Tom's Guide > Forum > Sécurité - Virus > Possible virus

Possible virus

Forum Sécurité - Virus : Possible virus

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !

Contenu relatif
Actualités
Téléchargement

Voir tous les sujets correspondants à "possible virus"

Créer un nouveau sujet Répondre

Bas de page Chercher dans ce sujet

Bonjour a tous,
Depuis hier l'application explorer.exe ne fonctione pu très bien: toute les 10 secondes ma barre des taches et mes icones disparaissent puis réaparaissent.

Voici le rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:13, on 23/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Thomas\Downloads\HiJackThis.exe
C:\Windows\Explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqRIbyAs.dll,#1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Thomas\AppData\Local\Temp\iifcCtSK.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Thomas\AppData\Local\Temp\jkkIbcdA.dll,#1
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/re [...] dfr-fr.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] 0_0_32.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F13CEB-4EE3-4BF5-968C-01D8D097166A}: NameServer = 193.70.152.15,193.70.152.25
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4970 bytes

Merci de votre aide

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

Bonjour,

Tu as une infection Vundo/Virtumonde.

Désactive l'UAC le temps de la désinfection.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

Télécharge ComboFix (sUBs) sur ton Bureau.
Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

Répondre à Destrio5

Apparament problème résolu.
Merci De ton aide
Voici le rapport:
ComboFix 09-04-23.A3 - Thomas 23/04/2009 16:05:17.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.33.1036.18.2047.876 [GMT 2:00]
Lancé depuis: C:\Users\Thomas\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\ZangoSA
C:\ProgramData\ZangoSA\ZangoSA.dat
C:\ProgramData\ZangoSA\ZangoSA_kyf.dat
C:\ProgramData\ZangoSA\ZangoSAAbout.mht
C:\ProgramData\ZangoSA\ZangoSAau.dat
C:\ProgramData\ZangoSA\ZangoSAEula.mht
C:\Users\Thomas\AppData\Local\akouwme.dat
C:\Users\Thomas\AppData\Local\akouwme_nav.dat
C:\Users\Thomas\AppData\Local\akouwme_navps.dat
C:\Users\Thomas\AppData\Local\Temp\iifcCtSK.dll
C:\Users\Thomas\AppData\Roaming\.#
C:\Users\Thomas\AppData\Roaming\.#\MBX@1178@3E28C8.###
C:\Users\Thomas\AppData\Roaming\.#\MBX@1178@3E28F8.###
C:\Users\Thomas\AppData\Roaming\.#\MBX@1178@3E2928.###
C:\Users\Thomas\AppData\Roaming\.#\MBX@14D4@3828C8.###
C:\Users\Thomas\AppData\Roaming\.#\MBX@14D4@3828F8.###
C:\Users\Thomas\AppData\Roaming\.#\MBX@14D4@382928.###
C:\Users\Thomas\AppData\Roaming\.#\MBX@A60@1A328C8.###
C:\Users\Thomas\AppData\Roaming\.#\MBX@A60@1A328F8.###
C:\Users\Thomas\AppData\Roaming\.#\MBX@A60@1A32928.###
C:\Users\Thomas\AppData\Roaming\inst.exe
C:\Users\Thomas\AppData\Roaming\Zango
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\dynamic\3430625.sdf
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\dynamic\domains.txt
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\dynamic\TooltipXML\6002
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\dynamic\TooltipXML\60421
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\dynamic\TooltipXML\82387
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\dynamic\TooltipXML\87587
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\dynamic\ustat\3713.dat
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\avatar.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\btntrans.idx
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\btntrans1.dat
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\buttondir.txt
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\components.cdf
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\cursors.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\d_icons_weather.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\default.cdf
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_categorize.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_comparison.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_favorites.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_Games.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_Hide.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_jemster.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_Mails.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_new.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_premium.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_reun.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_weather.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\editblbuttons.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\email-t1-bg.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\icons2.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\ie_games_icon.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\ie_video.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\keywords.idx
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\keywords1.dat
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\layout.cdf
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\linkpathlegal.txt
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\progress.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\s_icons_buttons.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\sales_buttons.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\sdfmodifier.xml
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\t2_bg.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\theweb.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\top7.cdf
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\tsd_bg.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\zango_btn.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\1\zango_ie_menu.res
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\avatar.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\Users\Thomas\AppData\Roaming\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-23 au 2009-4-23 ))))))))))))))))))))))))))))))))))))
.

2040-03-01 13:17:39 . 2040-03-01 13:17:39 6136 ----a-w C:\Users\Thomas\AppData\Local\TimerStop64.sys
2040-03-01 13:17:39 . 2040-03-01 13:17:39 4096 ----a-w C:\Users\Thomas\AppData\Local\TimerStop.sys
2009-04-23 13:52:20 . 2009-04-23 13:52:20 0 d-----w C:\Users\Thomas\AppData\Roaming\Malwarebytes
2009-04-23 13:52:18 . 2009-04-06 13:32:46 15504 ----a-w C:\Windows\system32\drivers\mbam.sys
2009-04-23 13:52:16 . 2009-04-06 13:32:54 38496 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2009-04-23 13:52:15 . 2009-04-23 13:52:15 0 d-----w C:\Users\All Users\Malwarebytes
2009-04-23 13:52:15 . 2009-04-23 13:52:15 0 d-----w C:\ProgramData\Malwarebytes
2009-04-23 13:52:14 . 2009-04-23 13:52:19 0 d-----w C:\Program Files\Malwarebytes' Anti-Malware
2009-04-22 16:50:41 . 2009-04-22 16:50:42 0 d--h--w C:\Users\Thomas\Zero G Registry
2009-04-22 16:50:41 . 2009-04-22 16:50:41 0 d-----w C:\Users\Thomas\Simulatlas Pkgs
2009-04-21 17:22:29 . 2009-04-21 17:22:29 0 d-----w C:\Users\All Users\NexonUS
2009-04-21 17:22:29 . 2009-04-21 17:22:29 0 d-----w C:\ProgramData\NexonUS
2009-04-21 16:38:33 . 2009-04-21 17:33:53 0 d-----w C:\Users\Thomas\AppData\Local\PMB Files
2009-04-21 16:38:31 . 2009-04-21 16:38:44 0 d-----w C:\Users\All Users\PMB Files
2009-04-21 16:38:31 . 2009-04-21 16:38:44 0 d-----w C:\ProgramData\PMB Files
2009-04-13 19:08:11 . 2009-03-19 14:32:48 23400 ----a-w C:\Windows\system32\drivers\GEARAspiWDM.sys
2009-04-13 19:08:11 . 2008-04-17 10:12:54 107368 ----a-w C:\Windows\system32\GEARAspi.dll
2009-04-13 19:08:00 . 2009-04-13 19:08:00 0 d-----w C:\Program Files\iPod
2009-04-13 19:07:47 . 2009-04-13 19:08:11 0 d-----w C:\Users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-13 19:07:47 . 2009-04-13 19:08:11 0 d-----w C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-13 19:07:46 . 2009-04-13 19:08:11 0 d-----w C:\Program Files\iTunes
2009-04-08 15:07:50 . 1999-06-21 03:10:00 185344 ------w C:\Windows\system32\bdeadmin.cpl
2009-04-08 15:07:48 . 2009-04-08 15:07:48 0 d-----w C:\Program Files\Common Files\Borland Shared
2009-04-07 20:37:28 . 2009-04-08 15:07:48 0 d-----w C:\Program Files\Micro Application
2009-03-31 21:40:23 . 2009-03-31 21:40:23 284 ----a-w C:\sqmnoopt00.sqm
2009-03-31 18:25:59 . 2009-03-31 18:25:59 0 d-----w C:\Program Files\GTA4MODS.com
2009-03-31 12:53:16 . 2009-03-31 12:53:16 107888 ----a-w C:\Windows\system32\CmdLineExt.dll
2009-03-30 20:40:49 . 2009-03-30 20:40:49 0 d-----w C:\Users\Thomas\AppData\Local\savegames
2009-03-30 11:54:38 . 2009-03-30 11:54:38 0 d-----w C:\Users\Thomas\AppData\Roaming\New Technology Studio
2009-03-26 13:23:46 . 2009-03-26 13:23:46 36864 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2009-03-26 13:23:46 . 2009-03-26 13:23:46 1900544 ----a-w C:\Windows\system32\usbaaplrc.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 17:36:25 . 2008-12-14 21:39:59 0 d-----w C:\Program Files\a-squared Free
2009-04-17 11:37:37 . 2008-06-09 07:56:22 0 d-----w C:\ProgramData\Microsoft Help
2009-04-14 18:45:51 . 2006-11-02 16:03:54 36898 ----a-w C:\Windows\System32\perfc00C.dat
2009-04-14 18:45:51 . 2006-11-02 16:03:54 107272 ----a-w C:\Windows\System32\perfh00C.dat
2009-04-13 20:45:21 . 2006-11-02 10:25:05 51200 ----a-w C:\Windows\Inf\infpub.dat
2009-04-13 20:45:20 . 2006-11-02 10:25:05 143360 ----a-w C:\Windows\Inf\infstrng.dat
2009-04-13 19:07:59 . 2008-08-26 10:37:25 0 d-----w C:\Program Files\Common Files\Apple
2009-04-13 19:06:58 . 2008-05-18 12:17:45 0 d-----w C:\Program Files\Bonjour
2009-04-13 19:06:40 . 2006-11-02 10:25:05 86016 ----a-w C:\Windows\Inf\infstor.dat
2009-04-08 15:08:47 . 2009-04-08 15:13:24 69849 ----a-w C:\Uninst.isu
2009-04-08 15:07:51 . 2009-04-08 15:13:24 28610 ----a-w C:\spiele.ini
2009-04-07 20:37:28 . 2008-05-18 09:49:39 0 d--h--w C:\Program Files\InstallShield Installation Information
2009-04-03 12:33:29 . 2008-05-15 20:27:19 7728 ----a-w C:\Users\Thomas\AppData\Local\d3d9caps.dat
2009-04-01 16:29:59 . 2008-05-15 20:27:42 117320 ----a-w C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-31 21:19:48 . 2008-06-10 08:43:24 0 d-----w C:\Program Files\Ubisoft
2009-03-22 18:45:40 . 2009-03-19 18:17:45 2714 ----a-w C:\Users\Thomas\AppData\Roaming\SAS7_000.DAT
2009-03-19 17:51:32 . 2009-03-19 17:51:32 0 d-----w C:\ProgramData\InstallShield
2009-03-19 17:51:20 . 2009-03-19 17:51:20 0 d-----w C:\Users\Thomas\AppData\Roaming\Nuance
2009-03-19 17:48:04 . 2009-03-19 17:48:04 0 d-----w C:\ProgramData\ScanSoft
2009-03-19 17:48:04 . 2009-03-19 17:48:04 0 d-----w C:\Program Files\Common Files\ScanSoft Shared
2009-03-19 17:48:02 . 2009-03-19 17:48:02 0 d-----w C:\Program Files\Common Files\Nuance
2009-03-19 17:48:02 . 2008-05-18 09:49:05 0 d-----w C:\Program Files\Common Files\InstallShield
2009-03-19 17:47:16 . 2009-03-19 17:47:16 0 d-----w C:\ProgramData\Nuance
2009-03-19 17:47:16 . 2009-03-19 17:47:16 0 d-----w C:\Program Files\Nuance
2009-03-17 03:38:46 . 2009-04-16 20:53:10 40960 ----a-w C:\Windows\AppPatch\apihex86.dll
2009-03-17 03:38:46 . 2009-04-16 20:53:10 13824 ----a-w C:\Windows\System32\apilogen.dll
2009-03-17 03:38:44 . 2009-04-16 20:53:10 24064 ----a-w C:\Windows\System32\amxread.dll
2009-03-12 16:49:36 . 2006-11-02 11:18:33 0 d-----w C:\Program Files\Windows Mail
2009-03-11 17:00:49 . 2009-03-11 17:00:47 0 d-----w C:\Program Files\GraphSight Junior v.1.0
2009-03-11 16:55:21 . 2009-03-11 16:55:19 0 d-----w C:\Program Files\FindGraph
2009-03-11 16:55:21 . 2009-03-11 16:53:48 0 d-----w C:\Users\Thomas\AppData\Roaming\GetRightToGo
2009-03-11 16:12:42 . 2009-03-11 16:12:42 0 d-----w C:\Users\Thomas\AppData\Roaming\OpenOffice.org
2009-03-11 16:10:15 . 2009-03-11 16:10:15 0 d-----w C:\Program Files\JRE
2009-03-11 16:10:15 . 2009-03-11 16:10:12 0 d-----w C:\Program Files\OpenOffice.org 3
2009-03-11 16:09:46 . 2008-05-22 20:40:10 0 d-----w C:\Program Files\OpenOffice.org 2.3
2009-03-11 16:07:36 . 2008-05-17 12:16:09 0 d-----w C:\Program Files\Java
2009-03-10 12:40:44 . 2009-03-10 12:40:44 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-03-08 21:17:20 . 2009-03-08 21:17:20 0 d-----w C:\Program Files\Free iPod Video Converter
2009-03-08 19:26:01 . 2008-08-26 10:40:44 0 d-----w C:\Users\Thomas\AppData\Roaming\Apple Computer
2009-03-08 18:38:07 . 2009-03-08 18:37:44 0 d-----w C:\Program Files\QuickTime
2009-03-08 18:36:31 . 2009-03-08 18:36:30 0 d-----w C:\Program Files\Apple Software Update
2009-03-08 18:19:29 . 2006-11-02 12:35:50 0 d-----w C:\Program Files\Microsoft Games
2009-03-08 12:57:40 . 2009-03-07 17:43:16 0 d-----w C:\Program Files\Paja
2009-03-07 17:44:26 . 2009-03-07 17:44:26 0 d-----w C:\Program Files\ScanSoft
2009-03-07 17:18:18 . 2009-03-07 17:18:18 0 d-----w C:\Program Files\Common Files\xing shared
2009-03-07 17:18:10 . 2009-03-07 17:17:42 0 d-----w C:\Program Files\Common Files\Real
2009-03-07 17:17:48 . 2009-03-07 17:17:48 0 d-----w C:\Program Files\Real
2009-03-03 04:46:01 . 2009-04-16 20:53:15 3599328 ----a-w C:\Windows\System32\ntkrnlpa.exe
2009-03-03 04:46:01 . 2009-04-16 20:53:15 3547632 ----a-w C:\Windows\System32\ntoskrnl.exe
2009-03-03 04:40:12 . 2009-04-16 20:53:03 827392 ----a-w C:\Windows\System32\wininet.dll
2009-03-03 04:39:36 . 2009-04-16 20:53:14 183296 ----a-w C:\Windows\System32\sdohlp.dll
2009-03-03 04:39:32 . 2009-04-16 20:53:16 551424 ----a-w C:\Windows\System32\rpcss.dll
2009-03-03 04:39:22 . 2009-04-16 20:53:14 26112 ----a-w C:\Windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37:14 . 2009-04-16 20:53:02 78336 ----a-w C:\Windows\System32\ieencode.dll
2009-03-03 04:37:11 . 2009-04-16 20:53:14 98304 ----a-w C:\Windows\System32\iasrecst.dll
2009-03-03 04:37:11 . 2009-04-16 20:53:14 54784 ----a-w C:\Windows\System32\iasads.dll
2009-03-03 04:37:11 . 2009-04-16 20:53:14 44032 ----a-w C:\Windows\System32\iasdatastore.dll
2009-03-03 03:04:59 . 2009-04-16 20:53:14 666624 ----a-w C:\Windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38:13 . 2009-04-16 20:53:14 17408 ----a-w C:\Windows\System32\iashost.exe
2009-03-03 02:28:19 . 2009-04-16 20:53:02 26624 ----a-w C:\Windows\System32\ieUnatt.exe
2009-03-01 13:15:05 . 2009-03-01 13:15:05 4096 ----a-w C:\Windows\System32\28536.sys
2009-03-01 13:15:02 . 2009-03-01 13:15:02 142094 ----a-w C:\Users\Thomas\AppData\Local\TimerLockSetup.exe
2009-02-26 13:33:21 . 2008-05-28 08:56:56 0 d-----w C:\Program Files\Microsoft Silverlight
2009-02-25 22:59:51 . 2009-02-25 22:59:51 4385792 ----a-w C:\Windows\system32\drivers\atikmdag.sys
2009-02-25 22:47:33 . 2008-12-15 11:46:30 0 d-----w C:\ProgramData\NortonInstaller
2009-02-25 21:36:33 . 2009-02-25 21:36:33 442368 ----a-w C:\Windows\System32\ATIDEMGX.dll
2009-02-25 21:34:55 . 2008-03-29 04:19:10 159744 ----a-w C:\Windows\System32\atitmmxx.dll
2009-02-25 21:34:41 . 2008-03-29 04:18:59 348160 ----a-w C:\Windows\System32\atipdlxx.dll
2009-02-25 21:34:31 . 2009-02-25 21:34:31 274432 ----a-w C:\Windows\System32\Oemdspif.dll
2009-02-25 21:34:25 . 2009-02-25 21:34:25 12288 ----a-w C:\Windows\System32\atimuixx.dll
2009-02-25 21:34:19 . 2009-02-25 21:34:19 43520 ----a-w C:\Windows\System32\ati2edxx.dll
2009-02-25 21:34:08 . 2009-02-25 21:34:08 278528 ----a-w C:\Windows\System32\Ati2evxx.dll
2009-02-25 21:32:54 . 2009-02-25 21:32:54 733184 ----a-w C:\Windows\System32\Ati2evxx.exe
2009-02-25 21:24:13 . 2009-02-25 21:24:13 2396160 ----a-w C:\Windows\System32\atidxx32.dll
2009-02-25 21:18:08 . 2008-03-29 04:05:15 3839488 ----a-w C:\Windows\System32\atiumdag.dll
2009-02-25 21:04:46 . 2009-02-25 21:04:46 11513856 ----a-w C:\Windows\System32\atioglxx.dll
2009-02-25 20:56:42 . 2009-02-25 20:56:42 4944896 ----a-w C:\Windows\System32\atiumdva.dll
2009-02-25 20:42:42 . 2009-02-25 20:42:42 51712 ----a-w C:\Windows\System32\amdpcom32.dll
2009-02-25 20:42:17 . 2009-02-25 20:42:17 135168 ----a-w C:\Windows\System32\atiadlxx.dll
2009-02-25 20:38:12 . 2009-02-25 20:38:12 53248 ----a-w C:\Windows\System32\aticalrt.dll
2009-02-25 20:37:59 . 2009-02-25 20:37:59 53248 ----a-w C:\Windows\System32\aticalcl.dll
2009-02-25 20:36:20 . 2009-02-25 20:36:20 3235840 ----a-w C:\Windows\System32\aticaldd.dll
2009-02-25 20:29:22 . 2009-02-25 20:29:22 53248 ----a-w C:\Windows\system32\drivers\ati2erec.dll
2009-02-24 13:13:38 . 2009-01-01 21:56:52 0 d-----w C:\Program Files\PokerStars.IT
2009-02-13 08:49:10 . 2009-04-16 20:53:10 72704 ----a-w C:\Windows\System32\secur32.dll
2009-02-13 08:49:09 . 2009-04-16 20:53:12 1255936 ----a-w C:\Windows\System32\lsasrv.dll
2009-02-09 03:10:34 . 2009-03-11 13:14:48 2033152 ----a-w C:\Windows\System32\win32k.sys
2009-02-06 18:39:24 . 2009-02-06 18:39:24 308600 ----a-w C:\Windows\WLXPGSS.SCR
2009-02-06 17:52:40 . 2009-02-06 17:52:40 49504 ----a-w C:\Windows\System32\sirenacm.dll
2008-12-04 16:31:51 . 2008-05-31 11:20:53 22328 ----a-w C:\Users\Thomas\AppData\Roaming\PnkBstrK.sys
2008-12-01 12:09:06 . 2008-10-09 13:09:39 93 ----a-w C:\Users\Thomas\AppData\Local\daxncbp.bat
2008-05-31 18:20:26 . 2008-05-31 18:20:26 94 ----a-w C:\Users\Thomas\AppData\Local\fusioncache.dat
2008-05-22 13:20:50 . 2008-05-22 13:20:50 95781 ----a-w C:\Users\All Users\vlc.exe
2008-05-22 13:20:50 . 2008-05-22 13:20:50 95781 ----a-w C:\ProgramData\vlc.exe
2008-05-22 13:20:50 . 2008-05-22 13:20:11 1189108 ----a-w C:\Users\All Users\CCleaner.exe
2008-05-22 13:20:50 . 2008-05-22 13:20:11 1189108 ----a-w C:\ProgramData\CCleaner.exe
2008-05-22 13:20:12 . 2008-05-22 13:20:12 1577005 ----a-w C:\Users\All Users\DivX Player.exe
2008-05-22 13:20:12 . 2008-05-22 13:20:12 1577005 ----a-w C:\ProgramData\DivX Player.exe
2008-05-18 11:18:44 . 2008-05-18 11:18:44 47360 ----a-w C:\Users\Thomas\AppData\Roaming\pcouffin.sys
2008-05-16 14:37:02 . 2008-05-16 14:37:02 552 ----a-w C:\Users\Thomas\AppData\Local\d3d8caps.dat
2008-05-21 17:27:53 . 2008-05-21 17:28:00 32768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008052120080522\index.dat
2008-12-07 01:55:50 . 2008-12-05 21:24:40 122912 --sha-w C:\Windows\System32\drivers\fidbox2.dat
2008-04-11 21:05:22 . 2008-04-11 19:35:16 8192 --sha-w C:\Windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2008-06-10 03:27:02 509328 ----a-w C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2009-01-22 14:41:30 408448 ----a-w C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 17:51:28 3885408]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2009-02-22 19:15:14 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-01-05 15:18:48 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2009-04-02 14:11:02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStatusMessages"= 1 (0x1)
"EnableLUA"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCpl"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuSubFolders"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2008-04-11 20:36:57 233984]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=C:\Windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=C:\Windows\pss\DataViz Inc Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\Windows\pss\Kodak software updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logiciel Kodak EasyShare.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logiciel Kodak EasyShare.lnk
backup=C:\Windows\pss\Logiciel Kodak EasyShare.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Matrix Screen Locker.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Matrix Screen Locker.lnk
backup=C:\Windows\pss\Matrix Screen Locker.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ONSPEED.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ONSPEED.lnk
backup=C:\Windows\pss\ONSPEED.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
backup=C:\Windows\pss\Wireless Connection Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
path=C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
backup=C:\Windows\pss\DesktopVideoPlayer.LNK.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\Windows\pss\HotSync Manager.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=C:\Windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk]
path=C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerStrip.lnk
backup=C:\Windows\pss\PowerStrip.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
path=C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaGirl2.lnk
backup=C:\Windows\pss\VirtuaGirl2.lnk.Startup
backupExtension=.Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\\Nexon\\Combat Arms\\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\\Nexon\\Combat Arms\\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C2EE2CFD-A036-4AA6-97E9-088AA392AD04}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{629568D2-481C-45E5-8631-C72E572869EA}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{F7BDE86A-6959-4E27-8FE5-5F029621BFB3}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{D125F4B8-90A7-42E5-9320-06F82A8F30BA}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2DAFB7D3-23F1-4A5F-818E-163395035629}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{9251BB5E-4F92-4289-B3C5-6FF07135990E}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{B93C056E-EC89-4DBF-B6FB-7B2174139916}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\\Nexon\\Combat Arms\\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\\Nexon\\Combat Arms\\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

R1 epfwtdir;epfwtdir; [x]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; [x]
R1 vdrv9000;vdrv9000; [x]
R2 28536;28536;C:\Windows\System32\28536.sys [2009-03-01 13:15:05 4096]
R2 ekrn;Eset Service; [x]
R3 P1171VID;Creative WebCam Notebook 2;C:\Windows\system32\DRIVERS\P1171Vid.sys [2004-03-19 01:00:00 91392]
R3 WSIMD;wsimd Service;C:\Windows\system32\DRIVERS\wsimd.sys [2006-07-20 06:00:10 54432]
R4 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 10:31:16 566120]
R4 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 10:31:16 566120]
R4 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 13:46:50 216232]
S1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 12:12:34 12800]
S1 PStrip;PStrip;C:\Windows\system32\drivers\pstrip.sys [2007-07-15 01:37:04 27992]
S2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 16:01:52 55264]
S2 fsssvc;Windows Live Contrôle parental;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 17:08:58 533360]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\bdfndisf.sys [2007-10-19 11:17:08 87952]
S3 CLEDX;Team H2O CLEDX service;C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 18:08:40 33792]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2009-04-06 13:32:54 38496]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MBAMSWISSARMY

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{931ff3eb-2e40-11dd-a4a4-001c2530884d}]
\shell\AutoRun\command - J:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contenu du dossier 'Tâches planifiées'

2009-04-22 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2549099593-1315904904-3128934940-1000.job
- C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 18:13:06 . 2008-09-10 18:13:05]
.
- - - - ORPHELINS SUPPRIMES - - - -

SharedTaskScheduler-{8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll

.
------- Examen supplémentaire -------
.
mStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
IE: {{92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
TCP: {E2F13CEB-4EE3-4BF5-968C-01D8D097166A} = 193.70.152.15,193.70.152.25
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_0_32.cab
FF - ProfilePath - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\5jylc3sw.default\
FF - plugin: C:\Program Files\ma-config.com\nphardwaredetection.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Thomas\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll

---- PARAMETRES FIREFOX ----
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh2", false);
.
.
------- Associations de fichier -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
.

Répondre à logicielsdeouf

Tu as utilisé un programme du nom de TimerLockSetup ?

Répondre à Destrio5

non je pense pas.
Merci de ton aide

Répondre à logicielsdeouf

Je crois que ça sert à cracker Vista.

Répondre à Destrio5

dans ce cas la non.
Mais ya deux jours j'ai ouvert uin fichier qui était un fake donc c'était peut etre sa.

Répondre à logicielsdeouf

Dans ce cas-là, je vais te faire supprimer les fichiers mais ne me dis pas après que je t'ai retiré le crack de ton Vista (s'il est craké).

Répondre à Destrio5

ok
Comment je supprime le fichier?
Merci de ton aide

Répondre à logicielsdeouf

/!\ Seul logicielsdeouf peut suivre cette procédure /!\

Désactive toute protection résidente (Antivirus...) !

---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :

KillAll::

Driver::
28536

File::
C:\Users\Thomas\AppData\Local\TimerStop64.sys
C:\Users\Thomas\AppData\Local\TimerStop.sys
C:\Users\Thomas\AppData\Local\TimerLockSetup.exe
C:\Windows\System32\28536.sys

---> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes

- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.

---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :

Cela va relancer Combofix : au message qui apparaît, accepte.
Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt

Répondre à Destrio5

Mon ordi a redémarrer et je n'ai pas le rapport :S
Comment savoir si sa a bien marcher?

Merci

Répondre à logicielsdeouf

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
Double-clique sur RSIT.exe afin de lancer le programme.

(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

Clique sur Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Répondre à Destrio5

Bojour,
Merci de ton aide.
info.txt logfile of random's system information tool 1.06 2009-04-27 16:06:11

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x40c
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
3DMark Vantage-->C:\Program Files\InstallShield Installation Information\{C40C3C3D-97CF-44B5-836C-766E374464B3}\setup.exe -runfromtemp -l0x0009 -removeonly
Absolute MP3 Splitter version 2.7.1-->"C:\Program Files\Absolute MP3 Splitter\unins000.exe"
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Alice nel Paese delle Meraviglie-->"C:\Program Files\Alice nel Paese delle Meraviglie\UNWISE.EXE" "C:\Program Files\Alice nel Paese delle Meraviglie\INSTALL.LOG"
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
a-squared Free 3.5-->"C:\Program Files\a-squared Free\unins000.exe"
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATITool Overclocking Utility-->"C:\Program Files\ATITool\Uninstall.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AusLogics BoostSpeed-->"C:\Program Files\Auslogics\AusLogics BoostSpeed\unins000.exe"
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
Bestemmiatore1_1-->MsiExec.exe /I{26917BD4-CC0C-40FB-B7FD-13741B0053A7}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe"
CardRd81-->MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Combat Arms EU-->"C:\ProgramData\NexonEU\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexoneu.com/cbangm/NGM/Bin/NGMDll.dll -game:50340359 -locale:EU
Combat Arms-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
ConvertXtoDVD 3.2.1.55b-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
CPUCooL (remove only)-->"C:\Program Files\CPUCooL\CPUCooL-uninst.exe"
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Creative WebCam Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\setup.exe" -l0x40c /remove
Creative WebCam Notebook Driver (1.04.01.0322)-->C:\Windows\CtDrvIns.exe -uninstall -script Pd1171.uns -unsext NT -plugin P1171Pin.dll -pluginres P1171Pin.crl
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
D-Link RangeBooster N 650 DWA-547-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}\setup.exe" -l0x40c -removeonly
Documents To Go-->MsiExec.exe /X{194B2FE0-2B17-4DF2-A532-213FDFC87FB9}
Download Direct-->MsiExec.exe /I{DB6A8C83-EFF7-4955-BBD0-81C13DDE5395}
Dragon NaturallySpeaking 9-->MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVDCoach Express 1.0.0-->"C:\Program Files\Kibisoft\DVDCoach Express\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
ESET NOD32 Antivirus-->MsiExec.exe /I{855AF172-B32E-4A74-AC95-E798DD784ABC}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
EVEREST Ultimate Edition v5.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly
FindGraph 2.01-->"C:\Program Files\FindGraph\unins000.exe"
Free iPod Video Converter 1.34-->"C:\Program Files\Free iPod Video Converter\unins000.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
Geonaute KeyMaze 300-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35DFE767-D0DB-4228-A64E-7E6D50B6FEA4}\Setup.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly
GraphSight Junior v.1.0-->"C:\Program Files\GraphSight Junior v.1.0\uninstall.exe"
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly
GTA4 Mod Installer 0.4.0B-->C:\Program Files\GTA4MODS.com\GTA4 Mod Installer\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hitman Blood Money-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}\setup.exe" -l0xc0c -removeonly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
Kit Runtime VB6.0-->C:\WINDOWS\st6unst.exe -n "C:\Windows\system32\ST6UNST.LOG"
K-Lite Codec Pack 3.9.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Le Centre de Contrôle de Licences de Syncrosoft-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
LimeWire 5.0.11-->"C:\Program Files\LimeWire\uninstall.exe"
LMSOFT Web Creator Pro 4-->C:\PROGRA~1\MINDSC~1\WEBCRE~2\UNWISE.EXE C:\PROGRA~1\MINDSC~1\WEBCRE~2\INSTALL.LOG
Logiciel Kodak EasyShare-->C:\ProgramData\Kodak\EasyShareSetup\$SETUP_1e0002_1b582d\Setup.exe /APR-REMOVE
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Machine Check Analysis Tool-->MsiExec.exe /X{B23DD567-8CFF-40FF-A47C-6508D15986A0}
Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Matrix Screen Locker-->MsiExec.exe /X{34B426CD-5758-4309-AA64-3CAA49A55237}
Matroska Pack - Lazy Man's MKV 0.9.9-->"C:\Program Files\LD-Anime\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Flight Simulator X-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office 2000 Standard-->MsiExec.exe /I{0002040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 6.0 Standard Edition-->"C:\Program Files\Microsoft Visual Studio\VC98\Setup\1033\Setup.exe"
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Modèles de sons Windows-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8-->MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1036}
Nero Digital-->C:\Windows\UNNeroVision.exe /UNINSTALL
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA PhysX v8.10.17-->MsiExec.exe /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
OCCT Perestroika 3.0.0-->"C:\Program Files\OCCT\unins000.exe"
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Palm Desktop-->MsiExec.exe /X{B1D78321-7AB1-45A7-A084-885AF75B8F3D}
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PC Pad Profile Editor 1.0-->"C:\Program Files\PC Pad\unins000.exe"
PC Wizard 2008.1.82-->"C:\Program Files\PC Wizard 2008\unins000.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PL-2303 Vista Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}\setup.exe" -l0x9 -removeonly
PokerStars.it-->"C:\Program Files\PokerStars.IT\PokerStarsUninstall.exe" /uokerStars.it
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RealSpeak Solo per l'Italiano, Silvia-->MsiExec.exe /I{2F7E5F47-40EC-403E-844C-0874E07F5358}
RivaTuner v2.20-->"C:\Program Files\RivaTuner v2.20\uninstall.exe"
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly
Rome Total War - patch 1.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}\Setup.exe" -l0x40c
rPat...entino 3.01.01b-->"C:\Program Files\rpatentino\unins000.exe"
SBaGen 1.4.4-->"C:\Program Files\SBaGen\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steinberg Cubase SX 3-->"C:\Program Files\Steinberg\Cubase SX 3\Uninstall.exe" "C:\Program Files\Steinberg\Cubase SX 3\INSTALL.LOG"
Steinberg Cubase SX v3.1.1.944-->C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
SWAT 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8} uninstall
SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tests de QI et Mémoire-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A164036A-722E-41CB-A1C1-3C3825A575D6}\Setup.exe" -l0x40c
Tests de QI-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Micro Application\Tests de QI\Uninst.isu" -c"C:\Program Files\Micro Application\Tests de QI\Uninst.dll"
Tom Clancy's Rainbow Six Vegas 2-->"C:\Program Files\InstallShield Installation Information\{FD416706-875C-4B0B-A23A-9E740DAE029E}\setup.exe" -runfromtemp -l0x040c -removeonly
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Toy Story 2-->C:\Windows\IsUn040c.exe -fC:\PROGRA~3\DISNEY~1\JEUDAC~1\DeIsL1.isu
Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
UPX Shell-->C:\Program Files\UPX Shell\uninstall.exe
Version d'évaluation de Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~2\UNWISE.EXE C:\PROGRA~1\VIRTUA~2\INSTALL.LOG
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Movie Maker Bêta-->MsiExec.exe /X{F874DF52-A31F-44C1-A606-EF40F1549261}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
Xara3D6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64C96428-3A75-4AAE-A538-C450EF68175F}\setup.exe" -l0x9

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: PC-de-Thomas
Event Code: 7001
Message: Le service Gestionnaire de connexions d'accès distant dépend du service Téléphonie qui n'a pas pu démarrer en raison de l'erreur :
Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
Record Number: 751397
Source Name: Service Control Manager
Time Written: 20090427140348.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Thomas
Event Code: 7001
Message: Le service Gestionnaire de connexions d'accès distant dépend du service Téléphonie qui n'a pas pu démarrer en raison de l'erreur :
Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
Record Number: 751398
Source Name: Service Control Manager
Time Written: 20090427140348.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Thomas
Event Code: 7001
Message: Le service Gestionnaire de connexions d'accès distant dépend du service Téléphonie qui n'a pas pu démarrer en raison de l'erreur :
Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
Record Number: 751399
Source Name: Service Control Manager
Time Written: 20090427140439.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Thomas
Event Code: 7001
Message: Le service Gestionnaire de connexions d'accès distant dépend du service Téléphonie qui n'a pas pu démarrer en raison de l'erreur :
Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
Record Number: 751400
Source Name: Service Control Manager
Time Written: 20090427140445.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Thomas
Event Code: 7001
Message: Le service Gestionnaire de connexions d'accès distant dépend du service Téléphonie qui n'a pas pu démarrer en raison de l'erreur :
Le service ne peut pas être démarré parce qu'il est désactivé ou qu'aucun périphérique activé ne lui est associé.
Record Number: 751401
Source Name: Service Control Manager
Time Written: 20090427140445.000000-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC-de-Thomas
Event Code: 4105
Message: Windows est en période de notification.
Record Number: 25180
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090426155346.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-Thomas
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {dac9a9fc-9e27-487d-af06-b53f0d190af7}
Record Number: 25207
Source Name: VSS
Time Written: 20090426182942.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Thomas
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2549099593-1315904904-3128934940-1000_Classes:
Process 1704 (\Device\HarddiskVolume1\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2549099593-1315904904-3128934940-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

Record Number: 25213
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090426210328.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Thomas
Event Code: 4105
Message: Windows est en période de notification.
Record Number: 25231
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090427105702.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-Thomas
Event Code: 4105
Message: Windows est en période de notification.
Record Number: 25253
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090427111819.000000-000
Event Type: Avertissement
User:

=====Security event log=====

Computer Name: PC-de-Thomas
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 20883
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090217070239.927742-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Thomas
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-THOMAS$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x290
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 20884
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090217070647.012742-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Thomas
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-THOMAS$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x290
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 20885
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090217070647.012742-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Thomas
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 20886
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090217070647.012742-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Thomas
Event Code: 4904
Message: Une tentative d’inscription de la source d’un événement de sécurité a été effectuée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-THOMAS$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Processus :
ID du processus : 0x7b0
Nom du processus : C:\Windows\System32\VSSVC.exe

Source de l’événement :
Nom de la source : VSSAudit
ID de la source de l’événement : 0x2e82a2
Record Number: 20887
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090217070727.402742-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\AMD\MCat;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Thomas at 2009-04-27 16:05:31
Microsoft® Windows Vista™ Édition Intégrale Service Pack 1
System drive C: has 60 GB (13%) free of 477 GB
Total RAM: 2047 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:49, on 27/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Users\Thomas\Downloads\RSIT.exe
C:\Program Files\trend micro\Thomas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/re [...] dfr-fr.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] 0_0_32.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F13CEB-4EE3-4BF5-968C-01D8D097166A}: NameServer = 193.70.152.15,193.70.152.25
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5604 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549099593-1315904904-3128934940-1000.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-04 463872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\akouwme]
c:\users\thomas\appdata\local\akouwme.exe akouwme []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe [2007-06-29 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]
C:\Program Files\DLD.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe [2006-11-27 255528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-04-11 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup]
C:\Program Files\iolo\Common\Lib\ioloLManager.exe [2008-05-06 307568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ninja Surfing]
C:\Program Files\NinjaSurfing\nsurfing.exe /tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-04-25 306088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
C:\Program Files\RivaTuner v2.20\RivaTunerWrapper.exe [2008-11-19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
C:\Program Files\ONSPEED\onspeedcore.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-07 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar]
C:\Users\Thomas\AppData\Roaming\UpdateStar\UpdateStar.exe -A []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC9Player]
C:\Program Files\Virtual CD v9\System\VC9Play.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-11-04 3522296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScannerPro]
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
C:\Program Files\Zango\bin\10.3.70.0\Weather.exe -auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-04-11 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-04-11 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.3.70.0\OEAddOn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
C:\Program Files\Zango\bin\10.3.70.0\ZangoSA.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
C:\PROGRA~1\COMMON~1\DataViz\DVZINC~1.EXE [2008-09-19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak software updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logiciel Kodak EasyShare.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2007-06-21 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Matrix Screen Locker.lnk]
C:\PROGRA~1\BAROUF~1\MATRIX~1\matrix.exe [2006-01-29 539136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ONSPEED.lnk]
C:\PROGRA~1\ONSPEED\ONSPEE~2.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk]
C:\PROGRA~1\D-Link\D-LINK~1\WIRELE~1.EXE [2006-11-03 12693504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
C:\PROGRA~1\vghd\vghd.exe [2008-12-05 357712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\palmOne\HOTSYNC.EXE [2004-04-12 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk]
C:\PROGRA~1\POWERS~1\PStrip.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
C:\PROGRA~1\Vg\VIRTUA~1.EXE []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoSecCpl"=0
"DisableChangePassword"=0
"DisableLockWorkstation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableStatusMessages"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogOff"=0
"NoDriveTypeAutoRun"=0
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=0
"NoStartMenuSubFolders"=0
"NoCommonGroups"=0
"NoPrinterTabs"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinters"=0
"NoFavoritesMenu"=0
"NoDrives"=0
"NoRecentDocsNetHood"=0
"NoChangeAnimation"=0
"NoChangeKeyboardNavigationIndicators"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{931ff3eb-2e40-11dd-a4a4-001c2530884d}]
shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda8e037-22aa-11dd-99f9-806e6f6e6963}]
shell\AutoRun\command - D:\install.EXE /AUTORUN
shell\configure\command - D:\install.EXE
shell\install\command - D:\install.EXE

======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-04-27 16:02:08 ----D---- C:\Program Files\trend micro
2009-04-27 16:02:05 ----D---- C:\rsit
2009-04-27 14:33:04 ----D---- C:\Program Files\rpatentino
2009-04-25 14:01:18 ----A---- C:\Windows\ODBC.INI
2009-04-25 13:59:12 ----D---- C:\Users\Thomas\AppData\Roaming\Microsoft Web Folders
2009-04-24 13:57:44 ----D---- C:\ProgramData\ATI
2009-04-23 19:01:41 ----D---- C:\ProgramData\NexonEU
2009-04-23 17:46:19 ----A---- C:\avenger.txt
2009-04-23 17:44:58 ----D---- C:\Windows\temp
2009-04-23 17:37:17 ----D---- C:\ComboFix
2009-04-23 17:37:16 ----A---- C:\Windows\system32\CF10409.exe
2009-04-23 16:12:30 ----A---- C:\Windows\PSEXESVC.EXE
2009-04-23 16:04:11 ----A---- C:\Windows\zip.exe
2009-04-23 16:04:11 ----A---- C:\Windows\vFind.exe
2009-04-23 16:04:11 ----A---- C:\Windows\SWXCACLS.exe
2009-04-23 16:04:11 ----A---- C:\Windows\SWSC.exe
2009-04-23 16:04:11 ----A---- C:\Windows\SWREG.exe
2009-04-23 16:04:11 ----A---- C:\Windows\sed.exe
2009-04-23 16:04:11 ----A---- C:\Windows\NIRCMD.exe
2009-04-23 16:04:11 ----A---- C:\Windows\grep.exe
2009-04-23 16:03:26 ----D---- C:\Windows\ERDNT
2009-04-23 16:03:25 ----A---- C:\Windows\system32\swsc.exe
2009-04-23 16:03:24 ----D---- C:\Qoobox
2009-04-23 15:52:20 ----D---- C:\Users\Thomas\AppData\Roaming\Malwarebytes
2009-04-23 15:52:15 ----D---- C:\ProgramData\Malwarebytes
2009-04-23 15:52:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-21 19:22:29 ----D---- C:\ProgramData\NexonUS
2009-04-21 18:38:31 ----D---- C:\ProgramData\PMB Files
2009-04-16 22:53:26 ----A---- C:\Windows\system32\winhttp.dll
2009-04-16 22:53:22 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-16 22:53:22 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-16 22:53:16 ----A---- C:\Windows\system32\rpcss.dll
2009-04-16 22:53:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-16 22:53:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-16 22:53:14 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-16 22:53:14 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-16 22:53:14 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-16 22:53:14 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-16 22:53:14 ----A---- C:\Windows\system32\iashost.exe
2009-04-16 22:53:14 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-16 22:53:14 ----A---- C:\Windows\system32\iasads.dll
2009-04-16 22:53:12 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-16 22:53:11 ----A---- C:\Windows\system32\kernel32.dll
2009-04-16 22:53:10 ----A---- C:\Windows\system32\secur32.dll
2009-04-16 22:53:10 ----A---- C:\Windows\system32\apilogen.dll
2009-04-16 22:53:10 ----A---- C:\Windows\system32\amxread.dll
2009-04-16 22:53:06 ----A---- C:\Windows\system32\mshtml.dll
2009-04-16 22:53:05 ----A---- C:\Windows\system32\ieframe.dll
2009-04-16 22:53:04 ----A---- C:\Windows\system32\urlmon.dll
2009-04-16 22:53:03 ----A---- C:\Windows\system32\wininet.dll
2009-04-16 22:53:03 ----A---- C:\Windows\system32\occache.dll
2009-04-16 22:53:03 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-16 22:53:03 ----A---- C:\Windows\system32\iertutil.dll
2009-04-16 22:53:03 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-16 22:53:03 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-16 22:53:02 ----A---- C:\Windows\system32\mstime.dll
2009-04-16 22:53:02 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-16 22:53:02 ----A---- C:\Windows\system32\ieencode.dll
2009-04-16 22:53:00 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-13 21:08:11 ----A---- C:\Windows\system32\GEARAspi.dll
2009-04-13 21:08:00 ----D---- C:\Program Files\iPod
2009-04-13 21:07:47 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-13 21:07:46 ----D---- C:\Program Files\iTunes
2009-04-08 17:13:24 ----A---- C:\spiele.ini
2009-04-08 17:13:24 ----A---- C:\Lisezmoi.txt
2009-04-08 17:13:24 ----A---- C:\IQT.ini
2009-04-08 17:13:24 ----A---- C:\IQ800.ini
2009-04-08 17:13:24 ----A---- C:\IQ1024.ini
2009-04-08 17:13:23 ----A---- C:\Uninst.dll
2009-04-08 17:13:23 ----A---- C:\turangau.exe
2009-04-08 17:13:23 ----A---- C:\IQTest.exe
2009-04-08 17:13:23 ----A---- C:\Galgenmaennchen.exe
2009-04-08 17:13:17 ----D---- C:\spiele
2009-04-08 17:13:17 ----D---- C:\Levels
2009-04-08 17:13:17 ----D---- C:\Datenbank
2009-04-08 17:07:48 ----D---- C:\Program Files\Common Files\Borland Shared
2009-04-07 22:37:28 ----D---- C:\Program Files\Micro Application
2009-03-31 20:25:59 ----D---- C:\Program Files\GTA4MODS.com
2009-03-31 14:53:16 ----A---- C:\Windows\system32\CmdLineExt.dll
2009-03-30 13:54:38 ----D---- C:\Users\Thomas\AppData\Roaming\New Technology Studio

======List of files/folders modified in the last 1 months======

2009-04-27 16:02:19 ----D---- C:\Windows\Prefetch
2009-04-27 16:02:08 ----D---- C:\Program Files
2009-04-27 15:59:51 ----D---- C:\Program Files\Mozilla Firefox
2009-04-27 14:33:05 ----D---- C:\Windows\System32
2009-04-27 14:32:18 ----D---- C:\Program Files\a-squared Free
2009-04-26 21:08:58 ----SHD---- C:\System Volume Information
2009-04-26 19:27:30 ----D---- C:\Windows\system32\drivers
2009-04-25 14:08:33 ----SD---- C:\Users\Thomas\AppData\Roaming\Microsoft
2009-04-25 14:01:19 ----SHD---- C:\Windows\Installer
2009-04-25 14:01:18 ----SHD---- C:\Config.Msi
2009-04-25 14:01:18 ----D---- C:\Windows
2009-04-25 14:01:09 ----D---- C:\Program Files\Common Files
2009-04-25 14:00:54 ----A---- C:\Windows\win.ini
2009-04-25 14:00:25 ----RSD---- C:\Windows\Media
2009-04-25 14:00:17 ----D---- C:\Program Files\Common Files\microsoft shared
2009-04-25 14:00:13 ----D---- C:\Program Files\Common Files\System
2009-04-25 14:00:10 ----D---- C:\Windows\ShellNew
2009-04-25 13:59:49 ----D---- C:\Windows\Help
20

Répondre à logicielsdeouf

Le rapport log est incomplet.

Répondre à Destrio5

ah oui désolé

voici le rapport complet,

Logfile of random's system information tool 1.06 (written by random/random)
Run by Thomas at 2009-04-27 16:05:31
Microsoft® Windows Vista™ Édition Intégrale Service Pack 1
System drive C: has 60 GB (13%) free of 477 GB
Total RAM: 2047 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:49, on 27/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Users\Thomas\Downloads\RSIT.exe
C:\Program Files\trend micro\Thomas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/re [...] dfr-fr.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com [...] 0_0_32.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F13CEB-4EE3-4BF5-968C-01D8D097166A}: NameServer = 193.70.152.15,193.70.152.25
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5604 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2549099593-1315904904-3128934940-1000.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-02-06 61808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-04 463872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\akouwme]
c:\users\thomas\appdata\local\akouwme.exe akouwme []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe [2007-06-29 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLD.EXE]
C:\Program Files\DLD.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe [2006-11-27 255528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-04-11 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
C:\Program Files\eMule\emule.exe [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-02-06 454000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-10 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup]
C:\Program Files\iolo\Common\Lib\ioloLManager.exe [2008-05-06 307568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-08-08 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ninja Surfing]
C:\Program Files\NinjaSurfing\nsurfing.exe /tray []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-04-25 306088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
C:\Program Files\RivaTuner v2.20\RivaTunerWrapper.exe [2008-11-19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream]
C:\Program Files\ONSPEED\onspeedcore.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-07 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateStar]
C:\Users\Thomas\AppData\Roaming\UpdateStar\UpdateStar.exe -A []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC9Player]
C:\Program Files\Virtual CD v9\System\VC9Play.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-11-04 3522296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScannerPro]
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MemCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
C:\Program Files\Zango\bin\10.3.70.0\Weather.exe -auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-04-11 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-04-11 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.3.70.0\OEAddOn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
C:\Program Files\Zango\bin\10.3.70.0\ZangoSA.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
C:\PROGRA~1\COMMON~1\DataViz\DVZINC~1.EXE [2008-09-19 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak software updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-13 16423]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logiciel Kodak EasyShare.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2007-06-21 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Matrix Screen Locker.lnk]
C:\PROGRA~1\BAROUF~1\MATRIX~1\matrix.exe [2006-01-29 539136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ONSPEED.lnk]
C:\PROGRA~1\ONSPEED\ONSPEE~2.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk]
C:\PROGRA~1\D-Link\D-LINK~1\WIRELE~1.EXE [2006-11-03 12693504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
C:\PROGRA~1\vghd\vghd.exe [2008-12-05 357712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\palmOne\HOTSYNC.EXE [2004-04-12 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerStrip.lnk]
C:\PROGRA~1\POWERS~1\PStrip.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Thomas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VirtuaGirl2.lnk]
C:\PROGRA~1\Vg\VIRTUA~1.EXE []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoSecCpl"=0
"DisableChangePassword"=0
"DisableLockWorkstation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableStatusMessages"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogOff"=0
"NoDriveTypeAutoRun"=0
"NoStartMenuPinnedList"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=0
"NoStartMenuSubFolders"=0
"NoCommonGroups"=0
"NoPrinterTabs"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinters"=0
"NoFavoritesMenu"=0
"NoDrives"=0
"NoRecentDocsNetHood"=0
"NoChangeAnimation"=0
"NoChangeKeyboardNavigationIndicators"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{931ff3eb-2e40-11dd-a4a4-001c2530884d}]
shell\AutoRun\command - J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bda8e037-22aa-11dd-99f9-806e6f6e6963}]
shell\AutoRun\command - D:\install.EXE /AUTORUN
shell\configure\command - D:\install.EXE
shell\install\command - D:\install.EXE

======File associations======

.js - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-04-27 16:02:08 ----D---- C:\Program Files\trend micro
2009-04-27 16:02:05 ----D---- C:\rsit
2009-04-27 14:33:04 ----D---- C:\Program Files\rpatentino
2009-04-25 14:01:18 ----A---- C:\Windows\ODBC.INI
2009-04-25 13:59:12 ----D---- C:\Users\Thomas\AppData\Roaming\Microsoft Web Folders
2009-04-24 13:57:44 ----D---- C:\ProgramData\ATI
2009-04-23 19:01:41 ----D---- C:\ProgramData\NexonEU
2009-04-23 17:46:19 ----A---- C:\avenger.txt
2009-04-23 17:44:58 ----D---- C:\Windows\temp
2009-04-23 17:37:17 ----D---- C:\ComboFix
2009-04-23 17:37:16 ----A---- C:\Windows\system32\CF10409.exe
2009-04-23 16:12:30 ----A---- C:\Windows\PSEXESVC.EXE
2009-04-23 16:04:11 ----A---- C:\Windows\zip.exe
2009-04-23 16:04:11 ----A---- C:\Windows\vFind.exe
2009-04-23 16:04:11 ----A---- C:\Windows\SWXCACLS.exe
2009-04-23 16:04:11 ----A---- C:\Windows\SWSC.exe
2009-04-23 16:04:11 ----A---- C:\Windows\SWREG.exe
2009-04-23 16:04:11 ----A---- C:\Windows\sed.exe
2009-04-23 16:04:11 ----A---- C:\Windows\NIRCMD.exe
2009-04-23 16:04:11 ----A---- C:\Windows\grep.exe
2009-04-23 16:03:26 ----D---- C:\Windows\ERDNT
2009-04-23 16:03:25 ----A---- C:\Windows\system32\swsc.exe
2009-04-23 16:03:24 ----D---- C:\Qoobox
2009-04-23 15:52:20 ----D---- C:\Users\Thomas\AppData\Roaming\Malwarebytes
2009-04-23 15:52:15 ----D---- C:\ProgramData\Malwarebytes
2009-04-23 15:52:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-21 19:22:29 ----D---- C:\ProgramData\NexonUS
2009-04-21 18:38:31 ----D---- C:\ProgramData\PMB Files
2009-04-16 22:53:26 ----A---- C:\Windows\system32\winhttp.dll
2009-04-16 22:53:22 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-16 22:53:22 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-16 22:53:16 ----A---- C:\Windows\system32\rpcss.dll
2009-04-16 22:53:15 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-16 22:53:15 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-16 22:53:14 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-16 22:53:14 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-16 22:53:14 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-16 22:53:14 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-16 22:53:14 ----A---- C:\Windows\system32\iashost.exe
2009-04-16 22:53:14 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-16 22:53:14 ----A---- C:\Windows\system32\iasads.dll
2009-04-16 22:53:12 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-16 22:53:11 ----A---- C:\Windows\system32\kernel32.dll
2009-04-16 22:53:10 ----A---- C:\Windows\system32\secur32.dll
2009-04-16 22:53:10 ----A---- C:\Windows\system32\apilogen.dll
2009-04-16 22:53:10 ----A---- C:\Windows\system32\amxread.dll
2009-04-16 22:53:06 ----A---- C:\Windows\system32\mshtml.dll
2009-04-16 22:53:05 ----A---- C:\Windows\system32\ieframe.dll
2009-04-16 22:53:04 ----A---- C:\Windows\system32\urlmon.dll
2009-04-16 22:53:03 ----A---- C:\Windows\system32\wininet.dll
2009-04-16 22:53:03 ----A---- C:\Windows\system32\occache.dll
2009-04-16 22:53:03 ----A---- C:\Windows\system32\msfeeds.dll
2009-04-16 22:53:03 ----A---- C:\Windows\system32\iertutil.dll
2009-04-16 22:53:03 ----A---- C:\Windows\system32\iedkcs32.dll
2009-04-16 22:53:03 ----A---- C:\Windows\system32\ieaksie.dll
2009-04-16 22:53:02 ----A---- C:\Windows\system32\mstime.dll
2009-04-16 22:53:02 ----A---- C:\Windows\system32\ieUnatt.exe
2009-04-16 22:53:02 ----A---- C:\Windows\system32\ieencode.dll
2009-04-16 22:53:00 ----A---- C:\Windows\system32\jsproxy.dll
2009-04-13 21:08:11 ----A---- C:\Windows\system32\GEARAspi.dll
2009-04-13 21:08:00 ----D---- C:\Program Files\iPod
2009-04-13 21:07:47 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-13 21:07:46 ----D---- C:\Program Files\iTunes
2009-04-08 17:13:24 ----A---- C:\spiele.ini
2009-04-08 17:13:24 ----A---- C:\Lisezmoi.txt
2009-04-08 17:13:24 ----A---- C:\IQT.ini
2009-04-08 17:13:24 ----A---- C:\IQ800.ini
2009-04-08 17:13:24 ----A---- C:\IQ1024.ini
2009-04-08 17:13:23 ----A---- C:\Uninst.dll
2009-04-08 17:13:23 ----A---- C:\turangau.exe
2009-04-08 17:13:23 ----A---- C:\IQTest.exe
2009-04-08 17:13:23 ----A---- C:\Galgenmaennchen.exe
2009-04-08 17:13:17 ----D---- C:\spiele
2009-04-08 17:13:17 ----D---- C:\Levels
2009-04-08 17:13:17 ----D---- C:\Datenbank
2009-04-08 17:07:48 ----D---- C:\Program Files\Common Files\Borland Shared
2009-04-07 22:37:28 ----D---- C:\Program Files\Micro Application
2009-03-31 20:25:59 ----D---- C:\Program Files\GTA4MODS.com
2009-03-31 14:53:16 ----A---- C:\Windows\system32\CmdLineExt.dll
2009-03-30 13:54:38 ----D---- C:\Users\Thomas\AppData\Roaming\New Technology Studio

======List of files/folders modified in the last 1 months======

2009-04-27 16:02:19 ----D---- C:\Windows\Prefetch
2009-04-27 16:02:08 ----D---- C:\Program Files
2009-04-27 15:59:51 ----D---- C:\Program Files\Mozilla Firefox
2009-04-27 14:33:05 ----D---- C:\Windows\System32
2009-04-27 14:32:18 ----D---- C:\Program Files\a-squared Free
2009-04-26 21:08:58 ----SHD---- C:\System Volume Information
2009-04-26 19:27:30 ----D---- C:\Windows\system32\drivers
2009-04-25 14:08:33 ----SD---- C:\Users\Thomas\AppData\Roaming\Microsoft
2009-04-25 14:01:19 ----SHD---- C:\Windows\Installer
2009-04-25 14:01:18 ----SHD---- C:\Config.Msi
2009-04-25 14:01:18 ----D---- C:\Windows
2009-04-25 14:01:09 ----D---- C:\Program Files\Common Files
2009-04-25 14:00:54 ----A---- C:\Windows\win.ini
2009-04-25 14:00:25 ----RSD---- C:\Windows\Media
2009-04-25 14:00:17 ----D---- C:\Program Files\Common Files\microsoft shared
2009-04-25 14:00:13 ----D---- C:\Program Files\Common Files\System
2009-04-25 14:00:10 ----D---- C:\Windows\ShellNew
2009-04-25 13:59:49 ----D---- C:\Windows\Help
2009-04-25 13:59:48 ----D---- C:\Windows\MSAgent
2009-04-25 13:59:12 ----D---- C:\Program Files\Microsoft Office
2009-04-25 13:59:02 ----D---- C:\Windows\system
2009-04-25 13:59:02 ----D---- C:\temp
2009-04-25 13:48:06 ----D---- C:\Program Files\ATI
2009-04-24 21:43:55 ----A---- C:\Windows\NeroDigital.ini
2009-04-24 13:57:44 ----HD---- C:\ProgramData
2009-04-23 19:01:42 ----D---- C:\Nexon
2009-04-23 19:00:16 ----RSD---- C:\Windows\assembly
2009-04-23 18:59:40 ----D---- C:\Program Files\ATI Technologies
2009-04-23 18:57:46 ----D---- C:\Windows\system32\catroot
2009-04-23 18:57:46 ----D---- C:\Windows\inf
2009-04-23 17:48:51 ----A---- C:\Windows\system.ini
2009-04-23 17:45:20 ----D---- C:\Windows\system32\config
2009-04-23 17:42:03 ----D---- C:\Windows\AppPatch
2009-04-23 17:37:16 ----D---- C:\Windows\system32\fr-FR
2009-04-22 19:37:39 ----D---- C:\Poker
2009-04-20 20:45:26 ----D---- C:\Windows\Minidump
2009-04-18 13:03:21 ----D---- C:\Windows\system32\catroot2
2009-04-17 13:38:15 ----D---- C:\Windows\system32\wbem
2009-04-17 13:38:15 ----D---- C:\Windows\system32\manifeststore
2009-04-17 13:38:14 ----D---- C:\Program Files\Internet Explorer
2009-04-17 13:38:04 ----D---- C:\Windows\winsxs
2009-04-17 13:37:37 ----D---- C:\ProgramData\Microsoft Help
2009-04-14 20:45:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-04-13 21:08:11 ----DC---- C:\Windows\system32\DRVSTORE
2009-04-13 21:07:59 ----D---- C:\Program Files\Common Files\Apple
2009-04-13 21:06:58 ----D---- C:\Program Files\Bonjour
2009-04-07 22:37:28 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-31 23:19:48 ----D---- C:\Program Files\Ubisoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-04-11 350720]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 12800]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
R1 ntiopnp;ntiopnp; C:\Windows\system32\drivers\ntiopnp.sys [2007-02-12 12800]
R1 PStrip;PStrip; C:\Windows\system32\drivers\pstrip.sys [2007-07-15 27992]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
R2 Nsynas32;Nsynas32; C:\Windows\system32\drivers\Nsynas32.sys [2001-04-09 17784]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-29 952832]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-02-20 95760]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-03-16 4361216]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\Windows\system32\DRIVERS\bdfndisf.sys [2007-10-19 87952]
R3 CLEDX;Team H2O CLEDX service; C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-04-06 38496]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-05-18 47360]
S1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys []
S1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys []
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys []
S1 vdrv9000;vdrv9000; C:\Windows\system32\DRIVERS\vdrv9000.sys []
S2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys []
S3 abq6uz99;abq6uz99; C:\Windows\system32\drivers\abq6uz99.sys []
S3 agxqxxkg;agxqxxkg; C:\Windows\system32\drivers\agxqxxkg.sys []
S3 AR5416;D-Link RangeBooster N Service; C:\Windows\system32\DRIVERS\ar5416.sys [2006-09-25 1037088]
S3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2007-08-02 188432]
S3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-11 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-04-11 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\Windows\System32\Drivers\btwusb.sys []
S3 catchme;catchme; \??\C:\Users\Thomas\AppData\Local\Temp\catchme.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-01-24 14336]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-04-11 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-04-22 27672]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-04-11 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-04-11 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-04-11 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-04-11 6016]
S3 P1171VID;Creative WebCam Notebook #2; C:\Windows\system32\DRIVERS\P1171Vid.sys [2004-03-19 91392]
S3 PalmUSBD;PalmUSBD; C:\Windows\system32\drivers\PalmUSBD.sys [2004-04-12 16509]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\Windows\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-04-11 49664]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.20\RivaTuner32.sys [2008-11-19 9088]
S3 Ser2pl;Prolific Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2007-07-31 76800]
S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2007-01-05 23600]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-04-11 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-04-11 39936]
S3 WSIMD;wsimd Service; C:\Windows\system32\DRIVERS\wsimd.sys [2006-07-20 54432]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-04-11 83328]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-12-09 311808]
S4 ErrDev;Pilote de périphérique d’erreur matérielle Microsoft; C:\Windows\system32\drivers\errdev.sys [2008-04-11 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-04-11 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-04-11 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-03-16 180224]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CPUCooLServer;CPUCooLServer Service; C:\Program Files\CPUCooL\CooLSrv.exe [2007-07-31 118784]
R2 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-04-11 21504]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-04-11 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-04-11 917504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-04-22 425080]
S4 ACS;Atheros Configuration Service; C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-547\acs.exe [2006-08-25 360532]
S4 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S4 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-04-11 21504]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-04-11 21504]
S4 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-04-11 523776]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-18 654848]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
S4 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-05-02 566120]
S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
S4 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S4 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S4 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2008-12-04 107832]
S4 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-04-11 21504]
S4 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-12 87288]

-----------------EOF-----------------

Répondre à logicielsdeouf

Tu as désinstallé NOD32 ?

Répondre à Destrio5

oui mais je croi qu'il restent quelque fichier un peu en bordel.
Merci de ton aide

Répondre à logicielsdeouf

Tu comptes installer quoi comme antivirus à la place ?

Il reste des traces de NOD32.

Répondre à Destrio5

Créer un nouveau sujet Répondre

Tom's Guide > Forum > Sécurité - Virus > Possible virus

Aller à :

Aide |
Règles du forum

Il y a 230 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Contenu relatif

Voir tous les contenus correspondants à "possible virus"

Page générée en 0,605 secondes

Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler

Liens