\Winamp
2008-11-28 15:49 --------- d-----w c:\program files\Fichiers communs\CyberLink
2008-11-28 15:47 29,480 ----a-w c:\windows\system32\msxml3a.dll
2008-11-26 00:04 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2008-11-24 10:52 --------- d-----w c:\program files\Foxmail
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-24 13:40 22,328 ----a-w c:\documents and settings\Jacques\Application Data\PnkBstrK.sys
2008-10-06 18:24 47,360 ----a-w c:\documents and settings\Jacques\Application Data\pcouffin.sys
2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092920081006\index.dat
2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101120081012\index.dat
.
((((((((((((((((((((((((((((( snapshot_2009-01-21_17.28.04,10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-24 07:50:26 25,488 ----a-w c:\windows\Temp\cteng_1_1_101232741127.dat
+ 2009-01-23 11:16:47 35,952 ----a-w c:\windows\Temp\cteng_1_1_111232704197.dat
+ 2009-01-22 19:07:51 39,524 ----a-w c:\windows\Temp\cteng_1_1_121232596547.dat
- 2009-01-19 17:30:22 44,456 ----a-w c:\windows\Temp\cteng_1_1_131232384699.dat
+ 2009-01-22 19:07:51 44,456 ----a-w c:\windows\Temp\cteng_1_1_131232384699.dat
- 2009-01-20 10:25:02 39,484 ----a-w c:\windows\Temp\cteng_1_1_141232446973.dat
+ 2009-01-22 19:07:51 39,484 ----a-w c:\windows\Temp\cteng_1_1_141232446973.dat
+ 2009-01-23 13:05:55 19,792 ----a-w c:\windows\Temp\cteng_1_1_161232715924.dat
+ 2009-01-23 11:16:47 84,976 ----a-w c:\windows\Temp\cteng_1_1_181232708725.dat
+ 2009-01-22 20:14:51 57,416 ----a-w c:\windows\Temp\cteng_1_1_201232655228.dat
+ 2009-01-22 19:07:52 39,340 ----a-w c:\windows\Temp\cteng_1_1_211232638623.dat
+ 2009-01-23 11:16:47 28,780 ----a-w c:\windows\Temp\cteng_1_1_221232705111.dat
+ 2009-01-23 07:09:18 40,360 ----a-w c:\windows\Temp\cteng_1_1_231232694249.dat
+ 2009-01-23 13:46:37 39,136 ----a-w c:\windows\Temp\cteng_1_1_41232718278.dat
+ 2009-01-23 11:16:48 39,224 ----a-w c:\windows\Temp\cteng_1_1_71232703947.dat
+ 2009-01-24 07:50:26 29,224 ----a-w c:\windows\Temp\cteng_1_1_81232733921.dat
- 2009-01-19 15:29:40 44,864 ----a-w c:\windows\Temp\cteng_1_1_91232376641.dat
+ 2009-01-22 19:07:53 44,864 ----a-w c:\windows\Temp\cteng_1_1_91232376641.dat
+ 2009-01-23 14:22:48 301,844 ----a-w c:\windows\Temp\cteng_1_2_131232719520.dat
+ 2009-01-22 19:07:54 268,692 ----a-w c:\windows\Temp\cteng_1_2_141232622315.dat
+ 2009-01-22 19:07:55 194,468 ----a-w c:\windows\Temp\cteng_1_2_151232613762.dat
+ 2009-01-23 13:36:35 194,164 ----a-w c:\windows\Temp\cteng_1_2_161232717235.dat
+ 2009-01-24 07:50:27 268,552 ----a-w c:\windows\Temp\cteng_1_2_171232771556.dat
+ 2009-01-23 11:16:48 205,492 ----a-w c:\windows\Temp\cteng_1_2_181232708718.dat
+ 2009-01-24 07:50:27 301,668 ----a-w c:\windows\Temp\cteng_1_2_201232749923.dat
+ 2009-01-24 07:50:27 265,180 ----a-w c:\windows\Temp\cteng_1_2_211232781286.dat
+ 2009-01-22 19:07:57 282,940 ----a-w c:\windows\Temp\cteng_1_2_221232629511.dat
+ 2009-01-22 19:07:57 341,400 ----a-w c:\windows\Temp\cteng_1_2_231232643921.dat
- 2009-01-07 15:27:28 232,896 ----a-w c:\windows\Temp\cteng_1_2_241228086145.dat
+ 2009-01-22 19:07:58 232,896 ----a-w c:\windows\Temp\cteng_1_2_241228086145.dat
+ 2009-01-22 19:07:58 172,704 ----a-w c:\windows\Temp\cteng_1_2_251232562029.dat
+ 2009-01-23 11:16:48 240,304 ----a-w c:\windows\Temp\cteng_1_2_261232701519.dat
+ 2009-01-22 19:07:59 348,592 ----a-w c:\windows\Temp\cteng_1_2_271232608922.dat
+ 2009-01-23 16:20:31 266,564 ----a-w c:\windows\Temp\cteng_1_2_281232726715.dat
+ 2009-01-23 15:21:09 318,396 ----a-w c:\windows\Temp\cteng_1_2_291232723121.dat
+ 2009-01-23 12:18:09 295,344 ----a-w c:\windows\Temp\cteng_1_2_301232712321.dat
+ 2009-01-24 07:50:28 198,808 ----a-w c:\windows\Temp\cteng_1_2_311232744726.dat
+ 2009-01-24 07:50:28 188,616 ----a-w c:\windows\Temp\cteng_1_2_331232777116.dat
+ 2009-01-24 07:50:28 203,796 ----a-w c:\windows\Temp\cteng_1_2_341232774337.dat
+ 2009-01-23 13:46:37 230,512 ----a-w c:\windows\Temp\cteng_1_2_41232718276.dat
+ 2009-01-23 11:16:50 225,840 ----a-w c:\windows\Temp\cteng_1_2_71232703944.dat
- 2009-01-07 15:27:31 50,948 ----a-w c:\windows\Temp\cteng_3_2_11231224990.dat
+ 2009-01-22 19:08:02 50,948 ----a-w c:\windows\Temp\cteng_3_2_11231224990.dat
- 2009-01-07 15:27:31 16,804 ----a-w c:\windows\Temp\cteng_8_2_11223394495.dat
+ 2009-01-22 19:08:02 16,804 ----a-w c:\windows\Temp\cteng_8_2_11223394495.dat
- 2009-01-07 15:27:31 12,320 ----a-w c:\windows\Temp\cteng_8_2_21231227908.dat
+ 2009-01-22 19:08:02 12,320 ----a-w c:\windows\Temp\cteng_8_2_21231227908.dat
+ 2009-01-24 06:54:23 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_164.dat
+ 2009-01-24 06:54:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_604.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2006-09-28 1396736]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
"Foxmail"="c:\program files\Foxmail\Foxmail.exe" [2004-08-02 3272704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]
c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]
c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
-ra------ 2008-04-11 19:50 347648 c:\documents and settings\Jacques\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53773:TCP"= 53773:TCP:emule tcp
"16399:UDP"= 16399:UDP:emule udp
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-12-27 22272]
R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2008-12-27 68424]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-30 93696]
R3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-08-15 1407976]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-12-27 48712]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2008-12-27 32328]
R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50:32 61424]
R4 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 1016904]
R4 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
R4 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-08-14 1185496]
R4 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2008-12-27 51016]
S3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-02 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-02 13312]
S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-12-18 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-12-18 4992]
S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-12-18 179328]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-01-14 98488]
S3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-08-22 880200]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b77caa-8f11-11dd-b90a-806d6172696f}]
\Shell\AutoRun\command - J:\Launch.exe
.
Contenu du dossier 'Tâches planifiées'
2009-01-24 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel
FF - ProfilePath - c:\documents and settings\Jacques\Application Data\Mozilla\Firefox\Profiles\4z3izwmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.magentic.com/
FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
=);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 09:07:35
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1960408961-117609710-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:70,cd,3d,9f,fb,04,c1,88,c0,3e,16,1e,95,be,42,cc,fa,39,1c,35,e6,
2d,56,91,6c,33,af,ce,f6,84,81,11,ec,51,3a,92,4c,df,b4,99,e4,d6,00,b8,34,a8,\
"rkeysecu"=hex:90,35,3a,83,0b,f6,a1,91,59,e3,93,c8,c6,aa,5b,5e
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:fa,1f,4e,6a,ec,41,da,68,df,fc,f3,f4,de,48,a5,31,bb,39,42,b8,86,
01,c2,3b,5b,da,78,a1,ba,6d,f1,8d,29,20,7d,eb,8e,55,d4,52,64,e4,9c,d9,a3,d9,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="55B7733310162CB888C7860131300449D1A069E7434D25A4272B8D9A8E07EE98BB6238A8497947BEF678953B72B4D239B78CA1D8842E8B0068E8E3BA6B511FBF61D7F1B5D3981EC9238550AFC7B57E13547293A59AD0E93E1B755B42A54D6240C04F1D05D3A82D09A1CD397981E318C679FAE47AA27C86B270E1628C47F953EB85640CC36005836EBD15A6B5E2134388ADB211862FA0376ECAA5387BCE0020D71013612305AC442FF382C088A4B9B94DAC0AE57E42FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D1407789133A894319A28CE3858370EDD2A2F47931148E4143B99EAC0FA1F699C57B512EC513F7435EFAA569A25B6977BA3A60E2C302DE2AA95DCCD4A304BB39BD0508D0F56709CA2C4F14B0D46305039478BCC17A5302B712BFC60E838C6434268C741148FF00A9D536D7CBEC9967D5C5F1BEC38E0A06F75F925C4D7055AD281ED542A29902A211ADA025EF48411CD81BC867C0B1502C41581734064CA89001E301FE3142FBA2BE21D0707088C79519532F1AA1B3B0D2586C7F83DF003074E328649332A84F250956148B364BCDDFADB18F74D8A102CECCE553D4AF3EA3C23A84BE500D7EFD82324F185C30AB482A56ACA24DD0E9200DDCB353917788344C9435AF9D31B122695D21EF33C0C575C8C2E287778EE86DA1E2CF95C7B1B92F26F969682DC89D2487D3EB8BA43144C164EE315685D8B764436743706718F20C8A80B66EDEFC7DB6019D11775A6DEFD8F729FF7DE73D3ABF7157B068E151C7901695F311E82149AC386CF143654BB1CD8DF473EB7C14DB7E60A6E02BFAA9AB0078DA165EB303B417D49CE8FFEE10F99BB6216D5C47692EEB24B4B4DD595799A7B53387521B620C64948B6EBC785D0ADAFAB1A34CA614FE93373678C05E1B9CFB35C5B57FD7ABCE49ACF480F7E9D0F54E4CE38CE02F74583757DE9E6F13D73AE37B0188334029999158E13648028674BBD45A42318D2CADB374DCD8A387850D74239CFF76BF8D8A713977D5A25C91096D0EA6B31AEAF47D76C27E427E30A8E2F47C335B6BD2C2B94A16341E231C9CF7C6781EA7AD96E3920BDB4D071F78B01DEE80553453C10D7AA83CD6BF4E2940589812BD5882414B12085028AA26A3B0CD3001285ADE7BABC78AC145F0CE8B91E8BD1F034E5874B5508D282DDF6A5FA2D401965FD7CB86847CFC7DAD126686D21963DC05FA2F75EDECB6A8A6A2F07D06F18F5DC40431AF57AC532AACCC5F787A4015F6986525A3F9A244353231061E5F6150ABBA4996A676EB6FC6C2E72268354E60820AC0D0504690D89FAD162F90978B37E2859977CE4CD3FED72A735EF0273A7B67CA76E48E3C1C69C8210720BAC40B5"
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c5,20,54,f3,8a,c4,b9,7c,43,ed,04,81,39,df,4c,0d,b0,38,34,9a,85,
f1,ad,a4,17,a6,76,aa,18,8c,73,f1,58,ad,64,0c,51,f6,0b,17,79,65,c6,db,0d,1e,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-01-24 9:10:06
ComboFix-quarantined-files.txt 2009-01-24 08:09:09
ComboFix2.txt 2009-01-22 18:18:00
ComboFix3.txt 2009-01-21 16:29:14
ComboFix4.txt 2009-01-10 16:37:30
ComboFix5.txt 2009-01-24 08:04:59
Avant-CF: 29 584 801 792 octets libres
Après-CF: 30,002,925,568 octets libres
377 --- E O F --- 2009-01-15 08:41:14
ComboFix 09-01-21.04 - Jacques 2009-01-24 9:05:33.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.3326.2320 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jacques\Mes documents\TELECHARGEMENT\ComboFix\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Jacques\Mes documents\CFScript.txt
AV: G DATA TotalCare 2009 *On-access scanning disabled* (Updated)
FW: Pare-feu personnel G DATA *disabled*
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-24 au 2009-01-24 ))))))))))))))))))))))))))))))))))))
.
2009-01-21 18:04 . 2009-01-21 18:04 <REP> d-------- c:\program files\Magentic
2009-01-21 18:04 . 2008-08-04 09:51 750,984 --a------ c:\windows\system32\Magentic Screensaver.scr
2009-01-20 16:18 . 2009-01-20 16:18 <REP> d-------- C:\_OTMoveIt
2009-01-20 13:22 . 2009-01-20 13:22 <REP> d-------- c:\documents and settings\All Users\Application Data\IM
2009-01-20 13:21 . 2009-01-23 14:01 <REP> d-------- c:\program files\IncrediMail
2009-01-20 13:21 . 2009-01-20 13:21 <REP> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
2009-01-20 09:20 . 2009-01-20 09:21 <REP> d-------- C:\rsit
2009-01-20 08:11 . 2009-01-24 07:53 3,201 --a------ c:\windows\system32\OODBS.lor
2009-01-19 22:22 . 2009-01-19 22:22 109 --a------ c:\windows\oodcnt.INI
2009-01-19 18:02 . 2009-01-19 18:02 <REP> d-------- c:\windows\system32\oodag
2009-01-19 17:19 . 2009-01-19 17:19 <REP> d-------- c:\program files\OO Software
2009-01-19 10:40 . 2009-01-19 10:40 <REP> d-------- c:\program files\Defraggler
2009-01-18 12:29 . 2009-01-18 12:29 <REP> d-------- c:\program files\Dfx
2009-01-18 12:29 . 2009-01-18 12:29 274,432 --a------ c:\windows\system32\dfxg11.dll
2009-01-18 12:25 . 2009-01-18 12:25 <REP> d-------- c:\program files\Uniblue
2009-01-14 11:22 . 2009-01-14 11:22 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-14 09:54 . 2009-01-14 09:54 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-01-14 09:50 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-01-14 09:50 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-01-14 09:50 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-01-14 09:50 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-01-14 09:50 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-01-14 09:50 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-01-14 09:50 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-01-14 09:43 . 2009-01-14 09:43 <REP> d-------- c:\program files\SiSoftware
2009-01-12 09:39 . 2009-01-12 09:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Vocal Transformer
2009-01-12 09:32 . 2009-01-13 11:39 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
2009-01-11 15:05 . 2009-01-11 15:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Documentation
2009-01-11 15:01 . 2009-01-20 10:45 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdy.DAT
2009-01-11 13:56 . 2009-01-11 13:56 0 --a------ c:\windows\ViewNX.INI
2009-01-11 13:32 . 2009-01-11 13:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Database
2009-01-11 13:32 . 2009-01-11 18:37 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Nikon
2009-01-11 13:26 . 2009-01-11 13:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Commands
2009-01-11 13:26 . 2009-01-11 13:53 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-01-11 13:10 . 2009-01-12 09:32 <REP> d-------- c:\program files\Nikon
2009-01-11 13:10 . 2009-01-20 10:43 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLeh.DAT
2009-01-11 11:01 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-11 11:01 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-10 19:02 . 2009-01-10 19:02 <REP> d-------- c:\documents and settings\Jacques\Application Data\Babylon
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\Jacques\Application Data\Malwarebytes
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 16:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 16:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-07 09:42 . 2009-01-07 09:42 <REP> d-------- c:\documents and settings\Jacques\Application Data\TuneUp Software
2009-01-07 09:42 . 2009-01-07 09:42 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-07 09:42 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2009-01-07 09:41 . 2009-01-07 09:45 <REP> d-------- c:\program files\TuneUp Utilities 2008
2009-01-07 09:41 . 2009-01-07 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-07 09:30 . 2009-01-07 09:30 <REP> d-------- c:\program files\AxBx
2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\program files\JAM Software
2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\documents and settings\Jacques\Application Data\JAM Software
2009-01-03 12:34 . 2009-01-18 10:04 156 --a------ c:\windows\Twunk001.MTX
2009-01-03 12:34 . 2009-01-18 10:04 5 --a------ c:\windows\Twain001.Mtx
2009-01-03 12:34 . 2009-01-03 12:34 0 --a------ c:\windows\Twunk002.MTX
2009-01-03 10:15 . 2009-01-09 15:31 85,239 --a------ c:\windows\system32\cont_milehighads-remove.exe
2009-01-03 10:15 . 2009-01-03 10:15 68,513 --a------ c:\windows\system32\pujaruyrydgs.dll-uninst.exe
2009-01-03 10:15 . 2009-01-03 10:15 47,576 --a------ c:\windows\system32\rmnajrfcoebsfdb.exe
2009-01-02 13:46 . 2009-01-02 17:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\PixVue
2009-01-02 08:28 . 2008-04-01 13:23 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-01-02 08:28 . 2008-04-01 13:23 118,056 --------- c:\windows\system32\pxcpyi64.exe
2008-12-28 09:08 . 2008-12-28 09:08 0 --a------ c:\windows\nsreg.dat
2008-12-28 08:41 . 2008-12-28 08:41 <REP> d-------- c:\documents and settings\Jacques\Application Data\Windows Live Writer
2008-12-27 19:31 . 2008-12-27 19:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\Fichiers communs\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2008-12-27 16:55 . 2009-01-17 09:28 <REP> d-------- c:\program files\Incomplete
2008-12-27 16:32 . 2008-12-27 16:32 68,424 --a------ c:\windows\system32\drivers\GRD.sys
2008-12-27 16:30 . 2009-01-24 09:07 126,873,632 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-27 16:30 . 2009-01-24 09:07 1,643,040 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-27 16:30 . 2009-01-23 09:36 1,448,240 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-27 16:30 . 2009-01-23 09:36 160,760 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-27 16:04 . 2008-12-27 16:25 48,712 --a------ c:\windows\system32\drivers\MiniIcpt.sys
2008-12-27 16:04 . 2008-12-27 16:25 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys
2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\G DATA
2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\Fichiers communs\G DATA
2008-12-27 16:03 . 2008-12-27 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
2008-12-27 16:03 . 2008-12-29 08:48 <REP> d--hs---- C:\#GDATA.Trash.Store#
2008-12-27 16:03 . 2008-12-27 16:31 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
2008-12-27 16:03 . 2008-12-27 16:03 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 15:14 --------- d-----w c:\program files\eMule
2009-01-18 11:29 --------- d-----w c:\program files\Winamp
2009-01-18 11:25 --------- d-----w c:\documents and settings\Jacques\Application Data\Uniblue
2009-01-18 10:46 --------- d-----w c:\program files\Bonjour
2009-01-15 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-12 08:37 --------- d-----w c:\documents and settings\Jacques\Application Data\Nikon
2009-01-12 08:33 --------- d-----w c:\program files\Fichiers communs\Nikon
2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
2009-01-11 12:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 09:30 --------- d-----w c:\documents and settings\Jacques\Application Data\Vso
2009-01-07 08:41 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-02 16:25 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-29 16:17 --------- d-----w c:\program files\LimeWire
2008-12-29 08:50 --------- d-----w c:\documents and settings\Jacques\Application Data\LimeWire
2008-12-29 07:47 --------- d-----w c:\documents and settings\Jacques\Application Data\uTorrent
2008-12-28 16:58 --------- d-----w c:\program files\Google
2008-12-28 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-27 15:35 --------- d-----w c:\documents and settings\Jacques\Application Data\vlc
2008-12-27 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-19 15:34 --------- d-----w c:\program files\Xvid
2008-12-18 09:02 --------- d-----w c:\documents and settings\Jacques\Application Data\muvee Technologies
2008-12-18 09:02 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-12-18 08:39 --------- d-----w c:\program files\iTunes
2008-12-18 08:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-18 08:38 --------- d-----w c:\program files\QuickTime
2008-12-18 08:38 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-18 08:30 --------- d-----w c:\program files\Creative
2008-12-18 08:21 --------- d-----w c:\documents and settings\Jacques\Application Data\Creative
2008-12-18 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
2008-12-18 07:21 --------- d-----w c:\program files\Windows Live
2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-12-18 07:20 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-18 07:18 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-18 07:18 --------- d-----w c:\program files\Microsoft
2008-12-17 19:10 --------- d-----w c:\documents and settings\Jacques\Application Data\EPSON
2008-12-17 09:34 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-15 09:18 --------- d-----w c:\program files\Activision
2008-12-14 18:56 --------- d-----w c:\program files\SFR
2008-12-14 09:17 --------- d-----w c:\program files\Java
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 20:20 16,608 ----a-w c:\windows\gdrv.sys
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-04 20:46 180,224 ----a-w c:\windows\system32\xvidvfw.dll
2008-12-04 20:42 815,104 ----a-w c:\windows\system32\xvidcore.dll
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-12-01 05:58 --------- d-----w c:\program files\CyberLink
2008-12-01 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-28 16:13 --------- d-----w c:\documents and settings\Jacques\Application Data\Winamp
2008-11-28 15:49 --------- d-----w c:\program files\Fichiers communs\CyberLink
2008-11-28 15:47 29,480 ----a-w c:\windows\system32\msxml3a.dll
2008-11-26 00:04 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2008-11-24 10:52 --------- d-----w c:\program files\Foxmail
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-24 13:40 22,328 ----a-w c:\documents and settings\Jacques\Application Data\PnkBstrK.sys
2008-10-06 18:24 47,360 ----a-w c:\documents and settings\Jacques\Application Data\pcouffin.sys
2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092920081006\index.dat
2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101120081012\index.dat
.
((((((((((((((((((((((((((((( snapshot_2009-01-21_17.28.04,10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-24 07:50:26 25,488 ----a-w c:\windows\Temp\cteng_1_1_101232741127.dat
+ 2009-01-23 11:16:47 35,952 ----a-w c:\windows\Temp\cteng_1_1_111232704197.dat
+ 2009-01-22 19:07:51 39,524 ----a-w c:\windows\Temp\cteng_1_1_121232596547.dat
- 2009-01-19 17:30:22 44,456 ----a-w c:\windows\Temp\cteng_1_1_131232384699.dat
+ 2009-01-22 19:07:51 44,456 ----a-w c:\windows\Temp\cteng_1_1_131232384699.dat
- 2009-01-20 10:25:02 39,484 ----a-w c:\windows\Temp\cteng_1_1_141232446973.dat
+ 2009-01-22 19:07:51 39,484 ----a-w c:\windows\Temp\cteng_1_1_141232446973.dat
+ 2009-01-23 13:05:55 19,792 ----a-w c:\windows\Temp\cteng_1_1_161232715924.dat
+ 2009-01-23 11:16:47 84,976 ----a-w c:\windows\Temp\cteng_1_1_181232708725.dat
+ 2009-01-22 20:14:51 57,416 ----a-w c:\windows\Temp\cteng_1_1_201232655228.dat
+ 2009-01-22 19:07:52 39,340 ----a-w c:\windows\Temp\cteng_1_1_211232638623.dat
+ 2009-01-23 11:16:47 28,780 ----a-w c:\windows\Temp\cteng_1_1_221232705111.dat
+ 2009-01-23 07:09:18 40,360 ----a-w c:\windows\Temp\cteng_1_1_231232694249.dat
+ 2009-01-23 13:46:37 39,136 ----a-w c:\windows\Temp\cteng_1_1_41232718278.dat
+ 2009-01-23 11:16:48 39,224 ----a-w c:\windows\Temp\cteng_1_1_71232703947.dat
+ 2009-01-24 07:50:26 29,224 ----a-w c:\windows\Temp\cteng_1_1_81232733921.dat
- 2009-01-19 15:29:40 44,864 ----a-w c:\windows\Temp\cteng_1_1_91232376641.dat
+ 2009-01-22 19:07:53 44,864 ----a-w c:\windows\Temp\cteng_1_1_91232376641.dat
+ 2009-01-23 14:22:48 301,844 ----a-w c:\windows\Temp\cteng_1_2_131232719520.dat
+ 2009-01-22 19:07:54 268,692 ----a-w c:\windows\Temp\cteng_1_2_141232622315.dat
+ 2009-01-22 19:07:55 194,468 ----a-w c:\windows\Temp\cteng_1_2_151232613762.dat
+ 2009-01-23 13:36:35 194,164 ----a-w c:\windows\Temp\cteng_1_2_161232717235.dat
+ 2009-01-24 07:50:27 268,552 ----a-w c:\windows\Temp\cteng_1_2_171232771556.dat
+ 2009-01-23 11:16:48 205,492 ----a-w c:\windows\Temp\cteng_1_2_181232708718.dat
+ 2009-01-24 07:50:27 301,668 ----a-w c:\windows\Temp\cteng_1_2_201232749923.dat
+ 2009-01-24 07:50:27 265,180 ----a-w c:\windows\Temp\cteng_1_2_211232781286.dat
+ 2009-01-22 19:07:57 282,940 ----a-w c:\windows\Temp\cteng_1_2_221232629511.dat
+ 2009-01-22 19:07:57 341,400 ----a-w c:\windows\Temp\cteng_1_2_231232643921.dat
- 2009-01-07 15:27:28 232,896 ----a-w c:\windows\Temp\cteng_1_2_241228086145.dat
+ 2009-01-22 19:07:58 232,896 ----a-w c:\windows\Temp\cteng_1_2_241228086145.dat
+ 2009-01-22 19:07:58 172,704 ----a-w c:\windows\Temp\cteng_1_2_251232562029.dat
+ 2009-01-23 11:16:48 240,304 ----a-w c:\windows\Temp\cteng_1_2_261232701519.dat
+ 2009-01-22 19:07:59 348,592 ----a-w c:\windows\Temp\cteng_1_2_271232608922.dat
+ 2009-01-23 16:20:31 266,564 ----a-w c:\windows\Temp\cteng_1_2_281232726715.dat
+ 2009-01-23 15:21:09 318,396 ----a-w c:\windows\Temp\cteng_1_2_291232723121.dat
+ 2009-01-23 12:18:09 295,344 ----a-w c:\windows\Temp\cteng_1_2_301232712321.dat
+ 2009-01-24 07:50:28 198,808 ----a-w c:\windows\Temp\cteng_1_2_311232744726.dat
+ 2009-01-24 07:50:28 188,616 ----a-w c:\windows\Temp\cteng_1_2_331232777116.dat
+ 2009-01-24 07:50:28 203,796 ----a-w c:\windows\Temp\cteng_1_2_341232774337.dat
+ 2009-01-23 13:46:37 230,512 ----a-w c:\windows\Temp\cteng_1_2_41232718276.dat
+ 2009-01-23 11:16:50 225,840 ----a-w c:\windows\Temp\cteng_1_2_71232703944.dat
- 2009-01-07 15:27:31 50,948 ----a-w c:\windows\Temp\cteng_3_2_11231224990.dat
+ 2009-01-22 19:08:02 50,948 ----a-w c:\windows\Temp\cteng_3_2_11231224990.dat
- 2009-01-07 15:27:31 16,804 ----a-w c:\windows\Temp\cteng_8_2_11223394495.dat
+ 2009-01-22 19:08:02 16,804 ----a-w c:\windows\Temp\cteng_8_2_11223394495.dat
- 2009-01-07 15:27:31 12,320 ----a-w c:\windows\Temp\cteng_8_2_21231227908.dat
+ 2009-01-22 19:08:02 12,320 ----a-w c:\windows\Temp\cteng_8_2_21231227908.dat
+ 2009-01-24 06:54:23 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_164.dat
+ 2009-01-24 06:54:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_604.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2006-09-28 1396736]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
"Foxmail"="c:\program files\Foxmail\Foxmail.exe" [2004-08-02 3272704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]
c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]
c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
-ra------ 2008-04-11 19:50 347648 c:\documents and settings\Jacques\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53773:TCP"= 53773:TCP:emule tcp
"16399:UDP"= 16399:UDP:emule udp
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-12-27 22272]
R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2008-12-27 68424]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-30 93696]
R3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-08-15 1407976]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-12-27 48712]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2008-12-27 32328]
R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50:32 61424]
R4 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 1016904]
R4 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
R4 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-08-14 1185496]
R4 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2008-12-27 51016]
S3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-02 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-02 13312]
S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-12-18 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-12-18 4992]
S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-12-18 179328]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-01-14 98488]
S3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-08-22 880200]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b77caa-8f11-11dd-b90a-806d6172696f}]
\Shell\AutoRun\command - J:\Launch.exe
.
Contenu du dossier 'Tâches planifiées'
2009-01-24 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel
FF - ProfilePath - c:\documents and settings\Jacques\Application Data\Mozilla\Firefox\Profiles\4z3izwmv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.magentic.com/
FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
=);
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-24 09:07:35
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1960408961-117609710-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:70,cd,3d,9f,fb,04,c1,88,c0,3e,16,1e,95,be,42,cc,fa,39,1c,35,e6,
2d,56,91,6c,33,af,ce,f6,84,81,11,ec,51,3a,92,4c,df,b4,99,e4,d6,00,b8,34,a8,\
"rkeysecu"=hex:90,35,3a,83,0b,f6,a1,91,59,e3,93,c8,c6,aa,5b,5e
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:fa,1f,4e,6a,ec,41,da,68,df,fc,f3,f4,de,48,a5,31,bb,39,42,b8,86,
01,c2,3b,5b,da,78,a1,ba,6d,f1,8d,29,20,7d,eb,8e,55,d4,52,64,e4,9c,d9,a3,d9,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="55B7733310162CB888C7860131300449D1A069E7434D25A4272B8D9A8E07EE98BB6238A8497947BEF678953B72B4D239B78CA1D8842E8B0068E8E3BA6B511FBF61D7F1B5D3981EC9238550AFC7B57E13547293A59AD0E93E1B755B42A54D6240C04F1D05D3A82D09A1CD397981E318C679FAE47AA27C86B270E1628C47F953EB85640CC36005836EBD15A6B5E2134388ADB211862FA0376ECAA5387BCE0020D71013612305AC442FF382C088A4B9B94DAC0AE57E42FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D1407789133A894319A28CE3858370EDD2A2F47931148E4143B99EAC0FA1F699C57B512EC513F7435EFAA569A25B6977BA3A60E2C302DE2AA95DCCD4A304BB39BD0508D0F56709CA2C4F14B0D46305039478BCC17A5302B712BFC60E838C6434268C741148FF00A9D536D7CBEC9967D5C5F1BEC38E0A06F75F925C4D7055AD281ED542A29902A211ADA025EF48411CD81BC867C0B1502C41581734064CA89001E301FE3142FBA2BE21D0707088C79519532F1AA1B3B0D2586C7F83DF003074E328649332A84F250956148B364BCDDFADB18F74D8A102CECCE553D4AF3EA3C23A84BE500D7EFD82324F185C30AB482A56ACA24DD0E9200DDCB353917788344C9435AF9D31B122695D21EF33C0C575C8C2E287778EE86DA1E2CF95C7B1B92F26F969682DC89D2487D3EB8BA43144C164EE315685D8B764436743706718F20C8A80B66EDEFC7DB6019D11775A6DEFD8F729FF7DE73D3ABF7157B068E151C7901695F311E82149AC386CF143654BB1CD8DF473EB7C14DB7E60A6E02BFAA9AB0078DA165EB303B417D49CE8FFEE10F99BB6216D5C47692EEB24B4B4DD595799A7B53387521B620C64948B6EBC785D0ADAFAB1A34CA614FE93373678C05E1B9CFB35C5B57FD7ABCE49ACF480F7E9D0F54E4CE38CE02F74583757DE9E6F13D73AE37B0188334029999158E13648028674BBD45A42318D2CADB374DCD8A387850D74239CFF76BF8D8A713977D5A25C91096D0EA6B31AEAF47D76C27E427E30A8E2F47C335B6BD2C2B94A16341E231C9CF7C6781EA7AD96E3920BDB4D071F78B01DEE80553453C10D7AA83CD6BF4E2940589812BD5882414B12085028AA26A3B0CD3001285ADE7BABC78AC145F0CE8B91E8BD1F034E5874B5508D282DDF6A5FA2D401965FD7CB86847CFC7DAD126686D21963DC05FA2F75EDECB6A8A6A2F07D06F18F5DC40431AF57AC532AACCC5F787A4015F6986525A3F9A244353231061E5F6150ABBA4996A676EB6FC6C2E72268354E60820AC0D0504690D89FAD162F90978B37E2859977CE4CD3FED72A735EF0273A7B67CA76E48E3C1C69C8210720BAC40B5"
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c5,20,54,f3,8a,c4,b9,7c,43,ed,04,81,39,df,4c,0d,b0,38,34,9a,85,
f1,ad,a4,17,a6,76,aa,18,8c,73,f1,58,ad,64,0c,51,f6,0b,17,79,65,c6,db,0d,1e,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-01-24 9:10:06
ComboFix-quarantined-files.txt 2009-01-24 08:09:09
ComboFix2.txt 2009-01-22 18:18:00
ComboFix3.txt 2009-01-21 16:29:14
ComboFix4.txt 2009-01-10 16:37:30
ComboFix5.txt 2009-01-24 08:04:59
Avant-CF: 29 584 801 792 octets libres
Après-CF: 30,002,925,568 octets libres
377 --- E O F --- 2009-01-15 08:41:14
Tu peux essayer de désinstaller Firefox en ne conservant pas les paramètres et le réinstaller ?
Répondre à Angeldark
c'est fait j'ai désinstaller et reinstallé firfox
Refais un scan Combofix pour voir.
Répondre à Angeldark
ComboFix 09-01-21.04 - Jacques 2009-01-25 18:20:07.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.3326.2325 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jacques\Mes documents\TELECHARGEMENT\ComboFix\ComboFix.exe
AV: G DATA TotalCare 2009 *On-access scanning disabled* (Updated)
FW: Pare-feu personnel G DATA *disabled*
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\IEToolbar
c:\program files\IEToolbar\ECO Bar\basis.xml
c:\program files\IEToolbar\ECO Bar\ecobar.dll
c:\program files\IEToolbar\ECO Bar\icons.bmp
c:\program files\IEToolbar\ECO Bar\info.txt
c:\program files\IEToolbar\ECO Bar\tbhelper.dll
c:\program files\IEToolbar\ECO Bar\uninstall.exe
c:\program files\IEToolbar\ECO Bar\version.txt
c:\program files\IEToolbar\ECO Bar\your_logo.png
c:\windows\system32\bmebuqjhloygkrxtf.dll
c:\windows\system32\d3dx9_30323232323232323232323232323232323232.dll
c:\windows\system32\d3dx9_3032323232323232323232323232323232323232.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-25 au 2009-01-25 ))))))))))))))))))))))))))))))))))))
.
2009-01-24 23:41 . 2009-01-24 23:41 135,168 --a------ c:\windows\system32\d3dx9_303232323232323232323232323232323232.dll
2009-01-24 23:41 . 2009-01-24 23:41 135,168 --a------ c:\windows\system32\d3dx9_3032323232323232323232323232323232.dll
2009-01-24 23:41 . 2009-01-24 23:41 135,168 --a------ c:\windows\system32\d3dx9_30323232323232323232323232323232.dll
2009-01-24 23:41 . 2009-01-24 23:41 135,168 --a------ c:\windows\system32\d3dx9_303232323232323232323232323232.dll
2009-01-24 23:28 . 2009-01-24 23:28 135,168 --a------ c:\windows\system32\dssec3232.dll
2009-01-24 23:28 . 2009-01-24 23:28 135,168 --a------ c:\windows\system32\dsound3232.dll
2009-01-24 23:27 . 2009-01-24 23:27 135,168 --a------ c:\windows\system32\dsprpres323232.dll
2009-01-24 23:25 . 2009-01-24 23:25 1,462,272 --a------ c:\windows\system32\hlihrspp.exe
2009-01-24 23:25 . 2009-01-24 23:25 478,208 --a------ c:\windows\rgmonsvc.exe
2009-01-24 23:25 . 2009-01-24 23:25 10,752 --a------ c:\windows\dbrxl0138.exe
2009-01-24 23:25 . 2009-01-24 23:25 1,383 --a------ c:\windows\uxvck78043.exe
2009-01-24 23:25 . 2009-01-24 23:25 1,375 --a------ c:\windows\egru5771.exe
2009-01-24 23:24 . 2009-01-24 23:24 <REP> d-------- c:\program files\runit
2009-01-24 23:24 . 2009-01-24 23:24 905,670 --a------ c:\windows\gromr3646.exe
2009-01-24 23:24 . 2009-01-24 23:24 195,355 --a------ c:\windows\geml27870.exe
2009-01-24 23:24 . 2009-01-24 23:24 85,293 --a------ c:\windows\system32\cont_adsoftinc-remove.exe
2009-01-24 23:24 . 2009-01-24 23:24 69,697 --a------ c:\windows\jaeed8785.exe
2009-01-24 23:24 . 2009-01-24 23:24 47,578 --a------ c:\windows\system32\dezignojeth.exe
2009-01-24 23:24 . 2009-01-24 23:24 1,342 --a------ c:\windows\egmrd1737.exe
2009-01-24 23:20 . 2009-01-24 23:26 102,219 --a------ c:\windows\system32\cont_precisead-remove.exe
2009-01-21 18:04 . 2009-01-21 18:04 <REP> d-------- c:\program files\Magentic
2009-01-21 18:04 . 2008-08-04 09:51 750,984 --a------ c:\windows\system32\Magentic Screensaver.scr
2009-01-20 16:18 . 2009-01-20 16:18 <REP> d-------- C:\_OTMoveIt
2009-01-20 13:22 . 2009-01-20 13:22 <REP> d-------- c:\documents and settings\All Users\Application Data\IM
2009-01-20 13:21 . 2009-01-23 14:01 <REP> d-------- c:\program files\IncrediMail
2009-01-20 13:21 . 2009-01-20 13:21 <REP> d-------- c:\documents and settings\All Users\Application Data\IncrediMail
2009-01-20 09:20 . 2009-01-20 09:21 <REP> d-------- C:\rsit
2009-01-20 08:11 . 2009-01-25 18:06 4,074 --a------ c:\windows\system32\OODBS.lor
2009-01-19 22:22 . 2009-01-19 22:22 109 --a------ c:\windows\oodcnt.INI
2009-01-19 18:02 . 2009-01-19 18:02 <REP> d-------- c:\windows\system32\oodag
2009-01-19 17:19 . 2009-01-19 17:19 <REP> d-------- c:\program files\OO Software
2009-01-19 10:40 . 2009-01-19 10:40 <REP> d-------- c:\program files\Defraggler
2009-01-18 12:29 . 2009-01-18 12:29 <REP> d-------- c:\program files\Dfx
2009-01-18 12:29 . 2009-01-18 12:29 274,432 --a------ c:\windows\system32\dfxg11.dll
2009-01-18 12:25 . 2009-01-18 12:25 <REP> d-------- c:\program files\Uniblue
2009-01-14 11:22 . 2009-01-14 11:22 <REP> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-14 09:54 . 2009-01-14 09:54 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-01-14 09:50 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2009-01-14 09:50 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2009-01-14 09:50 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2009-01-14 09:50 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2009-01-14 09:50 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2009-01-14 09:50 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2009-01-14 09:50 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2009-01-14 09:43 . 2009-01-14 09:43 <REP> d-------- c:\program files\SiSoftware
2009-01-12 09:39 . 2009-01-12 09:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Vocal Transformer
2009-01-12 09:32 . 2009-01-13 11:39 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLbz.DAT
2009-01-11 15:05 . 2009-01-11 15:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Documentation
2009-01-11 15:01 . 2009-01-20 10:45 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdy.DAT
2009-01-11 13:56 . 2009-01-11 13:56 0 --a------ c:\windows\ViewNX.INI
2009-01-11 13:32 . 2009-01-11 13:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Database
2009-01-11 13:32 . 2009-01-11 18:37 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
2009-01-11 13:27 . 2009-01-11 13:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Nikon
2009-01-11 13:26 . 2009-01-11 13:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Commands
2009-01-11 13:26 . 2009-01-11 13:53 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-01-11 13:10 . 2009-01-12 09:32 <REP> d-------- c:\program files\Nikon
2009-01-11 13:10 . 2009-01-20 10:43 20 ---h----- c:\documents and settings\All Users\Application Data\PKP_DLeh.DAT
2009-01-11 11:01 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-01-11 11:01 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-01-10 19:02 . 2009-01-10 19:02 <REP> d-------- c:\documents and settings\Jacques\Application Data\Babylon
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\Jacques\Application Data\Malwarebytes
2009-01-07 16:37 . 2009-01-07 16:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 16:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 16:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-07 09:42 . 2009-01-07 09:42 <REP> d-------- c:\documents and settings\Jacques\Application Data\TuneUp Software
2009-01-07 09:42 . 2009-01-07 09:42 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-01-07 09:42 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2009-01-07 09:41 . 2009-01-07 09:45 <REP> d-------- c:\program files\TuneUp Utilities 2008
2009-01-07 09:41 . 2009-01-07 09:41 <REP> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-01-07 09:30 . 2009-01-07 09:30 <REP> d-------- c:\program files\AxBx
2009-01-06 18:29 . 2009-01-06 18:29 679,424 --a------ c:\windows\system32\nsf26.dll
2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\program files\JAM Software
2009-01-04 09:52 . 2009-01-04 09:52 <REP> d-------- c:\documents and settings\Jacques\Application Data\JAM Software
2009-01-03 12:34 . 2009-01-18 10:04 156 --a------ c:\windows\Twunk001.MTX
2009-01-03 12:34 . 2009-01-18 10:04 5 --a------ c:\windows\Twain001.Mtx
2009-01-03 12:34 . 2009-01-03 12:34 0 --a------ c:\windows\Twunk002.MTX
2009-01-03 10:15 . 2009-01-09 15:31 85,239 --a------ c:\windows\system32\cont_milehighads-remove.exe
2009-01-03 10:15 . 2009-01-03 10:15 68,513 --a------ c:\windows\system32\pujaruyrydgs.dll-uninst.exe
2009-01-03 10:15 . 2009-01-03 10:15 47,576 --a------ c:\windows\system32\rmnajrfcoebsfdb.exe
2009-01-02 13:46 . 2009-01-02 17:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\PixVue
2009-01-02 08:28 . 2008-04-01 13:23 118,520 --------- c:\windows\system32\pxinsi64.exe
2009-01-02 08:28 . 2008-04-01 13:23 118,056 --------- c:\windows\system32\pxcpyi64.exe
2008-12-28 09:08 . 2008-12-28 09:08 0 --a------ c:\windows\nsreg.dat
2008-12-28 08:41 . 2008-12-28 08:41 <REP> d-------- c:\documents and settings\Jacques\Application Data\Windows Live Writer
2008-12-27 19:31 . 2008-12-27 19:31 <REP> d-------- c:\documents and settings\Jacques\Application Data\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\Fichiers communs\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\program files\ACD Systems
2008-12-27 19:28 . 2008-12-27 19:28 <REP> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2008-12-27 16:55 . 2009-01-17 09:28 <REP> d-------- c:\program files\Incomplete
2008-12-27 16:32 . 2008-12-27 16:32 68,424 --a------ c:\windows\system32\drivers\GRD.sys
2008-12-27 16:30 . 2009-01-25 11:45 130,113,568 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-27 16:30 . 2009-01-25 18:22 1,726,496 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-27 16:30 . 2009-01-25 11:45 1,512,776 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-27 16:30 . 2009-01-25 11:45 169,688 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-27 16:04 . 2008-12-27 16:25 48,712 --a------ c:\windows\system32\drivers\MiniIcpt.sys
2008-12-27 16:04 . 2008-12-27 16:25 32,328 --a------ c:\windows\system32\drivers\HookCentre.sys
2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\G DATA
2008-12-27 16:03 . 2008-12-27 16:03 <REP> d-------- c:\program files\Fichiers communs\G DATA
2008-12-27 16:03 . 2008-12-27 16:11 <REP> d-------- c:\documents and settings\All Users\Application Data\G DATA
2008-12-27 16:03 . 2008-12-29 08:48 <REP> d--hs---- C:\#GDATA.Trash.Store#
2008-12-27 16:03 . 2008-12-27 16:31 51,016 --a------ c:\windows\system32\drivers\GDTdiIcpt.sys
2008-12-27 16:03 . 2008-12-27 16:03 22,272 --a------ c:\windows\system32\drivers\GDNdisIc.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 22:10 --------- d-----w c:\program files\eMule
2009-01-18 11:29 --------- d-----w c:\program files\Winamp
2009-01-18 11:25 --------- d-----w c:\documents and settings\Jacques\Application Data\Uniblue
2009-01-18 10:46 --------- d-----w c:\program files\Bonjour
2009-01-15 08:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-12 08:37 --------- d-----w c:\documents and settings\Jacques\Application Data\Nikon
2009-01-12 08:33 --------- d-----w c:\program files\Fichiers communs\Nikon
2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\Ultima_T15
2009-01-12 08:32 --------- d-----w c:\documents and settings\All Users\Application Data\EnterNHelp
2009-01-11 12:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 09:30 --------- d-----w c:\documents and settings\Jacques\Application Data\Vso
2009-01-07 08:41 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-02 16:25 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-29 16:17 --------- d-----w c:\program files\LimeWire
2008-12-29 08:50 --------- d-----w c:\documents and settings\Jacques\Application Data\LimeWire
2008-12-29 07:47 --------- d-----w c:\documents and settings\Jacques\Application Data\uTorrent
2008-12-28 16:58 --------- d-----w c:\program files\Google
2008-12-28 08:35 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-27 15:35 --------- d-----w c:\documents and settings\Jacques\Application Data\vlc
2008-12-27 15:28 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-19 15:34 --------- d-----w c:\program files\Xvid
2008-12-18 09:02 --------- d-----w c:\documents and settings\Jacques\Application Data\muvee Technologies
2008-12-18 09:02 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-12-18 08:39 --------- d-----w c:\program files\iTunes
2008-12-18 08:39 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-18 08:38 --------- d-----w c:\program files\QuickTime
2008-12-18 08:38 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-18 08:30 --------- d-----w c:\program files\Creative
2008-12-18 08:21 --------- d-----w c:\documents and settings\Jacques\Application Data\Creative
2008-12-18 08:16 --------- d-----w c:\documents and settings\All Users\Application Data\muvee Technologies
2008-12-18 07:21 --------- d-----w c:\program files\Windows Live
2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-18 07:21 --------- d-----w c:\program files\Microsoft Office Outlook Connector
2008-12-18 07:20 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-18 07:18 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-18 07:18 --------- d-----w c:\program files\Microsoft
2008-12-17 19:10 --------- d-----w c:\documents and settings\Jacques\Application Data\EPSON
2008-12-17 09:34 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-15 09:18 --------- d-----w c:\program files\Activision
2008-12-14 18:56 --------- d-----w c:\program files\SFR
2008-12-14 09:17 --------- d-----w c:\program files\Java
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-08 20:20 16,608 ----a-w c:\windows\gdrv.sys
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-12-04 20:46 180,224 ----a-w c:\windows\system32\xvidvfw.dll
2008-12-04 20:42 815,104 ----a-w c:\windows\system32\xvidcore.dll
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-12-01 05:58 --------- d-----w c:\program files\CyberLink
2008-12-01 05:58 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-28 16:13 --------- d-----w c:\documents and settings\Jacques\Application Data\Winamp
2008-11-28 15:49 --------- d-----w c:\program files\Fichiers communs\CyberLink
2008-11-28 15:47 29,480 ----a-w c:\windows\system32\msxml3a.dll
2008-11-26 00:04 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-24 13:40 22,328 ----a-w c:\documents and settings\Jacques\Application Data\PnkBstrK.sys
2008-10-06 18:24 47,360 ----a-w c:\documents and settings\Jacques\Application Data\pcouffin.sys
2008-12-17 23:04 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 23:04 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 23:04 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-06 17:29 650,240 ----a-w c:\program files\mozilla firefox\components\nsadsoftinc.dll
2008-10-07 13:19 366,592 ----a-w c:\program files\mozilla firefox\components\nsprecisead.dll
2008-12-17 23:04 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 23:04 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092920081006\index.dat
2008-10-11 08:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008101120081012\index.dat
.
((((((((((((((((((((((((((((( snapshot_2009-01-24_ 9.08.07,35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-24 20:58:45 27,280 ----a-w c:\windows\Temp\cteng_1_1_101232830728.dat
+ 2009-01-24 16:57:57 36,040 ----a-w c:\windows\Temp\cteng_1_1_121232813119.dat
+ 2009-01-24 18:58:28 35,908 ----a-w c:\windows\Temp\cteng_1_1_141232820321.dat
+ 2009-01-24 18:58:31 31,964 ----a-w c:\windows\Temp\cteng_1_1_161232823341.dat
+ 2009-01-24 09:28:26 45,564 ----a-w c:\windows\Temp\cteng_1_1_181232787925.dat
+ 2009-01-25 17:18:00 36,648 ----a-w c:\windows\Temp\cteng_1_1_231232899528.dat
+ 2009-01-25 10:42:58 39,224 ----a-w c:\windows\Temp\cteng_1_1_71232875626.dat
+ 2009-01-25 17:18:00 41,596 ----a-w c:\windows\Temp\cteng_1_1_81232889118.dat
+ 2009-01-25 10:42:59 321,712 ----a-w c:\windows\Temp\cteng_1_2_131232877801.dat
+ 2009-01-25 17:18:00 221,364 ----a-w c:\windows\Temp\cteng_1_2_141232881524.dat
+ 2009-01-25 17:18:01 156,108 ----a-w c:\windows\Temp\cteng_1_2_161232903129.dat
+ 2009-01-25 10:42:59 225,892 ----a-w c:\windows\Temp\cteng_1_2_171232877929.dat
+ 2009-01-25 17:18:01 156,884 ----a-w c:\windows\Temp\cteng_1_2_181232899551.dat
+ 2009-01-25 17:18:01 198,280 ----a-w c:\windows\Temp\cteng_1_2_201232890744.dat
+ 2009-01-25 17:18:02 270,356 ----a-w c:\windows\Temp\cteng_1_2_221232888732.dat
+ 2009-01-24 11:29:01 308,608 ----a-w c:\windows\Temp\cteng_1_2_231232795127.dat
+ 2009-01-25 10:43:00 133,292 ----a-w c:\windows\Temp\cteng_1_2_251232863527.dat
+ 2009-01-24 14:57:12 285,732 ----a-w c:\windows\Temp\cteng_1_2_271232805924.dat
+ 2009-01-25 10:43:00 241,696 ----a-w c:\windows\Temp\cteng_1_2_281232870726.dat
+ 2009-01-25 10:43:01 332,996 ----a-w c:\windows\Temp\cteng_1_2_291232879169.dat
+ 2009-01-24 10:28:43 271,864 ----a-w c:\windows\Temp\cteng_1_2_301232791518.dat
+ 2009-01-25 10:43:01 177,508 ----a-w c:\windows\Temp\cteng_1_2_311232831130.dat
+ 2009-01-25 10:43:02 198,124 ----a-w c:\windows\Temp\cteng_1_2_331232873802.dat
+ 2009-01-25 17:18:02 111,888 ----a-w c:\windows\Temp\cteng_1_2_341232895934.dat
+ 2009-01-25 10:43:02 276,436 ----a-w c:\windows\Temp\cteng_1_2_71232875624.dat
+ 2009-01-25 17:07:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_704.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{945aa210-3579-d1c7-bff3-f8e0d7da8d53}]
2009-01-06 18:29 679424 --a------ c:\windows\system32\nsf26.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"Uniblue Registry Booster"="c:\program files\Uniblue\Registry Booster\RegistryBooster.exe" [2006-09-28 1396736]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2008-08-04 488808]
"Foxmail"="c:\program files\Foxmail\Foxmail.exe" [2004-08-02 3272704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"GDFirewallTray"="c:\program files\G DATA\TotalCare\Firewall\GDFirewallTray.exe" [2008-09-09 1037992]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\TotalCare\AVKTray\AVKTray.exe" [2008-11-24 958024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]
c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]
c:\documents and settings\Jacques\Menu D‚marrer\Programmes\D‚marrage\
Nikon Monitor.lnk - c:\program files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0OODBS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnumanLive]
-ra------ 2008-04-11 19:50 347648 c:\documents and settings\Jacques\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-01 14:23 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53773:TCP"= 53773:TCP:emule tcp
"16399:UDP"= 16399:UDP:emule udp
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2008-12-27 22272]
R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2008-12-27 68424]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-09-30 93696]
R3 GDFwSvc;Pare-feu personnel G DATA;c:\program files\G DATA\TotalCare\Firewall\GDFwSvc.exe [2008-08-15 1407976]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2008-12-27 48712]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2008-12-27 32328]
R4 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-06-27 16:50:32 61424]
R4 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe [2008-09-08 1016904]
R4 AVKService;Planificateur G DATA;c:\program files\G DATA\TotalCare\AVK\AVKService.exe [2008-09-08 386120]
R4 AVKWCtl;Gardien d'AntiVirus;c:\program files\G DATA\TotalCare\AVK\AVKWCtl.exe [2008-08-14 1185496]
R4 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2008-12-27 51016]
S3 G DATA Tuner Service;G DATA Tuner Service;c:\program files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe [2008-08-19 925768]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-10-02 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-10-02 13312]
S3 P1370Aud;Creative WebCam Audio Control;c:\windows\system32\drivers\P1370Aud.sys [2008-12-18 93056]
S3 P1370Aul;PD1370 Lower Filter Driver;c:\windows\system32\drivers\P1370Aul.sys [2008-12-18 4992]
S3 P1370VID;Live! Cam Voice;c:\windows\system32\drivers\P1370Vid.sys [2008-12-18 179328]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [2009-01-14 98488]
S3 Service de sauvegarde G DATA;Service de sauvegarde G DATA;c:\program files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe [2008-08-22 880200]
S3 UltraMonMirror;UltraMonMirror;c:\windows\system32\DRIVERS\UltraMonMirror.sys --> c:\windows\system32\DRIVERS\UltraMonMirror.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b77caa-8f11-11dd-b90a-806d6172696f}]
\Shell\AutoRun\command - J:\Launch.exe
.
Contenu du dossier 'Tâches planifiées'
2009-01-25 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{E639E9C3-ADB4-61D9-262B-0624B2AC2AEC} - c:\windows\system32\bmebuqjhloygkrxtf.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel
FF - ProfilePath - c:\documents and settings\Jacques\Application Data\Mozilla\Firefox\Profiles\qn6y59q6.default\
---- PARAMETRES FIREFOX ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 18:22:28
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1960408961-117609710-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:70,cd,3d,9f,fb,04,c1,88,c0,3e,16,1e,95,be,42,cc,fa,39,1c,35,e6,
2d,56,91,6c,33,af,ce,f6,84,81,11,ec,51,3a,92,4c,df,b4,99,e4,d6,00,b8,34,a8,\
"rkeysecu"=hex:90,35,3a,83,0b,f6,a1,91,59,e3,93,c8,c6,aa,5b,5e
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:fa,1f,4e,6a,ec,41,da,68,df,fc,f3,f4,de,48,a5,31,bb,39,42,b8,86,
01,c2,3b,5b,da,78,a1,ba,6d,f1,8d,29,20,7d,eb,8e,55,d4,52,64,e4,9c,d9,a3,d9,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG06.00.00.01WORKSTATION"="55B7733310162CB888C7860131300449D1A069E7434D25A4272B8D9A8E07EE98BB6238A8497947BEF678953B72B4D239B78CA1D8842E8B0068E8E3BA6B511FBF61D7F1B5D3981EC9238550AFC7B57E13547293A59AD0E93E1B755B42A54D6240C04F1D05D3A82D09A1CD397981E318C679FAE47AA27C86B270E1628C47F953EB85640CC36005836EBD15A6B5E2134388ADB211862FA0376ECAA5387BCE0020D71013612305AC442FF382C088A4B9B94DAC0AE57E42FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D1407789133A894319A28CE3858370EDD2A2F47931148E4143B99EAC0FA1F699C57B512EC513F7435EFAA569A25B6977BA3A60E2C302DE2AA95DCCD4A304BB39BD0508D0F56709CA2C4F14B0D46305039478BCC17A5302B712BFC60E838C6434268C741148FF00A9D536D7CBEC9967D5C5F1BEC38E0A06F75F925C4D7055AD281ED542A29902A211ADA025EF48411CD81BC867C0B1502C41581734064CA89001E301FE3142FBA2BE21D0707088C79519532F1AA1B3B0D2586C7F83DF003074E328649332A84F250956148B364BCDDFADB18F74D8A102CECCE553D4AF3EA3C23A84BE500D7EFD82324F185C30AB482A56ACA24DD0E9200DDCB353917788344C9435AF9D31B122695D21EF33C0C575C8C2E287778EE86DA1E2CF95C7B1B92F26F969682DC89D2487D3EB8BA43144C164EE315685D8B764436743706718F20C8A80B66EDEFC7DB6019D11775A6DEFD8F729FF7DE73D3ABF7157B068E151C7901695F311E82149AC386CF143654BB1CD8DF473EB7C14DB7E60A6E02BFAA9AB0078DA165EB303B417D49CE8FFEE10F99BB6216D5C47692EEB24B4B4DD595799A7B53387521B620C64948B6EBC785D0ADAFAB1A34CA614FE93373678C05E1B9CFB35C5B57FD7ABCE49ACF480F7E9D0F54E4CE38CE02F74583757DE9E6F13D73AE37B0188334029999158E13648028674BBD45A42318D2CADB374DCD8A387850D74239CFF76BF8D8A713977D5A25C91096D0EA6B31AEAF47D76C27E427E30A8E2F47C335B6BD2C2B94A16341E231C9CF7C6781EA7AD96E3920BDB4D071F78B01DEE80553453C10D7AA83