Processus iexplore au boot, + fenetre de pub pendant la navigation
Dernière réponse : dans Sécurité
bonjour,
un souci avec un pc portable, windows xp home sp3 :
il y a un processus iexplore au boot, que ce soit en mode normal ou sans échec, qui redirige certaines pages web vers windowsclic.com
deja passé avast, avg, antivir, hijackthis, impossible de lancer spybot ou malware ...
une idée ?
cordialement et en vous remerciant![:D]( ":D")
un souci avec un pc portable, windows xp home sp3 :
il y a un processus iexplore au boot, que ce soit en mode normal ou sans échec, qui redirige certaines pages web vers windowsclic.com
deja passé avast, avg, antivir, hijackthis, impossible de lancer spybot ou malware ...
une idée ?
cordialement et en vous remerciant
Autres pages sur : processus iexplore boot fenetre pub navigation
Lassé par la pub ? Créez un compte
Bonjour,
[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Il va te demander d'installer la console de récupération : accepte.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
Note : les rapports sont sauvegardés dans le dossier C:\rsit.
ok, voici :
log :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Gérard at 2009-08-20 18:29:16
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 16 GB (41%) free of 38 GB
Total RAM: 502 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29:44, on 20/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\RSIT.exe
C:\Program Files\trend micro\Gérard.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.canfind.org/search/ac.php?aid=158&sid=clean1...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
--
End of file - 3943 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-12-23 28672]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-10-28 88363]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2003-10-30 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-01-21 675840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe [2003-09-05 184320]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-11-17 1077327]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-06-07 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [2004-11-15 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2005-02-25 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-16 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2]
C:\Program Files\Spyware Nuker\swnxt.exe /h []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-03-02 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility]
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe [2004-12-07 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2004-11-29 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
C:\WINDOWS\system32\TPSMain.exe [2005-01-21 266240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [2004-11-12 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
C:\PROGRA~1\Nikon\PICTUR~1\NKBMON~1.EXE [2004-09-24 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"WMPNetworkSvc"=3
"ose"=3
"CFSvcs"=2
"CCALib8"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FBF85A20-FF88-4C46-90FB-B023E5C4ECA0}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\efcAPJba
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"EditLevel"=0
"NoRun"=0
"NoClose"=0
"NoCommonGroups"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-08-20 11:08:06 ----D---- C:\Program Files\NOS
2009-08-20 11:08:06 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-08-19 19:27:48 ----D---- C:\Program Files\Avira
2009-08-19 19:27:48 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-19 19:21:29 ----A---- C:\TB.txt
2009-08-19 19:21:10 ----D---- C:\ToolBar SD
2009-08-19 17:35:12 ----D---- C:\Program Files\Ad-remover
2009-08-19 16:49:17 ----A---- C:\lopR.txt
2009-08-19 16:49:00 ----D---- C:\Lop SD
2009-08-19 13:38:23 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-19 13:37:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-19 13:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-19 13:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-19 13:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-19 13:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-19 13:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-19 13:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-19 13:36:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-19 13:35:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-19 13:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-08-19 13:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-19 13:35:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-19 13:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-19 13:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-19 13:34:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-19 13:34:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-19 13:33:41 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-08-19 13:33:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-19 13:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-19 13:30:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-19 13:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-19 13:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-19 13:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-19 11:46:56 ----D---- C:\Program Files\CCleaner
2009-08-18 19:51:51 ----D---- C:\Program Files\AVG
2009-08-18 19:11:51 ----D---- C:\rsit
2009-08-18 19:11:51 ----D---- C:\Program Files\trend micro
2009-08-10 10:59:08 ----D---- C:\WINDOWS\Minidump
======List of files/folders modified in the last 1 months======
2009-08-20 18:24:55 ----D---- C:\WINDOWS\Temp
2009-08-20 18:19:48 ----SHD---- C:\WINDOWS\Installer
2009-08-20 18:19:45 ----D---- C:\WINDOWS\WinSxS
2009-08-20 18:14:18 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-20 18:14:12 ----D---- C:\WINDOWS\system32
2009-08-20 18:13:59 ----D---- C:\WINDOWS
2009-08-20 14:05:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-20 14:02:45 ----D---- C:\WINDOWS\Prefetch
2009-08-20 11:08:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-20 11:08:06 ----AD---- C:\Program Files
2009-08-19 19:57:46 ----D---- C:\WINDOWS\system32\drivers
2009-08-19 19:57:08 ----SD---- C:\Documents and Settings\Gérard\Application Data\Microsoft
2009-08-19 19:28:59 ----HD---- C:\WINDOWS\inf
2009-08-19 19:23:52 ----D---- C:\WINDOWS\Debug
2009-08-19 13:44:39 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-19 13:40:07 ----D---- C:\WINDOWS\system32\wbem
2009-08-19 13:40:07 ----D---- C:\WINDOWS\AppPatch
2009-08-19 13:38:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-19 13:36:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-19 13:35:05 ----D---- C:\WINDOWS\system32\fr-fr
2009-08-19 13:35:05 ----D---- C:\Program Files\Internet Explorer
2009-08-19 13:34:14 ----D---- C:\Program Files\Outlook Express
2009-08-19 12:05:40 ----RASH---- C:\boot.ini
2009-08-19 12:05:40 ----A---- C:\WINDOWS\win.ini
2009-08-19 12:05:40 ----A---- C:\WINDOWS\system.ini
2009-08-19 12:04:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-19 12:04:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-19 12:03:59 ----D---- C:\Program Files\Google
2009-08-19 12:03:59 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-08-17 14:13:57 ----SD---- C:\WINDOWS\Tasks
2009-08-13 22:44:59 ----D---- C:\WINDOWS\system32\Restore
2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-29 21:49:13 ----RSD---- C:\WINDOWS\Fonts
2009-07-29 17:49:16 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-07-29 06:35:38 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-07-29 06:35:38 ----A---- C:\WINDOWS\system32\fontsub.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr; C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 6400]
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-07-30 6400]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-07-30 6400]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-12-02 5627]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-08-19 28520]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-12-02 23545]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-02-25 8704]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-19 55656]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-12-23 40544]
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2005-05-14 15890]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-01-14 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-01-14 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-01-14 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-01-14 2271]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-01-14 87706]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-01-14 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-01-14 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-01-14 99098]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-01-14 100603]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-28 1270572]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-27 2284864]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-22 393600]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-02-11 157056]
R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-01-08 29184]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 msqpdxserv.sys;msqpdxserv.sys; C:\WINDOWS\system32\drivers\msqpdxserv.sys []
S1 StickyMesger;StickyMesger; C:\WINDOWS\system32\drivers\StickyMesger.sys []
S2 HLKMPFVO;HLKMPFVO; C:\WINDOWS\system32\drivers\HLKMPFVO.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\PCAMPR5.sys []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PRISM_A02;802.11g USB 2.0 adapter; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2005-02-01 348640]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USB_RNDIS;Inventel Gateway; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-08-19 108289]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\ACS.exe [2004-07-07 36864]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-19 185089]
S2 Wlancfg;Service de lancement de WlanCfg; C:\Program Files\Inventel\Gateway\wlancfg.exe [2005-08-29 1466368]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
S4 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-11-10 36864]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
-----------------EOF-----------------
info :
info.txt logfile of random's system information tool 1.06 2009-08-18 19:12:04
======Uninstall list======
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
802.11 USB Wireless LAN Adapter-->C:\WINDOWS\system32\unwlsdrv.exe SiS163u
ACDSee (version d’évaluation)-->C:\PROGRA~1\ACDSYS~1\ACDSEE~1\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSEE~1\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Advertisement Service-->C:\WINDOWS\system32\net.net Uninstall
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x40c
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c
Assist TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x40c
Atheros Client Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x40c
Atheros Wireless LAN MiniPCI card Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x40c
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Canon Camera Access Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP170-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{91175441-4E5D-4e13-B116-828FD352CDB2}\DelDrv.exe" /U:{91175441-4E5D-4e13-B116-828FD352CDB2} /L0x000c
Canon PhotoRecord-->C:\WINDOWS\IsUn040c.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CartoExploreur 3-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{92D73392-3328-4885-962B-750B40EC8EAF}
Commandes TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x40c UNINSTALL
Cornice 0.6.1-->"C:\Program Files\Cornice\unins000.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Easy-WebPrint-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
FindyKill-->E:\FindyKill\Uninstal.exe
Formatage de carte mémoire SD TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\setup.exe"
Gestion d'énergie TOSHIBA-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manuels TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}\Setup.exe" -l0x40c
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A1040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nikon FotoShare-->C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
Nikon Message Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x40c UNINSTALL
Nvu 1.0-->"C:\Program Files\Nvu\unins000.exe"
OgcDrv-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{894782F5-E443-4452-B04A-45657D3A759A} /l1036
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Outil de diagnostic PC TOSHIBA-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PictureProject-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\setup.exe" -l0x40c UNINSTALL
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x40c REMOVE
Réducteur de bruit lect. CD/DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x40c
Réseau France Bayo-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{740266CC-C5AA-4346-B3D9-21CE14EF08A0}
Réseau France BdAlti-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{B13FE5B5-A0DF-4700-9AB4-8C94C38BCFF3}
Réseau France BdNyme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{3250D35A-F0C7-44E4-A12C-2D810F468090}
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SMSC IrCC V5.1.3600.5 SP2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x40c UNINSTALL
Son virtuel TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\setup.exe" /uninstall
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StartUp Manager-->C:\Program Files\INAC\StartUp Manager\uninstall.exe
SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{86AA1376-1970-41A6-A154-430A4A190BF4} /l1036
TOSHIBA Accessibility-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3A57482F-BEBC-47E4-ADA1-6302403C7E50} /l1036
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x40c UNINSTALL
TOSHIBA Hardware Setup-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1036
TOSHIBA Mot de passe responsable-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1036
TOSHIBA Software Modem-->Tosmreg -U
Touch and Launch-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe" -l0x40c
Utilitaire de zoom TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe"
Utilitaire Hotkey TOSHIBA-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7900D3A6-A9E8-4954-ACCB-AB15867978BF} /l1036
Utilitaire TouchPad ON/OFF-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{80977342-27E8-4FF7-8B6A-D8D89461DA7F} /l1036
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Security center information======
AV: avast! antivirus 4.8.1335 [VPS 090817-0]
======System event log======
Computer Name: YOUR-0E28D1F289
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{DEEB7D51-AFFC-4046-9540-29FA558272E5} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.
Record Number: 141422
Source Name: Tcpip
Time Written: 20090630173911.000000+120
Event Type: Informations
User:
Computer Name: YOUR-0E28D1F289
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 141421
Source Name: EventLog
Time Written: 20090630173903.000000+120
Event Type: Informations
User:
Computer Name: YOUR-0E28D1F289
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 141420
Source Name: EventLog
Time Written: 20090630173903.000000+120
Event Type: Informations
User:
Computer Name: YOUR-0E28D1F289
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.
Record Number: 141419
Source Name: EventLog
Time Written: 20090630132400.000000+120
Event Type: Informations
User:
Computer Name: YOUR-0E28D1F289
Event Code: 7036
Message: Le service Explorateur d'ordinateur est entré dans l'état : arrêté.
Record Number: 141418
Source Name: Service Control Manager
Time Written: 20090630124054.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: YOUR-0E28D1F289
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur YOUR-0E28D1F289\Gérard alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.
Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.
Record Number: 2748
Source Name: Userenv
Time Written: 20071126011118.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: YOUR-0E28D1F289
Event Code: 1000
Message: Application défaillante iexplore.exe, version 7.0.6000.16544, module défaillant flash9b.ocx, version 9.0.28.0, adresse de défaillance 0x0008cc88.
Record Number: 2747
Source Name: Application Error
Time Written: 20071126003025.000000+060
Event Type: erreur
User:
Computer Name: YOUR-0E28D1F289
Event Code: 2002
Message:
Record Number: 2746
Source Name: EAPOL
Time Written: 20071126001030.000000+060
Event Type: Informations
User:
Computer Name: YOUR-0E28D1F289
Event Code: 2003
Message:
Record Number: 2745
Source Name: EAPOL
Time Written: 20071126001030.000000+060
Event Type: Informations
User:
Computer Name: YOUR-0E28D1F289
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 2744
Source Name: SecurityCenter
Time Written: 20071126001012.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
log :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Gérard at 2009-08-20 18:29:16
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 16 GB (41%) free of 38 GB
Total RAM: 502 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29:44, on 20/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
E:\RSIT.exe
C:\Program Files\trend micro\Gérard.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.canfind.org/search/ac.php?aid=158&sid=clean1...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
--
End of file - 3943 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-12-23 28672]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-10-28 88363]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2003-10-30 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-01-21 675840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe [2003-09-05 184320]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-11-17 1077327]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-06-07 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [2004-11-15 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2005-02-25 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-16 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2]
C:\Program Files\Spyware Nuker\swnxt.exe /h []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-03-02 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility]
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe [2004-12-07 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2004-11-29 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
C:\WINDOWS\system32\TPSMain.exe [2005-01-21 266240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [2004-11-12 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
C:\PROGRA~1\Nikon\PICTUR~1\NKBMON~1.EXE [2004-09-24 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"WMPNetworkSvc"=3
"ose"=3
"CFSvcs"=2
"CCALib8"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FBF85A20-FF88-4C46-90FB-B023E5C4ECA0}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\efcAPJba
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"EditLevel"=0
"NoRun"=0
"NoClose"=0
"NoCommonGroups"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-08-20 11:08:06 ----D---- C:\Program Files\NOS
2009-08-20 11:08:06 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-08-19 19:27:48 ----D---- C:\Program Files\Avira
2009-08-19 19:27:48 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-19 19:21:29 ----A---- C:\TB.txt
2009-08-19 19:21:10 ----D---- C:\ToolBar SD
2009-08-19 17:35:12 ----D---- C:\Program Files\Ad-remover
2009-08-19 16:49:17 ----A---- C:\lopR.txt
2009-08-19 16:49:00 ----D---- C:\Lop SD
2009-08-19 13:38:23 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-19 13:37:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-19 13:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-19 13:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-19 13:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-19 13:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-19 13:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-19 13:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-19 13:36:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-19 13:35:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-19 13:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-08-19 13:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-19 13:35:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-19 13:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-19 13:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-19 13:34:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-19 13:34:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-19 13:33:41 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-08-19 13:33:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-19 13:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-19 13:30:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-19 13:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-19 13:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-19 13:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-19 11:46:56 ----D---- C:\Program Files\CCleaner
2009-08-18 19:51:51 ----D---- C:\Program Files\AVG
2009-08-18 19:11:51 ----D---- C:\rsit
2009-08-18 19:11:51 ----D---- C:\Program Files\trend micro
2009-08-10 10:59:08 ----D---- C:\WINDOWS\Minidump
======List of files/folders modified in the last 1 months======
2009-08-20 18:24:55 ----D---- C:\WINDOWS\Temp
2009-08-20 18:19:48 ----SHD---- C:\WINDOWS\Installer
2009-08-20 18:19:45 ----D---- C:\WINDOWS\WinSxS
2009-08-20 18:14:18 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-20 18:14:12 ----D---- C:\WINDOWS\system32
2009-08-20 18:13:59 ----D---- C:\WINDOWS
2009-08-20 14:05:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-20 14:02:45 ----D---- C:\WINDOWS\Prefetch
2009-08-20 11:08:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-20 11:08:06 ----AD---- C:\Program Files
2009-08-19 19:57:46 ----D---- C:\WINDOWS\system32\drivers
2009-08-19 19:57:08 ----SD---- C:\Documents and Settings\Gérard\Application Data\Microsoft
2009-08-19 19:28:59 ----HD---- C:\WINDOWS\inf
2009-08-19 19:23:52 ----D---- C:\WINDOWS\Debug
2009-08-19 13:44:39 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-19 13:40:07 ----D---- C:\WINDOWS\system32\wbem
2009-08-19 13:40:07 ----D---- C:\WINDOWS\AppPatch
2009-08-19 13:38:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-19 13:36:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-19 13:35:05 ----D---- C:\WINDOWS\system32\fr-fr
2009-08-19 13:35:05 ----D---- C:\Program Files\Internet Explorer
2009-08-19 13:34:14 ----D---- C:\Program Files\Outlook Express
2009-08-19 12:05:40 ----RASH---- C:\boot.ini
2009-08-19 12:05:40 ----A---- C:\WINDOWS\win.ini
2009-08-19 12:05:40 ----A---- C:\WINDOWS\system.ini
2009-08-19 12:04:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-19 12:04:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-19 12:03:59 ----D---- C:\Program Files\Google
2009-08-19 12:03:59 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-08-17 14:13:57 ----SD---- C:\WINDOWS\Tasks
2009-08-13 22:44:59 ----D---- C:\WINDOWS\system32\Restore
2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-29 21:49:13 ----RSD---- C:\WINDOWS\Fonts
2009-07-29 17:49:16 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-07-29 06:35:38 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-07-29 06:35:38 ----A---- C:\WINDOWS\system32\fontsub.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr; C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 6400]
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-07-30 6400]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-07-30 6400]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-12-02 5627]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-08-19 28520]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-12-02 23545]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-02-25 8704]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-19 55656]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-12-23 40544]
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2005-05-14 15890]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-01-14 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-01-14 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-01-14 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-01-14 2271]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-01-14 87706]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-01-14 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-01-14 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-01-14 99098]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-01-14 100603]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-28 1270572]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-27 2284864]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-22 393600]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-02-11 157056]
R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-01-08 29184]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 msqpdxserv.sys;msqpdxserv.sys; C:\WINDOWS\system32\drivers\msqpdxserv.sys []
S1 StickyMesger;StickyMesger; C:\WINDOWS\system32\drivers\StickyMesger.sys []
S2 HLKMPFVO;HLKMPFVO; C:\WINDOWS\system32\drivers\HLKMPFVO.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\PCAMPR5.sys []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PRISM_A02;802.11g USB 2.0 adapter; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2005-02-01 348640]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USB_RNDIS;Inventel Gateway; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-08-19 108289]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\ACS.exe [2004-07-07 36864]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-19 185089]
S2 Wlancfg;Service de lancement de WlanCfg; C:\Program Files\Inventel\Gateway\wlancfg.exe [2005-08-29 1466368]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
S4 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-11-10 36864]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
-----------------EOF-----------------
info :
info.txt logfile of random's system information tool 1.06 2009-08-18 19:12:04
======Uninstall list======
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
802.11 USB Wireless LAN Adapter-->C:\WINDOWS\system32\unwlsdrv.exe SiS163u
ACDSee (version d’évaluation)-->C:\PROGRA~1\ACDSYS~1\ACDSEE~1\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSEE~1\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Advertisement Service-->C:\WINDOWS\system32\net.net Uninstall
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x40c
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c
Assist TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x40c
Atheros Client Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x40c
Atheros Wireless LAN MiniPCI card Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x40c
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Canon Camera Access Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP170-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{91175441-4E5D-4e13-B116-828FD352CDB2}\DelDrv.exe" /U:{91175441-4E5D-4e13-B116-828FD352CDB2} /L0x000c
Canon PhotoRecord-->C:\WINDOWS\IsUn040c.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CartoExploreur 3-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{92D73392-3328-4885-962B-750B40EC8EAF}
Commandes TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x40c UNINSTALL
Cornice 0.6.1-->"C:\Program Files\Cornice\unins000.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Easy-WebPrint-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
FindyKill-->E:\FindyKill\Uninstal.exe
Formatage de carte mémoire SD TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\setup.exe"
Gestion d'énergie TOSHIBA-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manuels TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}\Setup.exe" -l0x40c
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A1040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nikon FotoShare-->C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
Nikon Message Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x40c UNINSTALL
Nvu 1.0-->"C:\Program Files\Nvu\unins000.exe"
OgcDrv-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{894782F5-E443-4452-B04A-45657D3A759A} /l1036
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Outil de diagnostic PC TOSHIBA-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PictureProject-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\setup.exe" -l0x40c UNINSTALL
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x40c REMOVE
Réducteur de bruit lect. CD/DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x40c
Réseau France Bayo-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{740266CC-C5AA-4346-B3D9-21CE14EF08A0}
Réseau France BdAlti-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{B13FE5B5-A0DF-4700-9AB4-8C94C38BCFF3}
Réseau France BdNyme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{3250D35A-F0C7-44E4-A12C-2D810F468090}
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SMSC IrCC V5.1.3600.5 SP2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x40c UNINSTALL
Son virtuel TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\setup.exe" /uninstall
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StartUp Manager-->C:\Program Files\INAC\StartUp Manager\uninstall.exe
SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{86AA1376-1970-41A6-A154-430A4A190BF4} /l1036
TOSHIBA Accessibility-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3A57482F-BEBC-47E4-ADA1-6302403C7E50} /l1036
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x40c UNINSTALL
TOSHIBA Hardware Setup-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1036
TOSHIBA Mot de passe responsable-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1036
TOSHIBA Software Modem-->Tosmreg -U
Touch and Launch-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe" -l0x40c
Utilitaire de zoom TOSHIBA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe"
Utilitaire Hotkey TOSHIBA-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7900D3A6-A9E8-4954-ACCB-AB15867978BF} /l1036
Utilitaire TouchPad ON/OFF-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{80977342-27E8-4FF7-8B6A-D8D89461DA7F} /l1036
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
======Security center information======
AV: avast! antivirus 4.8.1335 [VPS 090817-0]
======System event log======
Computer Name: YOUR-0E28D1F289
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{DEEB7D51-AFFC-4046-9540-29FA558272E5} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.
Record Number: 141422
Source Name: Tcpip
Time Written: 20090630173911.000000+120
Event Type: Informations
User:
Computer Name: YOUR-0E28D1F289
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.
Record Number: 141421
Source Name: EventLog
Time Written: 20090630173903.000000+120
Event Type: Informations
User:
Computer Name: YOUR-0E28D1F289
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 141420
Source Name: EventLog
Time Written: 20090630173903.000000+120
Event Type: Informations
User:
Computer Name: YOUR-0E28D1F289
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.
Record Number: 141419
Source Name: EventLog
Time Written: 20090630132400.000000+120
Event Type: Informations
User:
Computer Name: YOUR-0E28D1F289
Event Code: 7036
Message: Le service Explorateur d'ordinateur est entré dans l'état : arrêté.
Record Number: 141418
Source Name: Service Control Manager
Time Written: 20090630124054.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: YOUR-0E28D1F289
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur YOUR-0E28D1F289\Gérard alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.
Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.
Record Number: 2748
Source Name: Userenv
Time Written: 20071126011118.000000+060
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: YOUR-0E28D1F289
Event Code: 1000
Message: Application défaillante iexplore.exe, version 7.0.6000.16544, module défaillant flash9b.ocx, version 9.0.28.0, adresse de défaillance 0x0008cc88.
Record Number: 2747
Source Name: Application Error
Time Written: 20071126003025.000000+060
Event Type: erreur
User:
Computer Name: YOUR-0E28D1F289
Event Code: 2002
Message:
Record Number: 2746
Source Name: EAPOL
Time Written: 20071126001030.000000+060
Event Type: Informations
User:
Computer Name: YOUR-0E28D1F289
Event Code: 2003
Message:
Record Number: 2745
Source Name: EAPOL
Time Written: 20071126001030.000000+060
Event Type: Informations
User:
Computer Name: YOUR-0E28D1F289
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 2744
Source Name: SecurityCenter
Time Written: 20071126001012.000000+060
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
ca a marché, voici le log :
ComboFix 09-08-19.0C - Gérard 20/08/2009 18:46.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.287 [GMT 2:00]
Running from: c:\documents and settings\Gérard\Bureau\ComboFixdfdfdf.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1214951267-3302096336-510225269-1003
c:\recycler\S-1-5-21-2261153688-1876864632-312113002-1003
c:\recycler\S-1-5-21-3561689830-1205770882-1506312899-1003
c:\recycler\S-1-5-21-602162358-1409082233-725345543-1003
c:\windows\cookies.ini
c:\windows\system32\abJPAcfe.ini
c:\windows\system32\abJPAcfe.ini2
c:\windows\system32\d3ne32.dll
c:\windows\system32\drivers\msqpdxserv.sys
c:\windows\system32\drivers\UACpbivxsdqjo.sys
c:\windows\system32\esukxohk.ini
c:\windows\system32\intr32.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mmapiujn.ini
c:\windows\system32\qchenyix.ini
c:\windows\system32\UACashbfasrfu.dll
c:\windows\system32\UACaxsodwhopp.db
c:\windows\system32\UACifoewmecbn.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjxubodpjbh.dll
c:\windows\system32\UACmyxairowqi.dll
c:\windows\system32\UACspixfthqhn.dat
c:\windows\system32\UACxxyyrivrni.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_msqpdxserv.sys
-------\Legacy_msqpdxserv.sys
-------\Service_UACd.sys
-------\Legacy_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.
2009-08-20 09:08 . 2009-08-20 09:08 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\NOS
2009-08-20 09:08 . 2009-08-20 09:08 -------- d-----w- c:\program files\NOS
2009-08-19 17:28 . 2009-08-19 17:41 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-19 17:28 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-19 17:28 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-19 17:28 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-19 17:27 . 2009-08-19 17:27 -------- d-----w- c:\program files\Avira
2009-08-19 17:27 . 2009-08-19 17:27 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
2009-08-19 17:21 . 2009-08-19 17:30 -------- d-----w- C:\ToolBar SD
2009-08-19 15:35 . 2009-08-19 17:21 -------- d-----w- c:\program files\Ad-remover
2009-08-19 14:49 . 2009-08-19 15:23 -------- d-----w- C:\Lop SD
2009-08-19 09:46 . 2009-08-19 09:46 -------- d-----w- c:\program files\CCleaner
2009-08-18 19:26 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-18 19:26 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-08-18 19:26 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-08-18 19:26 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-08-18 19:26 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-08-18 19:26 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-08-18 19:26 . 2009-02-09 10:53 735744 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-08-18 19:26 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-08-18 19:26 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-18 19:24 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-18 19:20 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-08-18 19:18 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-18 17:51 . 2009-08-18 17:51 -------- d-----w- c:\program files\AVG
2009-08-18 17:11 . 2009-08-20 16:29 -------- d-----w- c:\program files\trend micro
2009-08-18 17:11 . 2009-08-18 17:12 -------- d-----w- C:\rsit
2009-08-13 09:24 . 2009-08-13 09:24 0 ----a-w- c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 11:44 . 2005-03-17 07:07 63812 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-19 11:44 . 2005-03-17 07:07 445254 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-19 10:04 . 2008-03-18 16:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-19 10:04 . 2008-03-18 16:21 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-19 10:03 . 2005-05-16 14:24 -------- d-----w- c:\program files\Google
2009-08-05 09:00 . 2005-03-17 07:06 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:35 . 2005-03-17 07:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:35 . 2005-03-17 07:06 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:03 . 2005-03-17 07:06 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2005-03-17 07:07 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 15:57 . 2005-03-17 07:07 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2005-03-17 07:06 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2005-03-17 07:06 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-15 10:44 . 2005-03-17 07:07 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:14 . 2005-03-17 07:06 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2005-03-17 07:17 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2005-03-17 07:07 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2005-03-17 07:07 1297408 ----a-w- c:\windows\system32\quartz.dll
2006-01-10 09:55 . 2005-11-30 17:14 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 28672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"CFSvcs"=2 (0x2)
"CCALib8"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/08/2009 19:28 108289]
S2 HLKMPFVO;HLKMPFVO; [x]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [17/03/2005 09:07 14336]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 11:12 215040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-20 18:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2960)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Inventel\Gateway\WLANCFG.EXE
.
**************************************************************************
.
Completion time: 2009-08-20 19:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-20 17:03
Pre-Run: 16 249 405 440 octets libres
Post-Run: 16 164 331 520 octets libres
164 --- E O F --- 2009-08-20 16:19
ComboFix 09-08-19.0C - Gérard 20/08/2009 18:46.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.287 [GMT 2:00]
Running from: c:\documents and settings\Gérard\Bureau\ComboFixdfdfdf.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1214951267-3302096336-510225269-1003
c:\recycler\S-1-5-21-2261153688-1876864632-312113002-1003
c:\recycler\S-1-5-21-3561689830-1205770882-1506312899-1003
c:\recycler\S-1-5-21-602162358-1409082233-725345543-1003
c:\windows\cookies.ini
c:\windows\system32\abJPAcfe.ini
c:\windows\system32\abJPAcfe.ini2
c:\windows\system32\d3ne32.dll
c:\windows\system32\drivers\msqpdxserv.sys
c:\windows\system32\drivers\UACpbivxsdqjo.sys
c:\windows\system32\esukxohk.ini
c:\windows\system32\intr32.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mmapiujn.ini
c:\windows\system32\qchenyix.ini
c:\windows\system32\UACashbfasrfu.dll
c:\windows\system32\UACaxsodwhopp.db
c:\windows\system32\UACifoewmecbn.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjxubodpjbh.dll
c:\windows\system32\UACmyxairowqi.dll
c:\windows\system32\UACspixfthqhn.dat
c:\windows\system32\UACxxyyrivrni.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_msqpdxserv.sys
-------\Legacy_msqpdxserv.sys
-------\Service_UACd.sys
-------\Legacy_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.
2009-08-20 09:08 . 2009-08-20 09:08 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\NOS
2009-08-20 09:08 . 2009-08-20 09:08 -------- d-----w- c:\program files\NOS
2009-08-19 17:28 . 2009-08-19 17:41 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-19 17:28 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-19 17:28 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-19 17:28 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-19 17:27 . 2009-08-19 17:27 -------- d-----w- c:\program files\Avira
2009-08-19 17:27 . 2009-08-19 17:27 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
2009-08-19 17:21 . 2009-08-19 17:30 -------- d-----w- C:\ToolBar SD
2009-08-19 15:35 . 2009-08-19 17:21 -------- d-----w- c:\program files\Ad-remover
2009-08-19 14:49 . 2009-08-19 15:23 -------- d-----w- C:\Lop SD
2009-08-19 09:46 . 2009-08-19 09:46 -------- d-----w- c:\program files\CCleaner
2009-08-18 19:26 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-18 19:26 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-08-18 19:26 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-08-18 19:26 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-08-18 19:26 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-08-18 19:26 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-08-18 19:26 . 2009-02-09 10:53 735744 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-08-18 19:26 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-08-18 19:26 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-18 19:24 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-18 19:20 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-08-18 19:18 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-18 17:51 . 2009-08-18 17:51 -------- d-----w- c:\program files\AVG
2009-08-18 17:11 . 2009-08-20 16:29 -------- d-----w- c:\program files\trend micro
2009-08-18 17:11 . 2009-08-18 17:12 -------- d-----w- C:\rsit
2009-08-13 09:24 . 2009-08-13 09:24 0 ----a-w- c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 11:44 . 2005-03-17 07:07 63812 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-19 11:44 . 2005-03-17 07:07 445254 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-19 10:04 . 2008-03-18 16:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-19 10:04 . 2008-03-18 16:21 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-19 10:03 . 2005-05-16 14:24 -------- d-----w- c:\program files\Google
2009-08-05 09:00 . 2005-03-17 07:06 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:35 . 2005-03-17 07:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:35 . 2005-03-17 07:06 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:03 . 2005-03-17 07:06 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2005-03-17 07:07 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 15:57 . 2005-03-17 07:07 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2005-03-17 07:06 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2005-03-17 07:06 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-15 10:44 . 2005-03-17 07:07 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:14 . 2005-03-17 07:06 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2005-03-17 07:17 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2005-03-17 07:07 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2005-03-17 07:07 1297408 ----a-w- c:\windows\system32\quartz.dll
2006-01-10 09:55 . 2005-11-30 17:14 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 28672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"CFSvcs"=2 (0x2)
"CCALib8"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/08/2009 19:28 108289]
S2 HLKMPFVO;HLKMPFVO; [x]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [17/03/2005 09:07 14336]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 11:12 215040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-20 18:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2960)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Inventel\Gateway\WLANCFG.EXE
.
**************************************************************************
.
Completion time: 2009-08-20 19:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-20 17:03
Pre-Run: 16 249 405 440 octets libres
Post-Run: 16 164 331 520 octets libres
164 --- E O F --- 2009-08-20 16:19
/!\ Seul elmathioso peut suivre cette procédure /!\
Désactive toute protection résidente (Antivirus...) !
---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :
---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.
- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.
---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
![]()
Cela va relancer Combofix : au message qui apparaît, accepte.
Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
![;)]( ";)")
Désactive toute protection résidente (Antivirus...) !
---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :
KillAll::
Driver::
HLKMPFVO
Driver::
HLKMPFVO
---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.
- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.
---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
le voili voilou ![;)]( ";)")
ComboFix 09-08-19.0C - Gérard 20/08/2009 19:15.2.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.276 [GMT 2:00]
Running from: c:\documents and settings\Gérard\Bureau\ComboFixdfdfdf.exe
Command switches used :: c:\documents and settings\Gérard\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_HLKMPFVO
-------\Service_HLKMPFVO
((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.
2009-08-20 09:08 . 2009-08-20 09:08 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\NOS
2009-08-20 09:08 . 2009-08-20 09:08 -------- d-----w- c:\program files\NOS
2009-08-19 17:28 . 2009-08-19 17:41 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-19 17:28 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-19 17:28 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-19 17:28 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-19 17:27 . 2009-08-19 17:27 -------- d-----w- c:\program files\Avira
2009-08-19 17:27 . 2009-08-19 17:27 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
2009-08-19 17:21 . 2009-08-19 17:30 -------- d-----w- C:\ToolBar SD
2009-08-19 15:35 . 2009-08-19 17:21 -------- d-----w- c:\program files\Ad-remover
2009-08-19 14:49 . 2009-08-19 15:23 -------- d-----w- C:\Lop SD
2009-08-19 09:46 . 2009-08-19 09:46 -------- d-----w- c:\program files\CCleaner
2009-08-18 19:26 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-18 19:26 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-08-18 19:26 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-08-18 19:26 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-08-18 19:26 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-08-18 19:26 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-08-18 19:26 . 2009-02-09 10:53 735744 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-08-18 19:26 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-08-18 19:26 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-18 19:24 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-18 19:20 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-08-18 19:18 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-18 17:51 . 2009-08-18 17:51 -------- d-----w- c:\program files\AVG
2009-08-18 17:11 . 2009-08-20 16:29 -------- d-----w- c:\program files\trend micro
2009-08-18 17:11 . 2009-08-18 17:12 -------- d-----w- C:\rsit
2009-08-13 09:24 . 2009-08-13 09:24 0 ----a-w- c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 11:44 . 2005-03-17 07:07 63812 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-19 11:44 . 2005-03-17 07:07 445254 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-19 10:04 . 2008-03-18 16:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-19 10:04 . 2008-03-18 16:21 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-19 10:03 . 2005-05-16 14:24 -------- d-----w- c:\program files\Google
2009-08-05 09:00 . 2005-03-17 07:06 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:35 . 2005-03-17 07:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:35 . 2005-03-17 07:06 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:03 . 2005-03-17 07:06 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2005-03-17 07:07 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 15:57 . 2005-03-17 07:07 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2005-03-17 07:06 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2005-03-17 07:06 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-15 10:44 . 2005-03-17 07:07 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:14 . 2005-03-17 07:06 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2005-03-17 07:17 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2005-03-17 07:07 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2005-03-17 07:07 1297408 ----a-w- c:\windows\system32\quartz.dll
2006-01-10 09:55 . 2005-11-30 17:14 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 28672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"CFSvcs"=2 (0x2)
"CCALib8"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/08/2009 19:28 108289]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [17/03/2005 09:07 14336]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 11:12 215040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-20 19:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2276)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Inventel\Gateway\WLANCFG.EXE
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-08-20 19:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-20 17:28
ComboFix2.txt 2009-08-20 17:03
Pre-Run: 16 170 356 736 octets libres
Post-Run: 16 158 904 320 octets libres
141 --- E O F --- 2009-08-20 16:19
ComboFix 09-08-19.0C - Gérard 20/08/2009 19:15.2.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.502.276 [GMT 2:00]
Running from: c:\documents and settings\Gérard\Bureau\ComboFixdfdfdf.exe
Command switches used :: c:\documents and settings\Gérard\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_HLKMPFVO
-------\Service_HLKMPFVO
((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.
2009-08-20 09:08 . 2009-08-20 09:08 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\NOS
2009-08-20 09:08 . 2009-08-20 09:08 -------- d-----w- c:\program files\NOS
2009-08-19 17:28 . 2009-08-19 17:41 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-19 17:28 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-19 17:28 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-19 17:28 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-19 17:27 . 2009-08-19 17:27 -------- d-----w- c:\program files\Avira
2009-08-19 17:27 . 2009-08-19 17:27 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
2009-08-19 17:21 . 2009-08-19 17:30 -------- d-----w- C:\ToolBar SD
2009-08-19 15:35 . 2009-08-19 17:21 -------- d-----w- c:\program files\Ad-remover
2009-08-19 14:49 . 2009-08-19 15:23 -------- d-----w- C:\Lop SD
2009-08-19 09:46 . 2009-08-19 09:46 -------- d-----w- c:\program files\CCleaner
2009-08-18 19:26 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-18 19:26 . 2009-03-06 14:20 286720 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-08-18 19:26 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe
2009-08-18 19:26 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-08-18 19:26 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-08-18 19:26 . 2009-02-09 10:53 685568 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-08-18 19:26 . 2009-02-09 10:53 735744 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-08-18 19:26 . 2009-02-09 10:53 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-08-18 19:26 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-18 19:24 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-18 19:20 . 2008-12-16 12:31 354304 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-08-18 19:18 . 2008-04-21 21:15 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-18 17:51 . 2009-08-18 17:51 -------- d-----w- c:\program files\AVG
2009-08-18 17:11 . 2009-08-20 16:29 -------- d-----w- c:\program files\trend micro
2009-08-18 17:11 . 2009-08-18 17:12 -------- d-----w- C:\rsit
2009-08-13 09:24 . 2009-08-13 09:24 0 ----a-w- c:\windows\nsreg.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 11:44 . 2005-03-17 07:07 63812 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-19 11:44 . 2005-03-17 07:07 445254 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-19 10:04 . 2008-03-18 16:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-19 10:04 . 2008-03-18 16:21 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-19 10:03 . 2005-05-16 14:24 -------- d-----w- c:\program files\Google
2009-08-05 09:00 . 2005-03-17 07:06 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:35 . 2005-03-17 07:07 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:35 . 2005-03-17 07:06 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 19:03 . 2005-03-17 07:06 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2005-03-17 07:07 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 15:57 . 2005-03-17 07:07 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2005-03-17 07:06 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2005-03-17 07:06 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-15 10:44 . 2005-03-17 07:07 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:14 . 2005-03-17 07:06 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2005-03-17 07:17 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2005-03-17 07:07 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2005-03-17 07:07 1297408 ----a-w- c:\windows\system32\quartz.dll
2006-01-10 09:55 . 2005-11-30 17:14 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-12-23 28672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\NkbMonitor.exe.lnk
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"CFSvcs"=2 (0x2)
"CCALib8"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/08/2009 19:28 108289]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [17/03/2005 09:07 14336]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 11:12 215040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-20 19:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2276)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Inventel\Gateway\WLANCFG.EXE
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2009-08-20 19:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-20 17:28
ComboFix2.txt 2009-08-20 17:03
Pre-Run: 16 170 356 736 octets libres
Post-Run: 16 158 904 320 octets libres
141 --- E O F --- 2009-08-20 16:19
Citation :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
le voici :
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2665
Windows 5.1.2600 Service Pack 3
20/08/2009 19:50:11
mbam-log-2009-08-20 (19-50-11).txt
Type de recherche: Examen rapide
Eléments examinés: 94364
Temps écoulé: 6 minute(s), 29 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Gérard\Application Data\PCenter (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\dbases (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\keys (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\temp (Rogue.PCenter) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Gérard\Application Data\PCenter\dbases\cg.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\dbases\mw.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\dbases\rd.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\dbases\sc.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\dbases\sm.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\dbases\sp.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\keys\cg.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\keys\rd.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\keys\sc.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\keys\sp.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\temp\settings.ini (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\temp\spfilter (Rogue.PCenter) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2665
Windows 5.1.2600 Service Pack 3
20/08/2009 19:50:11
mbam-log-2009-08-20 (19-50-11).txt
Type de recherche: Examen rapide
Eléments examinés: 94364
Temps écoulé: 6 minute(s), 29 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Gérard\Application Data\PCenter (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\dbases (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\keys (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\temp (Rogue.PCenter) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Gérard\Application Data\PCenter\dbases\cg.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\dbases\mw.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\dbases\rd.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\dbases\sc.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\dbases\sm.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\dbases\sp.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\keys\cg.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\keys\rd.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\keys\sc.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\keys\sp.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\temp\settings.ini (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gérard\Application Data\PCenter\temp\spfilter (Rogue.PCenter) -> Quarantined and deleted successfully.
le voila :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Gérard at 2009-08-20 20:06:12
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 15 GB (40%) free of 38 GB
Total RAM: 502 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:34, on 20/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Gérard\Bureau\RSIT.exe
C:\Program Files\trend micro\Gérard.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
--
End of file - 3638 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-12-23 28672]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-10-28 88363]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2003-10-30 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-01-21 675840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe [2003-09-05 184320]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-11-17 1077327]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-06-07 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [2004-11-15 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2005-02-25 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-16 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2]
C:\Program Files\Spyware Nuker\swnxt.exe /h []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-03-02 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility]
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe [2004-12-07 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2004-11-29 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
C:\WINDOWS\system32\TPSMain.exe [2005-01-21 266240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [2004-11-12 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
C:\PROGRA~1\Nikon\PICTUR~1\NKBMON~1.EXE [2004-09-24 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"WMPNetworkSvc"=3
"ose"=3
"CFSvcs"=2
"CCALib8"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"EditLevel"=0
"NoCommonGroups"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-08-20 19:41:27 ----D---- C:\Documents and Settings\Gérard\Application Data\Malwarebytes
2009-08-20 19:41:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-20 19:41:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-20 19:28:45 ----D---- C:\WINDOWS\temp
2009-08-20 19:28:42 ----A---- C:\ComboFix.txt
2009-08-20 18:40:24 ----A---- C:\WINDOWS\zip.exe
2009-08-20 18:40:24 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-20 18:40:24 ----A---- C:\WINDOWS\SWSC.exe
2009-08-20 18:40:24 ----A---- C:\WINDOWS\SWREG.exe
2009-08-20 18:40:24 ----A---- C:\WINDOWS\sed.exe
2009-08-20 18:40:24 ----A---- C:\WINDOWS\PEV.exe
2009-08-20 18:40:24 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-20 18:40:24 ----A---- C:\WINDOWS\grep.exe
2009-08-20 18:40:13 ----D---- C:\WINDOWS\ERDNT
2009-08-20 18:39:51 ----D---- C:\Qoobox
2009-08-20 18:37:59 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-20 11:08:06 ----D---- C:\Program Files\NOS
2009-08-20 11:08:06 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-08-19 19:27:48 ----D---- C:\Program Files\Avira
2009-08-19 19:27:48 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-19 19:21:29 ----A---- C:\TB.txt
2009-08-19 19:21:10 ----D---- C:\ToolBar SD
2009-08-19 17:35:12 ----D---- C:\Program Files\Ad-remover
2009-08-19 16:49:17 ----A---- C:\lopR.txt
2009-08-19 16:49:00 ----D---- C:\Lop SD
2009-08-19 13:38:23 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-19 13:37:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-19 13:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-19 13:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-19 13:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-19 13:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-19 13:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-19 13:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-19 13:36:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-19 13:35:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-19 13:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-08-19 13:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-19 13:35:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-19 13:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-19 13:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-19 13:34:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-19 13:34:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-19 13:33:41 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-08-19 13:33:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-19 13:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-19 13:30:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-19 13:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-19 13:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-19 13:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-19 11:46:56 ----D---- C:\Program Files\CCleaner
2009-08-18 19:51:51 ----D---- C:\Program Files\AVG
2009-08-18 19:11:51 ----D---- C:\rsit
2009-08-18 19:11:51 ----D---- C:\Program Files\trend micro
2009-08-10 10:59:08 ----D---- C:\WINDOWS\Minidump
======List of files/folders modified in the last 1 months======
2009-08-20 19:53:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-20 19:52:09 ----AD---- C:\Program Files
2009-08-20 19:52:08 ----D---- C:\WINDOWS\system32\drivers
2009-08-20 19:51:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-20 19:51:18 ----D---- C:\WINDOWS\Prefetch
2009-08-20 19:28:46 ----D---- C:\WINDOWS\system32
2009-08-20 19:28:45 ----D---- C:\WINDOWS
2009-08-20 19:23:20 ----A---- C:\WINDOWS\system.ini
2009-08-20 19:20:52 ----D---- C:\WINDOWS\system32\config
2009-08-20 19:19:06 ----D---- C:\WINDOWS\AppPatch
2009-08-20 19:18:57 ----D---- C:\Program Files\Fichiers communs
2009-08-20 19:01:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-20 18:19:48 ----SHD---- C:\WINDOWS\Installer
2009-08-20 18:19:45 ----D---- C:\WINDOWS\WinSxS
2009-08-20 11:08:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-20 11:00:35 ----D---- C:\Documents and Settings\Gérard\Application Data\Identities
2009-08-19 19:57:08 ----SD---- C:\Documents and Settings\Gérard\Application Data\Microsoft
2009-08-19 19:28:59 ----HD---- C:\WINDOWS\inf
2009-08-19 19:23:52 ----D---- C:\WINDOWS\Debug
2009-08-19 13:44:39 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-19 13:40:07 ----D---- C:\WINDOWS\system32\wbem
2009-08-19 13:36:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-19 13:35:05 ----D---- C:\WINDOWS\system32\fr-fr
2009-08-19 13:35:05 ----D---- C:\Program Files\Internet Explorer
2009-08-19 13:34:14 ----D---- C:\Program Files\Outlook Express
2009-08-19 12:05:40 ----RASH---- C:\boot.ini
2009-08-19 12:05:40 ----A---- C:\WINDOWS\win.ini
2009-08-19 12:04:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-19 12:04:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-19 12:03:59 ----D---- C:\Program Files\Google
2009-08-19 12:03:59 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-08-17 14:13:57 ----SD---- C:\WINDOWS\Tasks
2009-08-13 22:44:59 ----D---- C:\WINDOWS\system32\Restore
2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-29 21:49:13 ----RSD---- C:\WINDOWS\Fonts
2009-07-29 17:49:16 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-07-29 06:35:38 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-07-29 06:35:38 ----A---- C:\WINDOWS\system32\fontsub.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr; C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 6400]
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-07-30 6400]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-07-30 6400]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-12-02 5627]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-08-19 28520]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-12-02 23545]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-02-25 8704]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-19 55656]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-12-23 40544]
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2005-05-14 15890]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-01-14 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-01-14 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-01-14 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-01-14 2271]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-01-14 87706]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-01-14 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-01-14 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-01-14 99098]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-01-14 100603]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-28 1270572]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-27 2284864]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-22 393600]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-02-11 157056]
R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-01-08 29184]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 StickyMesger;StickyMesger; C:\WINDOWS\system32\drivers\StickyMesger.sys []
S3 catchme;catchme; \??\C:\ComboFixdfdfdf\catchme.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\PCAMPR5.sys []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PRISM_A02;802.11g USB 2.0 adapter; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2005-02-01 348640]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USB_RNDIS;Inventel Gateway; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\ACS.exe [2004-07-07 36864]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-08-19 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-19 185089]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Wlancfg;Service de lancement de WlanCfg; C:\Program Files\Inventel\Gateway\wlancfg.exe [2005-08-29 1466368]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
S4 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-11-10 36864]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Gérard at 2009-08-20 20:06:12
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 15 GB (40%) free of 38 GB
Total RAM: 502 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:06:34, on 20/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Gérard\Bureau\RSIT.exe
C:\Program Files\trend micro\Gérard.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
--
End of file - 3638 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-12-23 28672]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-10-28 88363]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2003-10-30 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY]
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-01-21 675840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe [2003-09-05 184320]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-11-17 1077327]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-06-07 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe [2004-11-15 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2005-02-25 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-16 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2]
C:\Program Files\Spyware Nuker\swnxt.exe /h []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-03-02 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Accessibility]
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe [2004-12-07 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF]
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2004-11-29 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
C:\WINDOWS\system32\TPSMain.exe [2005-01-21 266240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe [2004-11-12 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NkbMonitor.exe.lnk]
C:\PROGRA~1\Nikon\PICTUR~1\NKBMON~1.EXE [2004-09-24 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3
"WMPNetworkSvc"=3
"ose"=3
"CFSvcs"=2
"CCALib8"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-11-02 348160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"EditLevel"=0
"NoCommonGroups"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-08-20 19:41:27 ----D---- C:\Documents and Settings\Gérard\Application Data\Malwarebytes
2009-08-20 19:41:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-20 19:41:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-20 19:28:45 ----D---- C:\WINDOWS\temp
2009-08-20 19:28:42 ----A---- C:\ComboFix.txt
2009-08-20 18:40:24 ----A---- C:\WINDOWS\zip.exe
2009-08-20 18:40:24 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-20 18:40:24 ----A---- C:\WINDOWS\SWSC.exe
2009-08-20 18:40:24 ----A---- C:\WINDOWS\SWREG.exe
2009-08-20 18:40:24 ----A---- C:\WINDOWS\sed.exe
2009-08-20 18:40:24 ----A---- C:\WINDOWS\PEV.exe
2009-08-20 18:40:24 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-20 18:40:24 ----A---- C:\WINDOWS\grep.exe
2009-08-20 18:40:13 ----D---- C:\WINDOWS\ERDNT
2009-08-20 18:39:51 ----D---- C:\Qoobox
2009-08-20 18:37:59 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-20 11:08:06 ----D---- C:\Program Files\NOS
2009-08-20 11:08:06 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-08-19 19:27:48 ----D---- C:\Program Files\Avira
2009-08-19 19:27:48 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-19 19:21:29 ----A---- C:\TB.txt
2009-08-19 19:21:10 ----D---- C:\ToolBar SD
2009-08-19 17:35:12 ----D---- C:\Program Files\Ad-remover
2009-08-19 16:49:17 ----A---- C:\lopR.txt
2009-08-19 16:49:00 ----D---- C:\Lop SD
2009-08-19 13:38:23 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-08-19 13:37:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-19 13:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-19 13:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-19 13:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-19 13:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-08-19 13:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-19 13:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-19 13:36:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-08-19 13:35:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-19 13:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-08-19 13:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-19 13:35:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-19 13:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-08-19 13:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-19 13:34:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-08-19 13:34:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-19 13:33:41 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-08-19 13:33:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-19 13:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-19 13:30:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-08-19 13:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-19 13:30:34 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-19 13:29:40 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-08-19 11:46:56 ----D---- C:\Program Files\CCleaner
2009-08-18 19:51:51 ----D---- C:\Program Files\AVG
2009-08-18 19:11:51 ----D---- C:\rsit
2009-08-18 19:11:51 ----D---- C:\Program Files\trend micro
2009-08-10 10:59:08 ----D---- C:\WINDOWS\Minidump
======List of files/folders modified in the last 1 months======
2009-08-20 19:53:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-20 19:52:09 ----AD---- C:\Program Files
2009-08-20 19:52:08 ----D---- C:\WINDOWS\system32\drivers
2009-08-20 19:51:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-20 19:51:18 ----D---- C:\WINDOWS\Prefetch
2009-08-20 19:28:46 ----D---- C:\WINDOWS\system32
2009-08-20 19:28:45 ----D---- C:\WINDOWS
2009-08-20 19:23:20 ----A---- C:\WINDOWS\system.ini
2009-08-20 19:20:52 ----D---- C:\WINDOWS\system32\config
2009-08-20 19:19:06 ----D---- C:\WINDOWS\AppPatch
2009-08-20 19:18:57 ----D---- C:\Program Files\Fichiers communs
2009-08-20 19:01:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-20 18:19:48 ----SHD---- C:\WINDOWS\Installer
2009-08-20 18:19:45 ----D---- C:\WINDOWS\WinSxS
2009-08-20 11:08:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-20 11:00:35 ----D---- C:\Documents and Settings\Gérard\Application Data\Identities
2009-08-19 19:57:08 ----SD---- C:\Documents and Settings\Gérard\Application Data\Microsoft
2009-08-19 19:28:59 ----HD---- C:\WINDOWS\inf
2009-08-19 19:23:52 ----D---- C:\WINDOWS\Debug
2009-08-19 13:44:39 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-19 13:40:07 ----D---- C:\WINDOWS\system32\wbem
2009-08-19 13:36:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-19 13:35:05 ----D---- C:\WINDOWS\system32\fr-fr
2009-08-19 13:35:05 ----D---- C:\Program Files\Internet Explorer
2009-08-19 13:34:14 ----D---- C:\Program Files\Outlook Express
2009-08-19 12:05:40 ----RASH---- C:\boot.ini
2009-08-19 12:05:40 ----A---- C:\WINDOWS\win.ini
2009-08-19 12:04:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-19 12:04:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-19 12:03:59 ----D---- C:\Program Files\Google
2009-08-19 12:03:59 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-08-17 14:13:57 ----SD---- C:\WINDOWS\Tasks
2009-08-13 22:44:59 ----D---- C:\WINDOWS\system32\Restore
2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-29 21:49:13 ----RSD---- C:\WINDOWS\Fonts
2009-07-29 17:49:16 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-07-29 06:35:38 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-07-29 06:35:38 ----A---- C:\WINDOWS\system32\fontsub.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 SerTVOutCtlr;TOSHIBA Controls Driver -EPIOMngr; C:\WINDOWS\system32\drivers\EPIOMngr.sys [2004-07-30 6400]
R1 SrvcEKIOMngr;SrvcEKIOMngr; C:\WINDOWS\System32\Drivers\EKIoMngr.sys [2004-07-30 6400]
R1 SrvcSSIOMngr;SrvcSSIOMngr; C:\WINDOWS\System32\Drivers\SSIoMngr.sys [2004-07-30 6400]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-12-02 5627]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-08-19 28520]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-12-02 23545]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-02-25 8704]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-19 55656]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-12-23 40544]
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2005-05-14 15890]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-01-14 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-01-14 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-01-14 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-01-14 2271]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-01-14 87706]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-01-14 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-01-14 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-01-14 99098]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-01-14 100603]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-28 1270572]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-27 2284864]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2004-12-22 393600]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-11-02 773565]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-02-11 157056]
R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-01-08 29184]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 StickyMesger;StickyMesger; C:\WINDOWS\system32\drivers\StickyMesger.sys []
S3 catchme;catchme; \??\C:\ComboFixdfdfdf\catchme.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; C:\WINDOWS\system32\drivers\PCAMPR5.sys []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PRISM_A02;802.11g USB 2.0 adapter; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2005-02-01 348640]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 215040]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USB_RNDIS;Inventel Gateway; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\ACS.exe [2004-07-07 36864]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-08-19 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-19 185089]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Wlancfg;Service de lancement de WlanCfg; C:\Program Files\Inventel\Gateway\wlancfg.exe [2005-08-29 1466368]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
S4 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-11-10 36864]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
-----------------EOF-----------------
1/
Lance ce fichier : C:\Program Files\trend micro\Gérard.exe
Choisis Do a system scan only.
Coche les cases qui sont devant les lignes suivantes :
Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
Ferme HijackThis.
2/
Télécharge OTM (OldTimer) sur ton Bureau.
Double-clique sur OTM.exe afin de le lancer.
Copie (Ctrl+C) le texte suivant ci-dessous :
Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton MoveIt! puis ferme OTM.
---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
R3 - Default URLSearchHook is missing
2/
:processes
explorer.exe
:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2]
:files
C:\Program Files\Spyware Nuker
:commands
[purity]
[emptytemp]
[reboot]
explorer.exe
:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2]
:files
C:\Program Files\Spyware Nuker
:commands
[purity]
[emptytemp]
[reboot]
---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Le nom du rapport correspond au moment de sa création : date_heure.log
et voila ![:)]( ":)")
:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2\ deleted successfully.
========== FILES ==========
File/Folder C:\Program Files\Spyware Nuker not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 123176 bytes
->Temporary Internet Files folder emptied: 235121 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: Gérard
->Temp folder emptied: 8814 bytes
->Temporary Internet Files folder emptied: 12640150 bytes
->Java cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66284 bytes
->Temporary Internet Files folder emptied: 33438 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 99840 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 12,65 mb
OTM by OldTimer - Version 3.0.0.6 log created on 08202009_202248
Files moved on Reboot...
Registry entries deleted on Reboot...
:All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2\ deleted successfully.
========== FILES ==========
File/Folder C:\Program Files\Spyware Nuker not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 123176 bytes
->Temporary Internet Files folder emptied: 235121 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: Gérard
->Temp folder emptied: 8814 bytes
->Temporary Internet Files folder emptied: 12640150 bytes
->Java cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66284 bytes
->Temporary Internet Files folder emptied: 33438 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 99840 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 12,65 mb
OTM by OldTimer - Version 3.0.0.6 log created on 08202009_202248
Files moved on Reboot...
Registry entries deleted on Reboot...
Pour redémarrer en mode sans échec :
Déroule la liste des instructions ci-dessous :
SDFix: Version 1.240
Run by G‚rard on 20/08/2009 at 21:40
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\ADDCQ.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDJG32.EXE - Deleted
C:\WINDOWS\SYSTEM32\ADDLX32.EXE - Deleted
C:\WINDOWS\SYSTEM32\APPXP.EXE - Deleted
C:\WINDOWS\SYSTEM32\CRFW.EXE - Deleted
C:\WINDOWS\SYSTEM32\D3PP.EXE - Deleted
C:\WINDOWS\SYSTEM32\IPGD.EXE - Deleted
C:\WINDOWS\SYSTEM32\MSMAPI32.EXE - Deleted
C:\WINDOWS\SYSTEM32\NETNF32.EXE - Deleted
C:\WINDOWS\SYSTEM32\SDKSH.EXE - Deleted
C:\WINDOWS\SYSTEM32\SYSZV32.EXE - Deleted
C:\WINDOWS\IELV.EXE - Deleted
C:\WINDOWS\IPEM.EXE - Deleted
C:\WINDOWS\MFCLW32.EXE - Deleted
C:\WINDOWS\MSWL.EXE - Deleted
C:\WINDOWS\NETDD32.EXE - Deleted
C:\WINDOWS\NETIH32.EXE - Deleted
C:\WINDOWS\SDKEX.EXE - Deleted
C:\WINDOWS\SYSZQ.EXE - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-20 21:50:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000013a
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData"="C:\Documents and Settings\Gérard\Local Settings\Application Data"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000095
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Telephony\HandoffPriorities]
"RequestMakeCall"="dialer.exe"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\jhgjhgjhg.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD2.exe"
Fri 16 Dec 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe"
Mon 25 Apr 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll"
Wed 13 May 2009 10,053,112 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Fri 30 Dec 2005 399 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti62.tmp"
Fri 2 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 14 Oct 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7e808a3c27f845e09ebb11aa4251afd5\BIT15.tmp"
Finished!
/!\ process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus./!\
** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix.
Lassé par la pub ? Créez un compte
