Probleme pub - lenteur de navigation
Dernière réponse : dans Sécurité
Bonjour à tous,
Voila depuis quelques temps j'ai des problemes de pubs quand je navigue sur internet, pourriez vous me conseiller des logiciel pour nettoyer tout ça.
Merci d'avance
Voila depuis quelques temps j'ai des problemes de pubs quand je navigue sur internet, pourriez vous me conseiller des logiciel pour nettoyer tout ça.
Merci d'avance
Autres pages sur : probleme pub lenteur navigation
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
Clique sur Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
Merci, voici log.txt :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:12, on 15/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\reader_s.exe
C:\Documents and Settings\Emmanuelle\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\Emmanuelle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Documents and Settings\Emmanuelle\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program Files\ThunMail\testabd.exe
C:\WINDOWS\TEMP\VRT4.tmp
C:\WINDOWS\system32\w.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\TEMP\manun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\VRT2D.tmp
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
E:\RSIT.exe
C:\WINDOWS\system32\dncyool64.sys
C:\Program Files\Trend Micro\HijackThis\Emmanuelle.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.yahoo.com/fsc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 63.119.44.200 www.emailserversprovider.com
O2 - BHO: C:\WINDOWS\system32\sdfgerfgf3f.dll - {E2BA40A2-74F3-42BD-F434-2604812C8953} - C:\WINDOWS\system32\sdfgerfgf3f.dll
O4 - HKLM\..\Run: [9097] C:\swww.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CPMaf7850d2] Rundll32.exe "c:\windows\system32\kapidapu.dll",a
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [Secure AntiVirus Pro] C:\WINDOWS\AV.EXE
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Emmanuelle\reader_s.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Emmanuelle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {dde87865-83c5-48c4-8357-2f5b1aa84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\kowavelo.dll c:\windows\system32\kapidapu.dll,c:\progra~1\ThunMail\testabd.dll
O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kapidapu.dll
O22 - SharedTaskScheduler: sdfg54y54yhhgth6w4efvrg - {E2BA40A2-74F3-42BD-F434-2604812C8953} - C:\WINDOWS\system32\sdfgerfgf3f.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kapidapu.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: sopidkc Service (sopidkc) - 11.231.223.21 - C:\WINDOWS\system32\sopidkc.exe
--
End of file - 8357 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1191339770.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2BA40A2-74F3-42BD-F434-2604812C8953}]
C:\WINDOWS\system32\sdfgerfgf3f.dll - C:\WINDOWS\system32\sdfgerfgf3f.dll [2009-04-16 15000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"9097"=C:\swww.exe []
"reader_s"=C:\WINDOWS\System32\reader_s.exe [2009-05-12 59905]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-29 7405568]
"CPMaf7850d2"=c:\windows\system32\kapidapu.dll [2009-04-16 87552]
"services"=C:\WINDOWS\services.exe []
"Secure AntiVirus Pro"=C:\WINDOWS\AV.EXE [2009-05-15 269824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"reader_s"=C:\Documents and Settings\Emmanuelle\reader_s.exe [2009-05-12 59905]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 35328]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Documents and Settings\Emmanuelle\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Outil de notification Live Search.lnk - C:\Documents and Settings\Emmanuelle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\kowavelo.dll c:\windows\system32\kapidapu.dll,c:\progra~1\ThunMail\testabd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysfldr]
C:\WINDOWS\system32\sysfldr.dll [2009-04-16 12288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kapidapu.dll [2009-04-16 87552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
sdfg54y54yhhgth6w4efvrg - {E2BA40A2-74F3-42BD-F434-2604812C8953} - C:\WINDOWS\system32\sdfgerfgf3f.dll [2009-04-16 15000]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kapidapu.dll [2009-04-16 87552]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\kowavelo.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\autorun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{128df062-9297-11dc-bfc7-00030d50255c}]
shell\explore\command - F:\ntde1ect.com
shell\open\command - F:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{221b4958-6c59-11dc-bf87-00030d50255c}]
shell\AutoRun\command - E:\RUNDLL32.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58bd059d-07d4-11de-81d1-84d21ae95a3f}]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58bd059e-07d4-11de-81d1-84d21ae95a3f}]
shell\AutoRun\command - H:\LSASS.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93948270-fdca-11dd-81c2-00030d50255c}]
shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9d324e2-17c2-11de-81e1-00030d50255c}]
shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6bd7b8f-2273-11dc-bf6d-00030d50255c}]
shell\AutoRun\command - E:\WIAACMGR.EXE
======List of files/folders created in the last 1 months======
2009-05-15 20:04:05 ----D---- C:\rsit
2009-05-15 19:58:52 ----A---- C:\WINDOWS\system32\41.tmp
2009-05-15 19:58:48 ----A---- C:\WINDOWS\system32\3F.tmp
2009-05-15 19:58:47 ----A---- C:\WINDOWS\system32\3E.tmp
2009-05-15 19:27:40 ----A---- C:\WINDOWS\system32\35.tmp
2009-05-15 19:27:31 ----A---- C:\WINDOWS\system32\33.tmp
2009-05-15 19:27:28 ----A---- C:\WINDOWS\system32\32.tmp
2009-05-15 18:07:15 ----A---- C:\WINDOWS\system32\nvaux32.dll
2009-05-15 18:07:14 ----A---- C:\WINDOWS\system32\1D.tmp
2009-05-15 18:06:06 ----A---- C:\WINDOWS\system32\19.tmp
2009-05-15 18:05:53 ----A---- C:\WINDOWS\system32\w.exe
2009-05-15 18:05:51 ----A---- C:\WINDOWS\AV.EXE
2009-05-14 21:00:15 ----A---- C:\WINDOWS\system32\1A.tmp
2009-05-14 21:00:11 ----A---- C:\WINDOWS\system32\17.tmp
2009-05-12 18:04:31 ----A---- C:\WINDOWS\system32\18.tmp
2009-05-12 18:04:15 ----A---- C:\WINDOWS\system32\13.tmp
2009-05-12 18:03:38 ----A---- C:\FindyKill.txt
2009-05-12 18:00:38 ----D---- C:\FindyKill
2009-05-12 17:55:57 ----A---- C:\WINDOWS\system32\16.tmp
2009-05-12 17:55:52 ----A---- C:\WINDOWS\system32\12.tmp
2009-05-10 22:05:46 ----A---- C:\WINDOWS\system32\15.tmp
2009-05-10 22:05:41 ----A---- C:\WINDOWS\system32\10.tmp
2009-05-10 19:28:17 ----A---- C:\WINDOWS\system32\82.tmp
2009-05-10 18:56:19 ----A---- C:\WINDOWS\system32\62.tmp
2009-05-10 18:56:13 ----A---- C:\WINDOWS\system32\5F.tmp
2009-05-10 12:54:55 ----A---- C:\WINDOWS\system32\14.tmp
2009-05-10 12:54:38 ----A---- C:\WINDOWS\system32\F.tmp
2009-05-08 19:55:46 ----D---- C:\Program Files\LanqiEngine
2009-05-08 19:55:46 ----A---- C:\WINDOWS\system32\bversion.dll
2009-05-08 19:53:55 ----A---- C:\WINDOWS\system32\AdvOcr.dll
2009-05-08 19:53:38 ----A---- C:\WINDOWS\system32\TRSOCR.dll
2009-05-08 19:53:37 ----A---- C:\WINDOWS\system32\TRSOCR.ini
2009-05-08 19:38:52 ----A---- C:\WINDOWS\system32\6.tmp
2009-05-08 19:38:49 ----A---- C:\WINDOWS\system32\3.tmp
2009-05-06 18:41:27 ----A---- C:\WINDOWS\system32\11.tmp
2009-05-06 18:41:25 ----A---- C:\WINDOWS\system32\9.tmp
2009-05-06 18:21:33 ----D---- C:\office-2003_fr+serial
2009-05-06 18:18:16 ----D---- C:\Program Files\Microsoft.NET
2009-05-06 18:15:57 ----RHD---- C:\MSOCache
2009-05-06 18:14:54 ----A---- C:\WINDOWS\system32\E.tmp
2009-05-06 18:14:53 ----A---- C:\WINDOWS\system32\B.tmp
2009-05-06 18:14:47 ----A---- C:\WINDOWS\system32\7.tmp
2009-05-05 10:40:47 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2009-05-05 10:40:47 ----A---- C:\WINDOWS\system32\hpz3l692.dll
2009-05-05 10:35:07 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-05-05 10:32:46 ----D---- C:\Program Files\HP
2009-05-05 10:32:26 ----HD---- C:\Config.Msi
2009-05-04 19:03:15 ----A---- C:\WINDOWS\system32\D.tmp
2009-05-04 19:03:15 ----A---- C:\WINDOWS\system32\C.tmp
2009-05-04 19:02:41 ----A---- C:\WINDOWS\system32\4.tmp
2009-05-04 15:12:24 ----A---- C:\WINDOWS\system32\8.tmp
2009-05-04 15:12:17 ----A---- C:\WINDOWS\system32\2.tmp
2009-05-04 14:55:31 ----A---- C:\WINDOWS\system32\IPHACTION.dll
2009-05-04 14:38:51 ----A---- C:\WINDOWS\system32\A.tmp
2009-05-04 14:38:14 ----A---- C:\WINDOWS\system32\5.tmp
2009-04-16 22:10:54 ----A---- C:\WINDOWS\system32\IpSvchostF.dll
2009-04-16 22:10:00 ----A---- C:\WINDOWS\system32\tcpd.exe
2009-04-16 22:10:00 ----A---- C:\WINDOWS\system32\kernel32_check.dll
2009-04-16 22:10:00 ----A---- C:\WINDOWS\system32\AUTMGR.EXE
2009-04-16 22:09:59 ----A---- C:\WINDOWS\system32\tcpd.dll
2009-04-16 22:09:59 ----A---- C:\WINDOWS\system32\tcpcon.dll
2009-04-16 22:09:59 ----A---- C:\WINDOWS\system32\Packer.dll
2009-04-16 22:09:59 ----A---- C:\WINDOWS\system32\iphy.dll
2009-04-16 22:09:59 ----A---- C:\WINDOWS\system32\fiplock.dll
2009-04-16 22:09:59 ----A---- C:\WINDOWS\system32\fhpatch.dll
2009-04-16 22:09:45 ----D---- C:\WINDOWS\system32\3361
2009-04-16 22:09:33 ----D---- C:\WINDOWS\dhcp
2009-04-16 22:09:19 ----A---- C:\WINDOWS\system32\31.tmp
2009-04-16 22:09:04 ----A---- C:\WINDOWS\system32\30.tmp
2009-04-16 22:09:02 ----RSHD---- C:\Program Files\ThunMail
2009-04-16 22:08:32 ----A---- C:\WINDOWS\system32\reader_s.exe
2009-04-16 22:08:28 ----A---- C:\rnvx.exe
2009-04-16 22:08:24 ----A---- C:\lsass.exe
2009-04-16 22:08:24 ----A---- C:\feyadtq.exe
2009-04-16 22:08:23 ----A---- C:\WINDOWS\system32\sdfgerfgf3f.dll
2009-04-16 22:08:21 ----A---- C:\WINDOWS\instsp2.exe
2009-04-16 10:08:09 ----SH---- C:\WINDOWS\system32\efanesuh.ini
2009-04-16 06:35:04 ----D---- C:\Documents and Settings\Emmanuelle\Application Data\VirusRemover2009
======List of files/folders modified in the last 1 months======
2009-05-15 20:04:02 ----AD---- C:\WINDOWS\system32
2009-05-15 19:58:46 ----D---- C:\WINDOWS\Temp
2009-05-15 19:58:24 ----D---- C:\Program Files\Mozilla Firefox
2009-05-15 18:07:49 ----D---- C:\WINDOWS
2009-05-15 18:07:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-15 18:07:15 ----A---- C:\WINDOWS\system32\user32.DLL
2009-05-15 18:07:14 ----D---- C:\WINDOWS\system32\drivers
2009-05-15 18:04:54 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt
2009-05-14 21:32:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-12 18:03:41 ----D---- C:\WINDOWS\Prefetch
2009-05-10 22:12:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-06 20:18:22 ----D---- C:\Program Files\Fichiers communs
2009-05-06 20:17:16 ----D---- C:\WINDOWS\WinSxS
2009-05-06 20:13:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-06 20:12:09 ----D---- C:\WINDOWS\twain_32
2009-05-06 18:20:27 ----SHD---- C:\WINDOWS\Installer
2009-05-06 18:20:24 ----A---- C:\WINDOWS\ODBC.INI
2009-05-06 18:19:49 ----A---- C:\WINDOWS\win.ini
2009-05-06 18:19:25 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-05-06 18:19:18 ----D---- C:\WINDOWS\ShellNew
2009-05-06 18:18:42 ----D---- C:\Program Files\Microsoft Office
2009-05-06 18:18:38 ----HD---- C:\WINDOWS\inf
2009-05-06 18:18:25 ----D---- C:\Program Files\Fichiers communs\System
2009-05-06 18:18:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-06 18:18:16 ----RD---- C:\Program Files
2009-05-06 18:16:02 ----D---- C:\WINDOWS\system
2009-05-05 10:42:50 ----A---- C:\WINDOWS\wininit.ini
2009-05-05 10:35:07 ----D---- C:\Program Files\Hewlett-Packard
2009-05-05 09:14:12 ----D---- C:\Documents and Settings\Emmanuelle\Application Data\U3
2009-05-04 15:07:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-25 16:48:07 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-16 22:10:00 ----AS---- C:\WINDOWS\system32\sysfldr.dll
2009-04-16 22:10:00 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-04-16 22:08:21 ----ASH---- C:\WINDOWS\system32\kapidapu.dll
2009-04-16 22:08:21 ----ASH---- C:\WINDOWS\system32\dajufiwe.dll
2009-04-16 13:54:30 ----D---- C:\WINDOWS\network diagnostic
2009-04-16 13:52:30 ----D---- C:\WINDOWS\system32\Lang
2009-04-16 10:08:40 ----ASH---- C:\WINDOWS\system32\mihamake.dll
2009-04-16 10:08:09 ----ASH---- C:\WINDOWS\system32\jezosudo.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-02-27 4241920]
R3 NETw3x32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-09-27 1709696]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-29 3640928]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-09-16 846792]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-08-25 191168]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 8035892a;8035892a; C:\WINDOWS\System32\drivers\8035892a.sys []
S1 bhj40d8;bhj40d8; C:\WINDOWS\System32\drivers\bhj40d8.sys []
S1 cikb7bc;cikb7bc; C:\WINDOWS\System32\drivers\cikb7bc.sys []
S1 epm8082;epm8082; C:\WINDOWS\System32\drivers\epm8082.sys []
S1 fkh89e8;fkh89e8; C:\WINDOWS\System32\drivers\fkh89e8.sys []
S1 mdad2ba;mdad2ba; C:\WINDOWS\System32\drivers\mdad2ba.sys []
S1 tlhab11;tlhab11; C:\WINDOWS\System32\drivers\tlhab11.sys []
S3 at1394;at1394; \??\C:\WINDOWS\system32\at1394.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\EMMANU~1\LOCALS~1\Temp\catchme.sys []
S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-04-16 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-04-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-04-16 21568]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 pcm1394;pcm1394; \??\C:\WINDOWS\system32\pcm1394.sys []
S3 restore;restore; \??\C:\WINDOWS\system32\drivers\restore.sys []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;6to4; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 DhcpSrv;Dhcp server; C:\WINDOWS\dhcp\svchost.exe [2009-05-15 259584]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-29 163908]
R2 sopidkc;sopidkc Service; C:\WINDOWS\system32\sopidkc.exe [2004-08-05 194560]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 288768]
S2 msncache;msncache; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 net driver hpz12;net driver hpz12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 pml driver hpz12;pml driver hpz12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 937984]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:12, on 15/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\reader_s.exe
C:\Documents and Settings\Emmanuelle\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\Emmanuelle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Documents and Settings\Emmanuelle\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program Files\ThunMail\testabd.exe
C:\WINDOWS\TEMP\VRT4.tmp
C:\WINDOWS\system32\w.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\TEMP\manun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\VRT2D.tmp
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
E:\RSIT.exe
C:\WINDOWS\system32\dncyool64.sys
C:\Program Files\Trend Micro\HijackThis\Emmanuelle.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr.yahoo.com/fsc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 63.119.44.200 www.emailserversprovider.com
O2 - BHO: C:\WINDOWS\system32\sdfgerfgf3f.dll - {E2BA40A2-74F3-42BD-F434-2604812C8953} - C:\WINDOWS\system32\sdfgerfgf3f.dll
O4 - HKLM\..\Run: [9097] C:\swww.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CPMaf7850d2] Rundll32.exe "c:\windows\system32\kapidapu.dll",a
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [Secure AntiVirus Pro] C:\WINDOWS\AV.EXE
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Emmanuelle\reader_s.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Emmanuelle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {dde87865-83c5-48c4-8357-2f5b1aa84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\kowavelo.dll c:\windows\system32\kapidapu.dll,c:\progra~1\ThunMail\testabd.dll
O20 - Winlogon Notify: sysfldr - C:\WINDOWS\SYSTEM32\sysfldr.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kapidapu.dll
O22 - SharedTaskScheduler: sdfg54y54yhhgth6w4efvrg - {E2BA40A2-74F3-42BD-F434-2604812C8953} - C:\WINDOWS\system32\sdfgerfgf3f.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kapidapu.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Dhcp server (DhcpSrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: sopidkc Service (sopidkc) - 11.231.223.21 - C:\WINDOWS\system32\sopidkc.exe
--
End of file - 8357 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1191339770.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2BA40A2-74F3-42BD-F434-2604812C8953}]
C:\WINDOWS\system32\sdfgerfgf3f.dll - C:\WINDOWS\system32\sdfgerfgf3f.dll [2009-04-16 15000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"9097"=C:\swww.exe []
"reader_s"=C:\WINDOWS\System32\reader_s.exe [2009-05-12 59905]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-29 7405568]
"CPMaf7850d2"=c:\windows\system32\kapidapu.dll [2009-04-16 87552]
"services"=C:\WINDOWS\services.exe []
"Secure AntiVirus Pro"=C:\WINDOWS\AV.EXE [2009-05-15 269824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"reader_s"=C:\Documents and Settings\Emmanuelle\reader_s.exe [2009-05-12 59905]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 35328]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
C:\Documents and Settings\Emmanuelle\Menu Démarrer\Programmes\Démarrage
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Outil de notification Live Search.lnk - C:\Documents and Settings\Emmanuelle\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL C:\WINDOWS\system32\kowavelo.dll c:\windows\system32\kapidapu.dll,c:\progra~1\ThunMail\testabd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sysfldr]
C:\WINDOWS\system32\sysfldr.dll [2009-04-16 12288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kapidapu.dll [2009-04-16 87552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
sdfg54y54yhhgth6w4efvrg - {E2BA40A2-74F3-42BD-F434-2604812C8953} - C:\WINDOWS\system32\sdfgerfgf3f.dll [2009-04-16 15000]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kapidapu.dll [2009-04-16 87552]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\kowavelo.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\autorun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{128df062-9297-11dc-bfc7-00030d50255c}]
shell\explore\command - F:\ntde1ect.com
shell\open\command - F:\ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{221b4958-6c59-11dc-bf87-00030d50255c}]
shell\AutoRun\command - E:\RUNDLL32.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58bd059d-07d4-11de-81d1-84d21ae95a3f}]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58bd059e-07d4-11de-81d1-84d21ae95a3f}]
shell\AutoRun\command - H:\LSASS.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93948270-fdca-11dd-81c2-00030d50255c}]
shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9d324e2-17c2-11de-81e1-00030d50255c}]
shell\AutoRun\command - F:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6bd7b8f-2273-11dc-bf6d-00030d50255c}]
shell\AutoRun\command - E:\WIAACMGR.EXE
======List of files/folders created in the last 1 months======
2009-05-15 20:04:05 ----D---- C:\rsit
2009-05-15 19:58:52 ----A---- C:\WINDOWS\system32\41.tmp
2009-05-15 19:58:48 ----A---- C:\WINDOWS\system32\3F.tmp
2009-05-15 19:58:47 ----A---- C:\WINDOWS\system32\3E.tmp
2009-05-15 19:27:40 ----A---- C:\WINDOWS\system32\35.tmp
2009-05-15 19:27:31 ----A---- C:\WINDOWS\system32\33.tmp
2009-05-15 19:27:28 ----A---- C:\WINDOWS\system32\32.tmp
2009-05-15 18:07:15 ----A---- C:\WINDOWS\system32\nvaux32.dll
2009-05-15 18:07:14 ----A---- C:\WINDOWS\system32\1D.tmp
2009-05-15 18:06:06 ----A---- C:\WINDOWS\system32\19.tmp
2009-05-15 18:05:53 ----A---- C:\WINDOWS\system32\w.exe
2009-05-15 18:05:51 ----A---- C:\WINDOWS\AV.EXE
2009-05-14 21:00:15 ----A---- C:\WINDOWS\system32\1A.tmp
2009-05-14 21:00:11 ----A---- C:\WINDOWS\system32\17.tmp
2009-05-12 18:04:31 ----A---- C:\WINDOWS\system32\18.tmp
2009-05-12 18:04:15 ----A---- C:\WINDOWS\system32\13.tmp
2009-05-12 18:03:38 ----A---- C:\FindyKill.txt
2009-05-12 18:00:38 ----D---- C:\FindyKill
2009-05-12 17:55:57 ----A---- C:\WINDOWS\system32\16.tmp
2009-05-12 17:55:52 ----A---- C:\WINDOWS\system32\12.tmp
2009-05-10 22:05:46 ----A---- C:\WINDOWS\system32\15.tmp
2009-05-10 22:05:41 ----A---- C:\WINDOWS\system32\10.tmp
2009-05-10 19:28:17 ----A---- C:\WINDOWS\system32\82.tmp
2009-05-10 18:56:19 ----A---- C:\WINDOWS\system32\62.tmp
2009-05-10 18:56:13 ----A---- C:\WINDOWS\system32\5F.tmp
2009-05-10 12:54:55 ----A---- C:\WINDOWS\system32\14.tmp
2009-05-10 12:54:38 ----A---- C:\WINDOWS\system32\F.tmp
2009-05-08 19:55:46 ----D---- C:\Program Files\LanqiEngine
2009-05-08 19:55:46 ----A---- C:\WINDOWS\system32\bversion.dll
2009-05-08 19:53:55 ----A---- C:\WINDOWS\system32\AdvOcr.dll
2009-05-08 19:53:38 ----A---- C:\WINDOWS\system32\TRSOCR.dll
2009-05-08 19:53:37 ----A---- C:\WINDOWS\system32\TRSOCR.ini
2009-05-08 19:38:52 ----A---- C:\WINDOWS\system32\6.tmp
2009-05-08 19:38:49 ----A---- C:\WINDOWS\system32\3.tmp
2009-05-06 18:41:27 ----A---- C:\WINDOWS\system32\11.tmp
2009-05-06 18:41:25 ----A---- C:\WINDOWS\system32\9.tmp
2009-05-06 18:21:33 ----D---- C:\office-2003_fr+serial
2009-05-06 18:18:16 ----D---- C:\Program Files\Microsoft.NET
2009-05-06 18:15:57 ----RHD---- C:\MSOCache
2009-05-06 18:14:54 ----A---- C:\WINDOWS\system32\E.tmp
2009-05-06 18:14:53 ----A---- C:\WINDOWS\system32\B.tmp
2009-05-06 18:14:47 ----A---- C:\WINDOWS\system32\7.tmp
2009-05-05 10:40:47 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2009-05-05 10:40:47 ----A---- C:\WINDOWS\system32\hpz3l692.dll
2009-05-05 10:35:07 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-05-05 10:32:46 ----D---- C:\Program Files\HP
2009-05-05 10:32:26 ----HD---- C:\Config.Msi
2009-05-04 19:03:15 ----A---- C:\WINDOWS\system32\D.tmp
2009-05-04 19:03:15 ----A---- C:\WINDOWS\system32\C.tmp
2009-05-04 19:02:41 ----A---- C:\WINDOWS\system32\4.tmp
2009-05-04 15:12:24 ----A---- C:\WINDOWS\system32\8.tmp
2009-05-04 15:12:17 ----A---- C:\WINDOWS\system32\2.tmp
2009-05-04 14:55:31 ----A---- C:\WINDOWS\system32\IPHACTION.dll
2009-05-04 14:38:51 ----A---- C:\WINDOWS\system32\A.tmp
2009-05-04 14:38:14 ----A---- C:\WINDOWS\system32\5.tmp
2009-04-16 22:10:54 ----A---- C:\WINDOWS\system32\IpSvchostF.dll
2009-04-16 22:10:00 ----A---- C:\WINDOWS\system32\tcpd.exe
2009-04-16 22:10:00 ----A---- C:\WINDOWS\system32\kernel32_check.dll
2009-04-16 22:10:00 ----A---- C:\WINDOWS\system32\AUTMGR.EXE
2009-04-16 22:09:59 ----A---- C:\WINDOWS\system32\tcpd.dll
2009-04-16 22:09:59 ----A---- C:\WINDOWS\system32\tcpcon.dll
2009-04-16 22:09:59 ----A---- C:\WINDOWS\system32\Packer.dll
2009-04-16 22:09:59 ----A---- C:\WINDOWS\system32\iphy.dll
2009-04-16 22:09:59 ----A---- C:\WINDOWS\system32\fiplock.dll
2009-04-16 22:09:59 ----A---- C:\WINDOWS\system32\fhpatch.dll
2009-04-16 22:09:45 ----D---- C:\WINDOWS\system32\3361
2009-04-16 22:09:33 ----D---- C:\WINDOWS\dhcp
2009-04-16 22:09:19 ----A---- C:\WINDOWS\system32\31.tmp
2009-04-16 22:09:04 ----A---- C:\WINDOWS\system32\30.tmp
2009-04-16 22:09:02 ----RSHD---- C:\Program Files\ThunMail
2009-04-16 22:08:32 ----A---- C:\WINDOWS\system32\reader_s.exe
2009-04-16 22:08:28 ----A---- C:\rnvx.exe
2009-04-16 22:08:24 ----A---- C:\lsass.exe
2009-04-16 22:08:24 ----A---- C:\feyadtq.exe
2009-04-16 22:08:23 ----A---- C:\WINDOWS\system32\sdfgerfgf3f.dll
2009-04-16 22:08:21 ----A---- C:\WINDOWS\instsp2.exe
2009-04-16 10:08:09 ----SH---- C:\WINDOWS\system32\efanesuh.ini
2009-04-16 06:35:04 ----D---- C:\Documents and Settings\Emmanuelle\Application Data\VirusRemover2009
======List of files/folders modified in the last 1 months======
2009-05-15 20:04:02 ----AD---- C:\WINDOWS\system32
2009-05-15 19:58:46 ----D---- C:\WINDOWS\Temp
2009-05-15 19:58:24 ----D---- C:\Program Files\Mozilla Firefox
2009-05-15 18:07:49 ----D---- C:\WINDOWS
2009-05-15 18:07:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-15 18:07:15 ----A---- C:\WINDOWS\system32\user32.DLL
2009-05-15 18:07:14 ----D---- C:\WINDOWS\system32\drivers
2009-05-15 18:04:54 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt
2009-05-14 21:32:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-12 18:03:41 ----D---- C:\WINDOWS\Prefetch
2009-05-10 22:12:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-06 20:18:22 ----D---- C:\Program Files\Fichiers communs
2009-05-06 20:17:16 ----D---- C:\WINDOWS\WinSxS
2009-05-06 20:13:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-06 20:12:09 ----D---- C:\WINDOWS\twain_32
2009-05-06 18:20:27 ----SHD---- C:\WINDOWS\Installer
2009-05-06 18:20:24 ----A---- C:\WINDOWS\ODBC.INI
2009-05-06 18:19:49 ----A---- C:\WINDOWS\win.ini
2009-05-06 18:19:25 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-05-06 18:19:18 ----D---- C:\WINDOWS\ShellNew
2009-05-06 18:18:42 ----D---- C:\Program Files\Microsoft Office
2009-05-06 18:18:38 ----HD---- C:\WINDOWS\inf
2009-05-06 18:18:25 ----D---- C:\Program Files\Fichiers communs\System
2009-05-06 18:18:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-06 18:18:16 ----RD---- C:\Program Files
2009-05-06 18:16:02 ----D---- C:\WINDOWS\system
2009-05-05 10:42:50 ----A---- C:\WINDOWS\wininit.ini
2009-05-05 10:35:07 ----D---- C:\Program Files\Hewlett-Packard
2009-05-05 09:14:12 ----D---- C:\Documents and Settings\Emmanuelle\Application Data\U3
2009-05-04 15:07:58 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-25 16:48:07 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-16 22:10:00 ----AS---- C:\WINDOWS\system32\sysfldr.dll
2009-04-16 22:10:00 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-04-16 22:08:21 ----ASH---- C:\WINDOWS\system32\kapidapu.dll
2009-04-16 22:08:21 ----ASH---- C:\WINDOWS\system32\dajufiwe.dll
2009-04-16 13:54:30 ----D---- C:\WINDOWS\network diagnostic
2009-04-16 13:52:30 ----D---- C:\WINDOWS\system32\Lang
2009-04-16 10:08:40 ----ASH---- C:\WINDOWS\system32\mihamake.dll
2009-04-16 10:08:09 ----ASH---- C:\WINDOWS\system32\jezosudo.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-02-27 4241920]
R3 NETw3x32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-09-27 1709696]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-29 3640928]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-09-16 846792]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-08-25 191168]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 8035892a;8035892a; C:\WINDOWS\System32\drivers\8035892a.sys []
S1 bhj40d8;bhj40d8; C:\WINDOWS\System32\drivers\bhj40d8.sys []
S1 cikb7bc;cikb7bc; C:\WINDOWS\System32\drivers\cikb7bc.sys []
S1 epm8082;epm8082; C:\WINDOWS\System32\drivers\epm8082.sys []
S1 fkh89e8;fkh89e8; C:\WINDOWS\System32\drivers\fkh89e8.sys []
S1 mdad2ba;mdad2ba; C:\WINDOWS\System32\drivers\mdad2ba.sys []
S1 tlhab11;tlhab11; C:\WINDOWS\System32\drivers\tlhab11.sys []
S3 at1394;at1394; \??\C:\WINDOWS\system32\at1394.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\EMMANU~1\LOCALS~1\Temp\catchme.sys []
S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-04-16 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-04-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-04-16 21568]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 pcm1394;pcm1394; \??\C:\WINDOWS\system32\pcm1394.sys []
S3 restore;restore; \??\C:\WINDOWS\system32\drivers\restore.sys []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;6to4; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 DhcpSrv;Dhcp server; C:\WINDOWS\dhcp\svchost.exe [2009-05-15 259584]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-29 163908]
R2 sopidkc;sopidkc Service; C:\WINDOWS\system32\sopidkc.exe [2004-08-05 194560]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 288768]
S2 msncache;msncache; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 net driver hpz12;net driver hpz12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 pml driver hpz12;pml driver hpz12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 937984]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
et voila info.txt :
info.txt logfile of random's system information tool 1.06 2009-05-15 20:04:15
======Uninstall list======
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70800000002}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EVEREST Ultimate Edition v5.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FileZilla Client 3.1.6-->C:\Program Files\FileZilla Client\uninstall.exe
FindyKill-->C:\FindyKill\Uninstal.exe
Hair Pro 2008 Light-->"C:\Program Files\Hair Pro 2008 Light\unins000.exe"
High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
hp psc 1100 series-->MsiExec.exe /X{01161F64-6897-4885-93A0-A9F7BE9A4253}
HP Smart Web Printing-->C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
iWizz-->C:\Program Files\iWizz\uninstall.exe
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co.dll,SM56UnInstaller
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Navilog1 3.7.1-->"C:\Program Files\Navilog1\unins000.exe"
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express Content-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL
nLite 1.4.9.1-->"C:\Program Files\nLite\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 1100 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Shop for HP Supplies-->C:\Program Files\Hewlett-Packard\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeLL me More-->C:\TeLLmeMore\UnInstal.exe C:\TeLLmeMore\
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB888656-->"C:\WINDOWS\$NtUninstallKB888656$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yontoo Layers Client for Internet Explorer 1.02.28-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe /remove /q0
=====HijackThis Backups=====
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe [2009-01-17]
======Hosts File======
63.119.44.200 www.emailserversprovider.com
======System event log======
Computer Name: NOM-1A017CF6ACA
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de découvertes SSDP.
Record Number: 37573
Source Name: Service Control Manager
Time Written: 20090409072130.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: NOM-1A017CF6ACA
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.
Record Number: 37572
Source Name: Service Control Manager
Time Written: 20090409072129.000000+120
Event Type: Informations
User:
Computer Name: NOM-1A017CF6ACA
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.
Record Number: 37571
Source Name: Service Control Manager
Time Written: 20090409072129.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: NOM-1A017CF6ACA
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.
Record Number: 37570
Source Name: Service Control Manager
Time Written: 20090409072129.000000+120
Event Type: Informations
User:
Computer Name: NOM-1A017CF6ACA
Event Code: 7036
Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.
Record Number: 37569
Source Name: Service Control Manager
Time Written: 20090409072116.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: NOM-1A017CF6ACA
Event Code: 300
Message: MsnMsgr (2308) \\.\C:\Documents and Settings\Emmanuelle\Local Settings\Application Data\Microsoft\Messenger\manolita71@hotmail.com\SharingMetadata\Working\database_E6AC_4B9A_AC4B_63E1\dfsr.db: Le moteur de base de données initialise la procédure de récupération.
Record Number: 9501
Source Name: ESENT
Time Written: 20090402171025.000000+120
Event Type: Informations
User:
Computer Name: NOM-1A017CF6ACA
Event Code: 102
Message: MsnMsgr (2308) \\.\C:\Documents and Settings\Emmanuelle\Local Settings\Application Data\Microsoft\Messenger\manolita71@hotmail.com\SharingMetadata\Working\database_E6AC_4B9A_AC4B_63E1\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 9500
Source Name: ESENT
Time Written: 20090402171024.000000+120
Event Type: Informations
User:
Computer Name: NOM-1A017CF6ACA
Event Code: 100
Message: MsnMsgr (2308) Le moteur de base de données 5.01.2600.5512 est démarré.
Record Number: 9499
Source Name: ESENT
Time Written: 20090402171024.000000+120
Event Type: Informations
User:
Computer Name: NOM-1A017CF6ACA
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 9498
Source Name: usnjsvc
Time Written: 20090402171023.000000+120
Event Type:
User:
Computer Name: NOM-1A017CF6ACA
Event Code: 0
Message:
Record Number: 9497
Source Name: iPod Service
Time Written: 20090402171008.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-05-15 20:04:15
======Uninstall list======
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70800000002}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EVEREST Ultimate Edition v5.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FileZilla Client 3.1.6-->C:\Program Files\FileZilla Client\uninstall.exe
FindyKill-->C:\FindyKill\Uninstal.exe
Hair Pro 2008 Light-->"C:\Program Files\Hair Pro 2008 Light\unins000.exe"
High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
hp psc 1100 series-->MsiExec.exe /X{01161F64-6897-4885-93A0-A9F7BE9A4253}
HP Smart Web Printing-->C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
iWizz-->C:\Program Files\iWizz\uninstall.exe
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co.dll,SM56UnInstaller
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Navilog1 3.7.1-->"C:\Program Files\Navilog1\unins000.exe"
Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express Content-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL
nLite 1.4.9.1-->"C:\Program Files\nLite\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 1100 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Shop for HP Supplies-->C:\Program Files\Hewlett-Packard\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeLL me More-->C:\TeLLmeMore\UnInstal.exe C:\TeLLmeMore\
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB888656-->"C:\WINDOWS\$NtUninstallKB888656$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yontoo Layers Client for Internet Explorer 1.02.28-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe /remove /q0
=====HijackThis Backups=====
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe [2009-01-17]
======Hosts File======
63.119.44.200 www.emailserversprovider.com
======System event log======
Computer Name: NOM-1A017CF6ACA
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de découvertes SSDP.
Record Number: 37573
Source Name: Service Control Manager
Time Written: 20090409072130.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: NOM-1A017CF6ACA
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.
Record Number: 37572
Source Name: Service Control Manager
Time Written: 20090409072129.000000+120
Event Type: Informations
User:
Computer Name: NOM-1A017CF6ACA
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.
Record Number: 37571
Source Name: Service Control Manager
Time Written: 20090409072129.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: NOM-1A017CF6ACA
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.
Record Number: 37570
Source Name: Service Control Manager
Time Written: 20090409072129.000000+120
Event Type: Informations
User:
Computer Name: NOM-1A017CF6ACA
Event Code: 7036
Message: Le service Carte de performance WMI est entré dans l'état : en cours d'exécution.
Record Number: 37569
Source Name: Service Control Manager
Time Written: 20090409072116.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: NOM-1A017CF6ACA
Event Code: 300
Message: MsnMsgr (2308) \\.\C:\Documents and Settings\Emmanuelle\Local Settings\Application Data\Microsoft\Messenger\manolita71@hotmail.com\SharingMetadata\Working\database_E6AC_4B9A_AC4B_63E1\dfsr.db: Le moteur de base de données initialise la procédure de récupération.
Record Number: 9501
Source Name: ESENT
Time Written: 20090402171025.000000+120
Event Type: Informations
User:
Computer Name: NOM-1A017CF6ACA
Event Code: 102
Message: MsnMsgr (2308) \\.\C:\Documents and Settings\Emmanuelle\Local Settings\Application Data\Microsoft\Messenger\manolita71@hotmail.com\SharingMetadata\Working\database_E6AC_4B9A_AC4B_63E1\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).
Record Number: 9500
Source Name: ESENT
Time Written: 20090402171024.000000+120
Event Type: Informations
User:
Computer Name: NOM-1A017CF6ACA
Event Code: 100
Message: MsnMsgr (2308) Le moteur de base de données 5.01.2600.5512 est démarré.
Record Number: 9499
Source Name: ESENT
Time Written: 20090402171024.000000+120
Event Type: Informations
User:
Computer Name: NOM-1A017CF6ACA
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 9498
Source Name: usnjsvc
Time Written: 20090402171023.000000+120
Event Type:
User:
Computer Name: NOM-1A017CF6ACA
Event Code: 0
Message:
Record Number: 9497
Source Name: iPod Service
Time Written: 20090402171008.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Tu as attrapé une grosse cochonnerie : Virut.
Virut est un virus qui infecte, entre autres, les exécutables (fichiers .exe).
Ce virus infecte les fichiers systèmes de Windows, c'est-à-dire les fichiers vitaux pour Windows.
Je pense que c'est la variante Scribble, impossible à désinfecter.
Un formatage normal risque de ne pas suffire pour éradiquer ce cancer.
Un peu de lecture :
http://www.commentcamarche.net/faq/sujet-16138-comment-...
Virut est un virus qui infecte, entre autres, les exécutables (fichiers .exe).
Ce virus infecte les fichiers systèmes de Windows, c'est-à-dire les fichiers vitaux pour Windows.
Je pense que c'est la variante Scribble, impossible à désinfecter.
Un formatage normal risque de ne pas suffire pour éradiquer ce cancer.
Un peu de lecture :
http://www.commentcamarche.net/faq/sujet-16138-comment-...
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumLenteur de navigation sur internet
- articlesLenteur de ma navigation internet, help
- ForumLenteur navigation internet
- ForumLenteur de navigation internet explorer
- ForumProbleme de lenteur sur un serveur ftp
- ForumProbleme lenteur mozilla
- ForumProbleme de lenteur de bruit de ventilo
- ForumPub intempestives et lenteur ie virus
- ForumNavigateur probleme lenteur page web
- ForumProblemes de pub securite lenteur h
- Voir plus
