Est-ce un backdoor ? comment l'enlever ? !
Forum Sécurité - Virus : Est-ce un backdoor ? comment l'enlever ? !
Bonjour,
J'espère que vous pourrez m'aider et je vous remercie d'avance !
Voilà le problème ! Hier midi un message windows me signal que mon par feu est désactivé, effectivement il a été désactivé je ne sais comment... Le temps de le réactiver que Avast me détecte un virus ! Il me dit que "sa mémoire de démarrage est infectée !" et il me conseil de redémarrer l'ordi puis d'effectuer un scan avant démarrage ... 2h après il me détecte moult virus qu'il éradique ... je regarde alors l'icone d'Avast en bas à droite et je me rends compte que le bouclier standard ne marche pas ! (Avast ne test aucun fichier ! même après plusieurs minutes !) les autres boucliers marchent ... trouvant ça bizarre je vais donc sur le net à la recherches d'infos ! Mais lorsque je tape mon problème sur google une page blanche s'affiche l'espace de 5 secondes puis les résultats google apparaissent... je clique alors sur le premier lien intéressant mais là je suis redirigé vers une page dangereuse (bloquée par Mac Afee site advisor !) bon bon ... j'ai trouvé la solution pour surfer sur le net, j'ouvre tout les liens de google dans un nouvel onglet (par pression sur la molette sous firefox) et alors la page s'affiche !
Après moult recherches sur le sujet je lance Malwarebytes' Anti-Malware et Spybot ! ... mais là encore un problème ! Ils ne se lancent tout simplement PAS ! ... quelque chose semble les bloquer !
Je télécharge alors Ad aware ... qui se lance mais qui après plusieurs minutes de scan ne trouve rien ! Windows Defender également ... Virtumondobegone de même ... J'ai nettoyer mes clées registres via Ccleaner et j'ai fait le nettoyage mais toujours le problème alors j'ai finalement opté pour vous poster mon log HiJackThis en espérant de tout coeur que vous pourriez m'aider !
le voici ! :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:24, on 31/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\MIC\HAWAII\Hawaii.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
D:\Documents and Settings\n\Bureau\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini15.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MM_MODULE] C:\Program Files\MIC\HAWAII\Hawaii.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Documents and Settings\n\Bureau\soluce\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/ga [...] n11USA.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 15051 bytes
Message édité par simant le 31-08-2009 à 12:21:10
Bonjour,
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Il va te demander d'installer la console de récupération : accepte.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
Bonjour et merci pour ton aide ! Après l'utilisation de combofix le problème semble régler voilà le rapport :
ComboFix 09-08-30.04 - n 31/08/2009 13:05.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1442 [GMT 2:00]
Running from: d:\documents and settings\n\Bureau\scan.exe.exe
AV: avast! antivirus 4.8.1351 [VPS 090830-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1135394084-3572311358-522678530-500
c:\recycler\S-1-5-21-3158106081-2075994238-2530972146-1005
c:\recycler\S-1-5-21-3158106081-2075994238-2530972146-1006
c:\windows\Installer\17aeba4.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\kb913800.exe
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\drivers\UACvdkmoxulto.sys
c:\windows\system32\UACblfdiqtkwp.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACpakcdoypqw.log
c:\windows\system32\UACtbwyyrmtbm.dll
c:\windows\system32\UACubrkromhhw.dat
c:\windows\system32\UACuwswijbpjy.dll
c:\windows\system32\UACxvkldaaowv.dll
c:\windows\system32\UACyavyqwujno.db
D:\install.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))
.
2009-08-30 20:05 . 2009-08-30 20:05 -------- d-----w- c:\windows\ERUNT
2009-08-30 18:33 . 2009-08-30 18:20 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-30 18:31 . 2009-08-30 18:31 -------- d-----w- d:\documents and settings\LocalService\Bureau
2009-08-30 18:18 . 2009-01-18 21:43 2892112 -c--a-w- d:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-08-30 18:18 . 2009-08-30 18:18 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-30 18:18 . 2009-08-30 18:20 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
2009-08-30 13:03 . 2009-08-30 13:03 70144 ----a-w- c:\windows\system32\drivers\ncbvpesvmxecxvor.sys
2009-08-30 12:53 . 2009-08-30 12:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-19 09:10 . 2009-08-19 09:10 -------- d-----w- C:\Fraps
2009-08-13 17:01 . 2009-08-13 17:01 -------- d-----w- c:\windows\ServicePackFiles
2009-08-13 08:49 . 2009-06-05 07:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-05 09:06 . 2009-08-05 09:06 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 21:58 . 2009-08-03 21:58 -------- d-----w- d:\documents and settings\n\Local Settings\Application Data\PCHealth
2009-08-02 20:09 . 2009-08-02 20:09 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache
2009-08-02 16:25 . 2009-08-02 17:11 -------- d-----w- C:\render
2009-08-02 16:18 . 2009-08-02 16:18 -------- d-----w- d:\documents and settings\n\Application Data\Blender Foundation
2009-08-02 15:59 . 2009-08-02 16:09 -------- d-----w- c:\program files\MagicISO
2009-08-02 09:05 . 2009-08-02 09:05 -------- d-----w- d:\documents and settings\LocalService\Application Data\DivX
2009-08-01 21:05 . 2009-08-01 21:05 -------- d-----w- c:\program files\CamStudio
2009-08-01 17:06 . 2009-08-01 17:06 -------- d-----w- d:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-08-01 15:46 . 2006-10-17 20:29 487479 ----a-w- c:\windows\system32\SkinMagic.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 11:03 . 2007-05-23 14:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-31 10:48 . 2007-05-23 14:35 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-31 09:40 . 2008-08-26 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-30 18:18 . 2007-05-24 15:55 -------- d-----w- c:\program files\Lavasoft
2009-08-30 17:38 . 2004-09-23 16:12 557450 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-30 17:38 . 2004-09-23 16:12 102648 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-30 17:03 . 2008-04-27 07:59 -------- d-----w- c:\program files\Microsoft SQL Server
2009-08-27 17:55 . 2007-09-08 13:49 -------- d-----w- d:\documents and settings\n\Application Data\teamspeak2
2009-08-25 18:37 . 2008-09-19 14:43 -------- d-----w- d:\documents and settings\n\Application Data\Audacity
2009-08-25 17:48 . 2008-04-26 16:47 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2009-08-25 10:17 . 2007-08-19 17:26 -------- d-----w- d:\documents and settings\n\Application Data\OpenOffice.org2
2009-08-22 09:33 . 2007-04-10 17:15 -------- d-----w- c:\program files\Lionhead Studios Ltd
2009-08-17 16:10 . 2007-07-06 10:20 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2007-07-06 10:20 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2007-07-06 10:20 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-05 20:01 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-05 20:01 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2007-07-06 10:20 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2007-07-06 10:20 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2007-07-06 10:20 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2007-07-06 10:20 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:06 . 2008-11-02 12:57 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 14:30 . 2008-07-16 10:24 -------- d-----w- d:\documents and settings\n\Application Data\Apple Computer
2009-08-03 11:36 . 2008-08-26 17:02 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-08-26 17:02 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 21:31 . 2009-08-01 21:31 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-01 21:28 . 2006-10-09 06:26 -------- d-----w- c:\program files\Fichiers communs\Real
2009-08-01 10:48 . 2009-08-01 10:48 -------- d-----w- c:\program files\bobyte
2009-07-31 13:40 . 2009-07-31 13:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 16:59 . 2009-04-24 17:56 -------- d-----w- d:\documents and settings\n\Application Data\HPAppData
2009-07-17 18:56 . 2008-11-02 12:57 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:19 . 2009-05-15 19:46 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-17 16:18 . 2009-05-15 19:46 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-17 13:43 . 2009-05-15 19:46 139152 ----a-w- d:\documents and settings\n\Application Data\PnkBstrK.sys
2009-07-17 13:43 . 2009-05-15 19:46 139152 ----a-w- d:\documents and settings\n\Application Data\PnkBstrK.sys
2009-07-17 13:43 . 2009-05-15 19:45 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-13 21:43 . 2004-09-23 16:13 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:57 . 2004-09-23 16:11 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 10:10 . 2007-08-23 11:35 211400 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-06-25 18:36 . 2008-11-02 12:57 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2008-11-02 12:57 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:36 . 2008-11-02 12:57 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2008-11-02 12:57 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2008-11-02 12:57 527360 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2008-11-02 12:57 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2008-11-02 12:57 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2008-11-02 12:57 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2008-11-02 12:57 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2008-11-02 12:57 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2008-11-02 12:57 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2008-11-02 12:57 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 14:36 . 2009-07-17 13:24 1291640 ----a-w- d:\documents and settings\n\Application Data\Mozilla\Firefox\Profiles\bewerzgr.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-25 14:36 . 2009-07-17 13:24 729088 ----a-w- d:\documents and settings\n\Application Data\Mozilla\Firefox\Profiles\bewerzgr.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-22 11:49 . 2008-11-02 12:57 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2008-11-02 12:57 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2008-11-02 12:57 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2008-11-02 12:57 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-16 14:54 . 2008-11-02 12:57 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:54 . 2008-11-02 12:57 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 11:33 . 2008-11-02 12:57 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 11:32 . 2008-11-02 12:57 82944 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:23 . 2008-11-02 12:57 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:30 . 2008-11-02 12:57 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-06 16:57 . 2009-06-06 16:57 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-05 07:46 . 2008-11-02 12:57 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:24 . 2008-11-02 12:57 1297408 ----a-w- c:\windows\system32\quartz.dll
2007-01-30 20:22 . 2007-01-30 20:22 408665 -c--a-w- c:\program files\instdb.inf
2007-01-30 20:22 . 2007-01-30 20:22 52876 -c--a-w- c:\program files\setup.log
2007-01-30 20:22 . 2007-01-30 20:22 773 ----a-w- c:\program files\OFFICE One 6.5.lnk
2007-01-30 20:22 . 2007-01-30 20:22 761 ----a-w- c:\program files\OFFICE One Setup.lnk
2004-03-08 05:00 . 2004-03-08 05:00 7 -c--a-w- c:\program files\ooversion.txt
2004-03-08 05:00 . 2004-03-08 05:00 20680 -c--a-w- c:\program files\license.txt
2004-03-08 05:00 . 2004-03-08 05:00 17 -c--a-w- c:\program files\license.html
2004-03-08 05:00 . 2004-03-08 05:00 15 -c--a-w- c:\program files\readme.txt
2004-03-08 05:00 . 2004-03-08 05:00 0 -c--a-w- c:\program files\readme.html
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-03-18 630784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"MM_MODULE"="c:\program files\MIC\HAWAII\Hawaii.exe" [2005-11-16 121856]
"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2005-08-12 1859584]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"F-Secure Manager"="c:\program files\Pack Securite\Common\FSM32.EXE" [2007-04-26 183208]
"F-Secure TNB"="c:\program files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 740208]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-08-30 520024]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"NECHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2006-01-11 548864]
"atwtusb"="atwtusb.exe" - c:\windows\system32\ATWTUSB.EXE [2005-09-21 290816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-6-28 40960]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-4-5 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2008-4-5 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2005-08-12 15:01 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\D:^Documents and Settings^n^Menu Démarrer^Programmes^Démarrage^OFFICE One 6.5.lnk]
path=d:\documents and settings\n\Menu Démarrer\Programmes\Démarrage\OFFICE One 6.5.lnk
backup=c:\windows\pss\OFFICE One 6.5.lnkStartup
[HKLM\~\startupfolder\D:^Documents and Settings^n^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk]
path=d:\documents and settings\n\Menu Démarrer\Programmes\Démarrage\Yahoo! Widget Engine.lnk
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\JEUX 2\\empire of sport\\Empire of Sports\\NetworkDiagnostic.exe"=
"d:\\JEUX 2\\empire of sport\\Empire of Sports\\EmpireOfSports.exe"=
"d:\\Documents and Settings\\n\\Local Settings\\Application Data\\F4\\ClientUpdater\\ClientUpdater.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\JEUX 2\\arma\\ArmADemo\\ArmADemo.exe"=
"d:\\JEUX 2\\Left 4 Dead\\Left 4 Dead\\left4dead.exe"=
"d:\\JEUX 2\\BF 1942\\BF1942.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/08/2009 20:20 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/04/2008 22:01 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/04/2008 22:01 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/01/2009 23:04 210216]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [09/10/2006 08:11 882688]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [09/10/2006 08:13 7040]
S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [26/12/2007 18:25 22272]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [14/04/2004 14:52 20736]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/02/2007 05:29 29178224]
S3 USBModem000;LGE Mobile USB Modem TC;c:\windows\system32\drivers\usbser.sys [02/11/2008 14:57 25600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:20]
2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2009-08-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-AdobeBridge - (no file)
Notify-AtiExtEvent - (no file)
Notify-dimsntfy - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.mini15.com
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\Pack Securite\FSPS\program\FSLSP.DLL
Trusted Zone: localhost
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - d:\documents and settings\n\Application Data\Mozilla\Firefox\Profiles\bewerzgr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Deezer
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: d:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: d:\documents and settings\n\Application Data\Mozilla\Firefox\Profiles\bewerzgr.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-31 13:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2406763803-1347832285-3105926710-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9c,26,e4,b7,e2,0e,c6,88,9b,d7,37,60,f4,15,b8,72,c6,d9,60,51,bf,fd,87,
ca,7f,74,d1,5f,2c,6e,f5,f0,24,3e,53,80,9e,67,9a,c4,d8,dd,bb,2c,15,98,07,ab,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(844)
c:\apps\Softex\OmniPass\opxpgina.dll
- - - - - - - > 'lsass.exe'(904)
c:\program files\Pack Securite\FSPS\program\FSLSP.DLL
- - - - - - - > 'explorer.exe'(2852)
c:\program files\RocketDock\RocketDock.dll
c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\apps\Softex\OmniPass\SCUREDLL.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Pack Securite\Common\FSMA32.EXE
c:\program files\Pack Securite\Common\FSMB32.EXE
c:\program files\Pack Securite\Common\FCH32.EXE
c:\windows\system32\nvsvc32.exe
c:\apps\Softex\OmniPass\OmniServ.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Pack Securite\Common\FAMEH32.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Pack Securite\FSPC\fspc.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\apps\Softex\OmniPass\OPXPApp.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Pack Securite\FSAUA\program\fsaua.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Pack Securite\FSAUA\program\fsus.exe
c:\program files\Fingerprint Sensor\ATSwpNav.exe
c:\program files\Pack Securite\FSGUI\fsguidll.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-08-31 13:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-31 11:25
Pre-Run: 2 243 522 560 octets libres
Post-Run: 2 361 311 232 octets libres
370 --- E O F --- 2009-08-30 17:03
Merci encore pour ton aide
Bien.
- Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
- Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
- Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
- Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
- Sélectionne Exécuter un examen rapide.
- Clique sur Rechercher. L'analyse démarre.
- A la fin de l'analyse, un message s'affiche :
| Citation : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés. |
- Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
- Ferme tes navigateurs.
- Si des malwares ont été détectés, clique sur Afficher les résultats.
- Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
- MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
J'avais passé un coup de mbam juste après combofix (vu qu'il remarchait et que je savais que c'était un très bon antimalware je me suis dit que ça ne pouvait pas faire de mal ... mauvaise initiative ? 
)
Il avait trouvé 3 fichiers infectés il a signalé les avoir bien éradiquer mais je n'avais pas fermé mes navigateurs ! (grave ?)
Je ne trouve pas le rapport sais-tu où ils sont enregistrés ?
Je refais un autre scan Mbam en ce moment même je t'envoie les résultat dès qu'il est terminé !
Merci pour ton aide encore !
Edit : voilà le résultat du second scan par Mbam ... il n'a rien trouvé !
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2721
Windows 5.1.2600 Service Pack 2
31/08/2009 16:33:55
mbam-log-2009-08-31 (16-33-55).txt
Type de recherche: Examen rapide
Eléments examinés: 140022
Temps écoulé: 5 minute(s), 31 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Message édité par simant le 31-08-2009 à 16:35:14
Tu peux récupérer le rapport dans l'onglet Rapports/Logs de MBAM.
Ohh effectivement je l'ai trouvé ! le voici !
->
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2720
Windows 5.1.2600 Service Pack 2
31/08/2009 13:46:26
mbam-log-2009-08-31 (13-46-26).txt
Type de recherche: Examen rapide
Eléments examinés: 139945
Temps écoulé: 6 minute(s), 9 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\office one 450 fonts_is1 (Worm.Archive) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\meta4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
- Relance MBAM, va dans Quarantaine et supprime tout.
- Fais analyser ce fichier : c:\windows\system32\drivers\ncbvpesvmxecxvor.sys
- Sur VirusTotal et poste le lien de l'analyse.
Voilà ce que VirusTotal me dit :
Le fichier a déjà été analysé:
MD5: 25464c6a2a44f3c1f64fe18bb3a407df
First received: 2006.12.22 14:53:17 UTC
Date 2009.06.13 06:01:31 UTC [>79D]
Résultats 0/40
Permalink: analisis/160fe14a04c81fc94e208850df8283f9a3736840a418ca51babbd6f1056ffbcf-1244872891
EDIT :j'ai fait l'option re-analyser maintenant et j'attends les résultats !
Message édité par simant le 31-08-2009 à 16:56:39
Voilà les résultats (en espérant que ça soit bien ça que tu voulais ?) :
Fichier ncbvpesvmxecxvor.sys reçu le 2009.08.31 14:53:45 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/33 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 43 et 62 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.08.31 -
AhnLab-V3 5.0.0.2 2009.08.29 -
AntiVir 7.9.1.7 2009.08.31 -
Antiy-AVL 2.0.3.7 2009.08.31 -
Authentium 5.1.2.4 2009.08.31 -
BitDefender 7.2 2009.08.31 -
CAT-QuickHeal None 2009.08.31 -
ClamAV 0.94.1 2009.08.31 -
Comodo 2124 2009.08.31 -
DrWeb 5.0.0.12182 2009.08.31 -
eSafe 7.0.17.0 2009.08.30 -
eTrust-Vet 31.6.6712 2009.08.31 -
F-Prot None 2009.08.29 -
F-Secure 8.0.14470.0 2009.08.31 -
GData 19 2009.08.31 -
Ikarus T3.1.1.68.0 2009.08.31 -
K7AntiVirus 7.10.832 2009.08.31 -
Kaspersky 7.0.0.125 2009.08.31 -
McAfee 5725 2009.08.30 -
McAfee+Artemis 5725 2009.08.30 -
Microsoft None 2009.08.31 -
NOD32 4384 2009.08.31 -
nProtect 2009.1.8.0 2009.08.31 -
Prevx 3.0 2009.08.31 -
Rising 21.45.04.00 2009.08.31 -
Sophos 4.45.0 None.. -
Sunbelt 3.2.1858.2 2009.08.31 -
Symantec 1.4.4.12 2009.08.31 -
TheHacker 6.3.4.3.393 2009.08.31 -
TrendMicro 8.950.0.1094 2009.08.30 -
VBA32 None 2009.08.30 -
ViRobot 2009.8.31.1909 2009.08.31 -
VirusBuster 4.6.5.0 2009.08.30 -
Information additionnelle
File size: 70144 bytes
MD5...: 25464c6a2a44f3c1f64fe18bb3a407df
SHA1..: 1b625a1f95cd1e156375953943d6ef1f43bb9915
SHA256: 160fe14a04c81fc94e208850df8283f9a3736840a418ca51babbd6f1056ffbcf
ssdeep: 3::
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: OpenGL object (29.2%)
Lotus 123 Worksheet (generic) (14.6%)
HSC music composer song (9.2%)
Game Music Creator Music (8.2%)
MacBinary 1 header (7.5%)
EDIT : j'ai réalisé que tu parlais de lien ? donc plutôt un truc genre -> http://www.virustotal.com/fr/anali [...] 1251730425
?
Message édité par simant le 31-08-2009 à 17:01:33
Peux-tu envoyé ce fichier à l'adresse suivante ?
--> http://secubox.gateweb.org/mad.php
Voilà le fichier est envoyé ! Tu penses qu'il est nocif ?
Une fois le fichier envoyé sur Mad que faire ?
| Citation : Voilà le fichier est envoyé ! Tu penses qu'il est nocif ?
|
--> On verra si MAD confirme ce que je pense. Supprime le fichier.
Tu as deux antivirus, il faut en retirer un.
Plus de souci ?
Le fichier ne veut pas se supprimer il est déjà utilisé par un tiers programme ! 
Sinon tu me dis que j'ai 2 antivirus ? Pourtant je n'ai installé que Avast ! (quel est l'autre antivirus ? je sais que mon ordi était fournit avec Norton mais je l'avais (mal ?) enlevé !)
Sinon tout semble bien remarcher je n'ose pas encore faire énormément de choses dans l'attente de ton avis sur la chose.
Mais je peux d'ors et déjà dire que Avast n'est plus bloqué (il n'est plus question de "mémoire de démarrage infectée" et son bouclier standard rescanne comme auparavant)
Mbam remarche
Je ne suis plus redirigé vers de mauvaises pages internet
Et j'avais également remarqué qu'un processus Iexplorer (pour internet explorer je pense ? ^^) était systématiquement lancé dans le tab processus du gestionnaire de tâches ! j'avais beau y mettre fin il revenait systématiquement ! n'utilisant pas IE (mais firefox) j'ai alors lancé IE qui m'a demandé si je voulais ou non restaurer mes dernières pages ... j'ai eu le malheur de mettre oui résultat -> 137 pages IE ouvertes d'un seul cup et plantage pécé !
Mais depuis combofix plus de processus Iexplorer et plus de problèmes avec IE !
Donc tout m'a l'air clean ! Tu en penses quoi ? Faut-il supprimer le fichier que tu penses dangereux ? Comment faire vu qu'un tiers y accède ?
| Citation : Sinon tu me dis que j'ai 2 antivirus ? Pourtant je n'ai installé que Avast ! (quel est l'autre antivirus ? je sais que mon ordi était fournit avec Norton mais je l'avais (mal ?) enlevé !) |
--> F-Secure.
| Citation : Faut-il supprimer le fichier que tu penses dangereux ? |
--> On peut attendre MAD (Réponse dans la soirée normalement).
F-secure doit être l'antivirus de mon FAI ! je vais tenter de le supprimer !
Merci encore pour ton aide et okay attendons la réponse de Mad !
D'après toi c'est sans risques de me connecter à msn ? Car j'ai une discussion importante mais je ne veux quand même pas tenter le diable !
| Citation : F-secure doit être l'antivirus de mon FAI ! je vais tenter de le supprimer ! |
--> Oui sûrement. Par contre, Avast pas top, mieux vaut avoir AntiVir.
Impossible d'enlever F-Secure je ne trouve rien pour !
Edit : au passage j'ai réussis à supprimer le fichier que tu suspectais auparavant !
Message édité par simant le 31-08-2009 à 18:32:15
/!\ Seul simant peut suivre cette procédure /!\
Désactive toute protection résidente (Antivirus...) !
---> Copie (CTRL+C) le texte se situant dans le cadre ci-dessous :
KillAll::
|
---> Ouvre le Bloc-notes : Démarrer > Tous les programmes > Accessoires > Bloc-notes.
- Colle (CTRL+V) le texte dans le Bloc-notes.
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer.
- Quitte le Bloc-notes.
---> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
- Cela va relancer Combofix : au message qui apparaît, accepte.
- Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher, copie/colle son contenu sur le forum.
- Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
Bonjour ! Voilà la manip' est effectuée ! Je ne sais pas si le rapport de Combofix dit que le fichier ncbvpesvmxecxvor.sys est supprimé ou pas mais je tient juste à signaler que j'avais réussis à le supprimer finalement hier !
voilà le rapport et merci encore pour ton aide ! :
ComboFix 09-08-30.04 - n 01/09/2009 11:27.2.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1364 [GMT 2:00]
Running from: d:\documents and settings\n\Bureau\scan.exe.exe
Command switches used :: d:\documents and settings\n\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090831-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FILE ::
"c:\windows\system32\drivers\ncbvpesvmxecxvor.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Pack Securite\Common\admin.pub
c:\program files\Pack Securite\Common\ALERTS\a26.tmp
c:\program files\Pack Securite\Common\ALERTS\a3D.tmp
c:\program files\Pack Securite\Common\ALERTS\a42.tmp
c:\program files\Pack Securite\Common\ALERTS\a5.tmp
c:\program files\Pack Securite\Common\ALERTS\a9.tmp
c:\program files\Pack Securite\Common\AMEHEVN.DLL
c:\program files\Pack Securite\Common\AMEHLOG.DLL
c:\program files\Pack Securite\Common\AMEHSMT.DLL
c:\program files\Pack Securite\Common\AMEHTVL.DLL
c:\program files\Pack Securite\Common\commdir\commdir.cfg
c:\program files\Pack Securite\Common\crypto.ini
c:\program files\Pack Securite\Common\custom\custom1\common\gres.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\advanced\fsavauires.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-cht.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-csy.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-dan.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-deu.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-ell.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-eng.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-esn.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-eti.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-fin.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-fra.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-hun.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-ita.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-nld.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-nor.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-plk.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-ptb.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-ptg.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-rom.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-rus.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-slv.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-sve.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-trk.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres-zhh.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\password\pcpwdres.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\scan_clean\fsavures.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\dialogs\securitynews\fsavvnres.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\flyer\flyer.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-cht.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-csy.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-dan.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-deu.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-ell.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-eng.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-esn.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-eti.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-fin.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-fra.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-hun.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-ita.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-jpn.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-nld.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-nor.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-plk.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-ptb.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-ptg.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-rom.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-rus.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-slv.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-sve.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-trk.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\main\fsavgres-zhh.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\plugins\parental\fshttps.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\plugins\parental\fspchres.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\plugins\parental\fspcinst.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\plugins\parental\fspcmsie.custom
c:\program files\Pack Securite\Common\custom\custom1\fsgui\plugins\parental\webroot\images\bmp_pc_arrow.png
c:\program files\Pack Securite\Common\custom\custom1\fsgui\plugins\parental\webroot\images\bmp_pc_flogo.png
c:\program files\Pack Securite\Common\custom\custom1\fsgui\plugins\parental\webroot\images\bmp_pc_shadow.png
c:\program files\Pack Securite\Common\custom\custom1\fsgui\plugins\parental\webroot\pc-ie-kid.htm
c:\program files\Pack Securite\Common\custom\custom1\fsgui\plugins\parental\webroot\pc-ie-teen.htm
c:\program files\Pack Securite\Common\custom\custom1\fsgui\plugins\parental\webroot\pctl-profile.htm
c:\program files\Pack Securite\Common\custom\custom1\fsgui\plugins\spam\fsscmso.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-csy.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-dan.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-deu.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-ell.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-eng.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-esn.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-fin.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-fra.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-hun.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-ita.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-nld.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-nor.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-plk.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-ptb.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-ptg.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-slv.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-sve.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres-trk.custom
c:\program files\Pack Securite\Common\custom\custom1\fsma\fsmres.custom
c:\program files\Pack Securite\Common\custom\custom1\help\helpinst.custom
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_all.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_CriticalWarning.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_Errorstate.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_fsdiagui.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_Info.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_Install.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_ispnews.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_newsmessage.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_Progress_100.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_Progress_15.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_Progress_30.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_Progress_45.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_Progress_60.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_Progress_75.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_Progress_90.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_uninstall.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_Unloaded.ico
c:\program files\Pack Securite\Common\custom\custom1\icons\ico_Warning.ico
c:\program files\Pack Securite\Common\custom\custom1\isp news\ispnews.custom
c:\program files\Pack Securite\Common\custom\custom1\pics\background.bmp_380x392.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner.gif
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_advanced_591x59.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_advanced_788x72.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_email_scan_rprt_582x60.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_ispnews.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_level_369x60.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_level_492x74.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_main_563x60.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_main_750x74.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_setup_370x60.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_setup_492x74.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_start-up_563x60.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_start-up_750x74.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_tnb_458x60.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_tnb_610x74.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_virus_news_422x60.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_vs_common_422x60.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\banner_wizard_634x90.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\bmp_about_406x259.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\bmp_progressicon_16x16.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\bmp_splash_208x320.bmp
c:\program files\Pack Securite\Common\custom\custom1\pics\f-securelogo.gif
c:\program files\Pack Securite\Common\custom\custom1\pics\f_icon.gif
c:\program files\Pack Securite\Common\custom\custom1\pics\f_icon_errorstate.gif
c:\program files\Pack Securite\Common\custom\custom1\pics\f_icon_installing.gif
c:\program files\Pack Securite\Common\custom\custom1\pics\f_icon_unloaded.gif
c:\program files\Pack Securite\Common\custom\custom1\pics\f_icon_warning.gif
c:\program files\Pack Securite\Common\custom\custom1\pics\f_icona.gif
c:\program files\Pack Securite\Common\custom\custom1\pics\splash.jpg
c:\program files\Pack Securite\Common\custom\custom1\pics\sys_tray.gif
c:\program files\Pack Securite\Common\custom\custom1\pics\systray_icon_critical_warning.gif
c:\program files\Pack Securite\Common\custom\custom1\pics\systray_icon_download_progress.gif
c:\program files\Pack Securite\Common\custom\custom1\pics\tooltip.gif
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-cht.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-csy.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-dan.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-deu.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-ell.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-eng.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-esn.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-eti.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-fin.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-fra.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-hun.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-ita.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-jpn.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-nld.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-nor.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-plk.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-ptb.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-ptg.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-rom.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-rus.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-slv.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-sve.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-trk.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\fsguiins-zhh.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-cht.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-csy.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-dan.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-deu.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-ell.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-eng.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-esn.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-eti.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-fin.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-fra.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-hun.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-ita.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-jpn.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-nld.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-nor.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-plk.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-ptb.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-ptg.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-rom.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-rus.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-slv.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-sve.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-trk.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\setup-zhh.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-csy.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-dan.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-deu.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-ell.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-eng.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-esn.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-fin.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-fra.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-hun.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-ita.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-jpn.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-nld.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-nor.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-plk.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-ptb.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-ptg.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-slv.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-sve.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres-trk.custom
c:\program files\Pack Securite\Common\custom\custom1\setup\strres.custom
c:\program files\Pack Securite\Common\custom\custom1\splash\aboutres.custom
c:\program files\Pack Securite\Common\custom\custom1\start-up wizard\fsswgres.custom
c:\program files\Pack Securite\Common\custom\custom1\tnb\tnbres.custom
c:\program files\Pack Securite\Common\custom\uninst.log
c:\program files\Pack Securite\Common\dfuninst.log
c:\program files\Pack Securite\Common\FAMEH32.EXE
c:\program files\Pack Securite\Common\FCH32.EXE
c:\program files\Pack Securite\Common\filemap.log
c:\program files\Pack Securite\Common\fs.cr
c:\program files\Pack Securite\Common\fs_tm.cr
c:\program files\Pack Securite\Common\FSABOUT.DLL
c:\program files\Pack Securite\Common\FSABTRES.eng
c:\program files\Pack Securite\Common\fsav.ini
c:\program files\Pack Securite\Common\FSAVCS.dpf
c:\program files\Pack Securite\Common\fsavcsin.dll
c:\program files\Pack Securite\Common\fsavcsin.log
c:\program files\Pack Securite\Common\fsbw.dpf
c:\program files\Pack Securite\Common\FSDIAG.exe
c:\program files\Pack Securite\Common\fsdiag_fsgui.ini
c:\program files\Pack Securite\Common\fsdiag_help.ini
c:\program files\Pack Securite\Common\FSDIAGIN.dll
c:\program files\Pack Securite\Common\fsdiags.log
c:\program files\Pack Securite\Common\fsdiagun.log
c:\program files\Pack Securite\Common\FSEXC.DLL
c:\program files\Pack Securite\Common\fsfc.ini
c:\program files\Pack Securite\Common\fsfix.pub
c:\program files\Pack Securite\Common\FSHDLL32.EXE
c:\program files\Pack Securite\Common\FSHOTFIX.eng
c:\program files\Pack Securite\Common\FSHOTFIX.EXE
c:\program files\Pack Securite\Common\fslapi.dll
c:\program files\Pack Securite\Common\fslapi64.dll
c:\program files\Pack Securite\Common\FSLAUNCH.EXE
c:\program files\Pack Securite\Common\fsld.log
c:\program files\Pack Securite\Common\fsldin.dll
c:\program files\Pack Securite\Common\FSM32.EXE
c:\program files\Pack Securite\Common\FSMA.DPF
c:\program files\Pack Securite\Common\FSMA_64.DLL
c:\program files\Pack Securite\Common\FSMA32.DLL
c:\program files\Pack Securite\Common\FSMA32.EXE
c:\program files\Pack Securite\Common\FSMA32S.DLL
c:\program files\Pack Securite\Common\fsmaeng.cnt
c:\program files\Pack Securite\Common\fsmaeng.hlp
c:\program files\Pack Securite\Common\FSMAINST.DLL
c:\program files\Pack Securite\Common\FSMAINST.ENG
c:\program files\Pack Securite\Common\FSMARES.eng
c:\program files\Pack Securite\Common\FSMAUI32.DLL
c:\program files\Pack Securite\Common\FSMAUNIN.DLL
c:\program files\Pack Securite\Common\FSMAURES.eng
c:\program files\Pack Securite\Common\FSMB32.EXE
c:\program files\Pack Securite\Common\FSMRES.eng
c:\program files\Pack Securite\Common\fsms.ini
c:\program files\Pack Securite\Common\fspc.cr
c:\program files\Pack Securite\Common\FSPC.dpf
c:\program files\Pack Securite\Common\fspc.ini
c:\program files\Pack Securite\Common\fspcres.ENG
c:\program files\Pack Securite\Common\fspcres.ENG.xml
c:\program files\Pack Securite\Common\fspm95.vxd
c:\program files\Pack Securite\Common\FSPMAPI.DLL
c:\program files\Pack Securite\Common\FSPMAPI_64.DLL
c:\program files\Pack Securite\Common\FSPMENG.DLL
c:\program files\Pack Securite\Common\fssc.ini
c:\program files\Pack Securite\Common\fsws.bar
c:\program files\Pack Securite\Common\fswscs.dll
c:\program files\Pack Securite\Common\History\ha.bpf
c:\program files\Pack Securite\Common\History\index.txt
c:\program files\Pack Securite\Common\ILAUNCHR.EXE
c:\program files\Pack Securite\Common\LogFile.log
c:\program files\Pack Securite\Common\policy.bpf
c:\program files\Pack Securite\Common\policy.ipf
c:\program files\Pack Securite\Common\policy.ipf.bak
c:\program files\Pack Securite\Common\POLUTIL.EXE
c:\program files\Pack Securite\Common\support.ini
c:\program files\Pack Securite\Common\teceif.tvl
c:\program files\Pack Securite\config.xml.P00000424
c:\program files\Pack Securite\DAAS\ca.pub
c:\program files\Pack Securite\DAAS\daas.dll
c:\program files\Pack Securite\DAAS\daasinst.dll
c:\program files\Pack Securite\DAAS\daasinst.log
c:\program files\Pack Securite\DAAS\fsclm.dll
c:\program files\Pack Securite\FSAUA\bwstate__80
c:\program files\Pack Securite\FSAUA\bwstate_neuf.sp.f-secure.com_80
c:\program files\Pack Securite\FSAUA\content\60PolicyUpdate_PSC7AFA\1\1.bpf
c:\program files\Pack Securite\FSAUA\content\60PolicyUpdate_PSC7AFA\1\info.iad
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\config.xml
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\info.iad
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\META-INF\admin.dfs
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\META-INF\admin.sf
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\META-INF\MANIFEST.MF
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\package.ini
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\common\gres.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\custinfo.ini
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\custinstall.exe
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\custsetup.exe
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\advanced\fsavauires.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-cht.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-csy.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-dan.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-deu.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-ell.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-eng.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-esn.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-eti.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-fin.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-fra.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-hun.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-ita.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-nld.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-nor.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-plk.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-ptb.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-ptg.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-rom.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-rus.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-slv.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-sve.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-trk.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres-zhh.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\password\pcpwdres.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\scan_clean\fsavures.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\dialogs\securitynews\fsavvnres.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\flyer\flyer.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-cht.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-csy.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-dan.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-deu.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-ell.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-eng.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-esn.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-eti.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-fin.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-fra.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-hun.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-ita.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-jpn.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-nld.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-nor.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-plk.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-ptb.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-ptg.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-rom.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-rus.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-slv.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-sve.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-trk.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\main\fsavgres-zhh.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\plugins\parental\fshttps.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\plugins\parental\fspchres.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\plugins\parental\fspcinst.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\plugins\parental\fspcmsie.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\plugins\parental\webroot\images\bmp_pc_arrow.png
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\plugins\parental\webroot\images\bmp_pc_flogo.png
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\plugins\parental\webroot\images\bmp_pc_shadow.png
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\plugins\parental\webroot\pc-ie-kid.htm
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\plugins\parental\webroot\pc-ie-teen.htm
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\plugins\parental\webroot\pctl-profile.htm
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsgui\plugins\spam\fsscmso.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsisu.dll
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsisu95.dll
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsisunt.dll
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-csy.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-dan.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-deu.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-ell.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-eng.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-esn.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-fin.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-fra.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-hun.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-ita.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-nld.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-nor.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-plk.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-ptb.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-ptg.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-slv.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-sve.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres-trk.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\fsma\fsmres.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\help\helpinst.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_all.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_CriticalWarning.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_Errorstate.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_fsdiagui.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_Info.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_Install.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_ispnews.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_newsmessage.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_Progress_100.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_Progress_15.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_Progress_30.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_Progress_45.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_Progress_60.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_Progress_75.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_Progress_90.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_uninstall.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_Unloaded.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\icons\ico_Warning.ico
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\isp news\ispnews.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\background.bmp_380x392.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner.gif
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_advanced_591x59.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_advanced_788x72.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_email_scan_rprt_582x60.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_ispnews.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_level_369x60.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_level_492x74.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_main_563x60.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_main_750x74.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_setup_370x60.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_setup_492x74.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_start-up_563x60.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_start-up_750x74.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_tnb_458x60.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_tnb_610x74.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_virus_news_422x60.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_vs_common_422x60.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\banner_wizard_634x90.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\bmp_about_406x259.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\bmp_progressicon_16x16.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\bmp_splash_208x320.bmp
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\f-securelogo.gif
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\f_icon.gif
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\f_icon_errorstate.gif
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\f_icon_installing.gif
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\f_icon_unloaded.gif
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\f_icon_warning.gif
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\f_icona.gif
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\splash.jpg
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\sys_tray.gif
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\systray_icon_critical_warning.gif
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\systray_icon_download_progress.gif
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\pics\tooltip.gif
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\prodsett.ini
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-cht.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-csy.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-dan.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-deu.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-ell.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-eng.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-esn.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-eti.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-fin.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-fra.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-hun.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-ita.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-jpn.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-nld.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-nor.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-plk.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-ptb.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-ptg.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-rom.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-rus.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-slv.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-sve.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-trk.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\fsguiins-zhh.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-cht.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-csy.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-dan.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-deu.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-ell.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-eng.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-esn.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-eti.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-fin.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-fra.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-hun.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-ita.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-jpn.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-nld.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-nor.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-plk.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-ptb.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-ptg.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-rom.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-rus.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-slv.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-sve.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-trk.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\setup-zhh.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-csy.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-dan.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-deu.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-ell.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-eng.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-esn.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-fin.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-fra.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-hun.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-ita.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-jpn.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-nld.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-nor.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-plk.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-ptb.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-ptg.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-slv.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-sve.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres-trk.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\setup\strres.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\splash\aboutres.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\start-up wizard\fsswgres.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\tnb\tnbres.custom
c:\program files\Pack Securite\FSAUA\content\70CustomResources_PSC7AFA\1\program\tnbconf.ini
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\bootstrap\fsihcomp.exe
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\bootstrap\fsihs.exe
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\bootstrap\fstnb.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\bootstrap\ih8.exe
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\bootstrap\ih8run.exe
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\bootstrap\kleztool.com
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\bootstrap\qklez.exe
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\bootstrap\setup.bmp
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\config.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\aawrm.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\cscozarm.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\dfwunin.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\fsavunin.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\fsprodrm.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\fsremoval.ini
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\fssg.exe
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\fssg.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\fssg_cfg.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\fssgsup.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\fsssinst.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\igpsdet.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\mcafeerm.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\nicrm.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\sophosrm.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\symav9.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\symav9_10.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\trendrm.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\fssg\vsrm.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\preconfig.exe
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\customref.ini
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\fslapi.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\fssetup.customref.ini
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\gres.dll
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.chs.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.cht.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.csy.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.dan.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.deu.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.ell.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.eng.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.esn.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.eti.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.fin.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.fra.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.hun.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.ita.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.jpn.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.nld.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.nor.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.plk.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.ptb.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.ptg.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.rom.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.rus.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.slv.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.sve.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.trk.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\license.zhh.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUI.exe
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIMngr.exe
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.chs.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.cht.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.csy.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.dan.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.deu.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.ell.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.eng
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.eng.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.esn.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.eti.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.fin.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.fra.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.hun.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.ita.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.jpn.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.nld.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.nor.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.plk.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.ptb.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.ptg.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.rom.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.rus.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.slv.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.sve.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.trk.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\setupgui\SetupGUIres.zhh.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\wil.exe
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\configuration\writespid.exe
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\info.iad
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\config.xml
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\info.iad
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\META-INF\admin.dfs
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\META-INF\admin.sf
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\META-INF\MANIFEST.MF
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\package.ini
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\common\gres.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\custinfo.ini
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\custinstall.exe
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\custsetup.exe
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\advanced\fsavauires.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-cht.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-csy.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-dan.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-deu.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-ell.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-eng.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-esn.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-eti.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-fin.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-fra.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-hun.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-ita.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-nld.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-nor.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-plk.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-ptb.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-ptg.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-rom.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-rus.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-slv.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-sve.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-trk.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres-zhh.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\password\pcpwdres.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\scan_clean\fsavures.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\dialogs\securitynews\fsavvnres.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\flyer\flyer.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-cht.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-csy.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-dan.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-deu.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-ell.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-eng.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-esn.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-eti.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-fin.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-fra.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-hun.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-ita.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-jpn.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-nld.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-nor.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-plk.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-ptb.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-ptg.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-rom.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-rus.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-slv.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-sve.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-trk.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\main\fsavgres-zhh.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\plugins\parental\fshttps.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\plugins\parental\fspchres.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\plugins\parental\fspcinst.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\plugins\parental\fspcmsie.custom
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\plugins\parental\webroot\images\bmp_pc_arrow.png
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\plugins\parental\webroot\images\bmp_pc_flogo.png
c:\program files\Pack Securite\FSAUA\content\70Software_PSC7AFA\1\infopaks\customization\program\fsgui\plugins\parental\webroot\images\bmp_pc_shado
Message édité par simant le 01-09-2009 à 11:56:23
bon bon il est trop long pour le message donc je post la fin ici ...
(ça va faire encore trop long du coup je ne mets pas le reste de la suppression du dossier pack sécurité ... elle s'est bien passée !)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FSAUA
-------\Legacy_FSMA
-------\Service_FSAUA
-------\Service_FSMA
((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.
2009-08-31 15:53 . 2009-08-31 15:53 -------- d-----w- C:\rsit
2009-08-30 20:05 . 2009-08-30 20:05 -------- d-----w- c:\windows\ERUNT
2009-08-30 18:33 . 2009-08-30 18:20 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-30 18:31 . 2009-08-30 18:31 -------- d-----w- d:\documents and settings\LocalService\Bureau
2009-08-30 18:18 . 2009-01-18 21:43 2892112 -c--a-w- d:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-08-30 18:18 . 2009-08-30 18:18 -------- dc-h--w- d:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-30 18:18 . 2009-08-30 18:20 -------- d-----w- d:\documents and settings\All Users\Application Data\Lavasoft
2009-08-30 12:53 . 2009-08-30 12:53 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-19 09:10 . 2009-08-19 09:10 -------- d-----w- C:\Fraps
2009-08-13 17:01 . 2009-08-13 17:01 -------- d-----w- c:\windows\ServicePackFiles
2009-08-13 08:49 . 2009-06-05 07:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-05 09:06 . 2009-08-05 09:06 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 21:58 . 2009-08-03 21:58 -------- d-----w- d:\documents and settings\n\Local Settings\Application Data\PCHealth
2009-08-02 20:09 . 2009-08-02 20:09 -------- d-sh--w- d:\documents and settings\NetworkService\IETldCache
2009-08-02 16:25 . 2009-08-02 17:11 -------- d-----w- C:\render
2009-08-02 16:18 . 2009-08-02 16:18 -------- d-----w- d:\documents and settings\n\Application Data\Blender Foundation
2009-08-02 15:59 . 2009-08-02 16:09 -------- d-----w- c:\program files\MagicISO
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 09:40 . 2007-07-02 12:03 -------- d-----w- c:\program files\Pack Securite
2009-08-31 16:57 . 2008-04-27 07:59 -------- d-----w- c:\program files\Microsoft SQL Server
2009-08-31 11:03 . 2007-05-23 14:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-31 10:48 . 2007-05-23 14:35 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-31 09:40 . 2008-08-26 17:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-30 18:18 . 2007-05-24 15:55 -------- d-----w- c:\program files\Lavasoft
2009-08-30 17:38 . 2004-09-23 16:12 557450 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-30 17:38 . 2004-09-23 16:12 102648 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-27 17:55 . 2007-09-08 13:49 -------- d-----w- d:\documents and settings\n\Application Data\teamspeak2
2009-08-25 18:37 . 2008-09-19 14:43 -------- d-----w- d:\documents and settings\n\Application Data\Audacity
2009-08-25 17:48 . 2008-04-26 16:47 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2009-08-25 10:17 . 2007-08-19 17:26 -------- d-----w- d:\documents and settings\n\Application Data\OpenOffice.org2
2009-08-22 09:33 . 2007-04-10 17:15 -------- d-----w- c:\program files\Lionhead Studios Ltd
2009-08-17 16:10 . 2007-07-06 10:20 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2007-07-06 10:20 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2007-07-06 10:20 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-05 20:01 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-05 20:01 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2007-07-06 10:20 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2007-07-06 10:20 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2007-07-06 10:20 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2007-07-06 10:20 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:06 . 2008-11-02 12:57 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 14:30 . 2008-07-16 10:24 -------- d-----w- d:\documents and settings\n\Application Data\Apple Computer
2009-08-03 11:36 . 2008-08-26 17:02 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-08-26 17:02 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 09:05 . 2009-08-02 09:05 -------- d-----w- d:\documents and settings\LocalService\Application Data\DivX
2009-08-01 21:31 . 2009-08-01 21:31 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-08-01 21:28 . 2006-10-09 06:26 -------- d-----w- c:\program files\Fichiers communs\Real
2009-08-01 21:05 . 2009-08-01 21:05 -------- d-----w- c:\program files\CamStudio
2009-08-01 10:48 . 2009-08-01 10:48 -------- d-----w- c:\program files\bobyte
2009-07-31 13:40 . 2009-07-31 13:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-30 16:59 . 2009-04-24 17:56 -------- d-----w- d:\documents and settings\n\Application Data\HPAppData
2009-07-17 18:56 . 2008-11-02 12:57 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:19 . 2009-05-15 19:46 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-17 16:18 . 2009-05-15 19:46 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-17 13:43 . 2009-05-15 19:46 139152 ----a-w- d:\documents and settings\n\Application Data\PnkBstrK.sys
2009-07-17 13:43 . 2009-05-15 19:46 139152 ----a-w- d:\documents and settings\n\Application Data\PnkBstrK.sys
2009-07-17 13:43 . 2009-05-15 19:45 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-13 21:43 . 2004-09-23 16:13 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:57 . 2004-09-23 16:11 915456 ------w- c:\windows\system32\wininet.dll
2009-06-29 10:10 . 2007-08-23 11:35 211400 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-06-25 18:36 . 2008-11-02 12:57 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2008-11-02 12:57 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:36 . 2008-11-02 12:57 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2008-11-02 12:57 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2008-11-02 12:57 527360 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2008-11-02 12:57 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2008-11-02 12:57 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2008-11-02 12:57 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2008-11-02 12:57 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2008-11-02 12:57 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2008-11-02 12:57 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2008-11-02 12:57 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 14:36 . 2009-07-17 13:24 1291640 ----a-w- d:\documents and settings\n\Application Data\Mozilla\Firefox\Profiles\bewerzgr.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-25 14:36 . 2009-07-17 13:24 729088 ----a-w- d:\documents and settings\n\Application Data\Mozilla\Firefox\Profiles\bewerzgr.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-25 08:18 . 2008-11-02 12:57 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:18 . 2008-11-02 12:57 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:18 . 2008-11-02 12:57 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:18 . 2008-11-02 12:57 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:18 . 2008-11-02 12:57 736256 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:18 . 2008-11-02 12:57 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:49 . 2008-11-02 12:57 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2008-11-02 12:57 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2008-11-02 12:57 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2008-11-02 12:57 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:35 . 2008-11-02 12:57 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:54 . 2008-11-02 12:57 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:54 . 2008-11-02 12:57 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 11:33 . 2008-11-02 12:57 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 11:32 . 2008-11-02 12:57 82944 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:23 . 2008-11-02 12:57 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:30 . 2008-11-02 12:57 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-06 16:57 . 2009-06-06 16:57 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-05 07:46 . 2008-11-02 12:57 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:24 . 2008-11-02 12:57 1297408 ----a-w- c:\windows\system32\quartz.dll
2007-01-30 20:22 . 2007-01-30 20:22 408665 -c--a-w- c:\program files\instdb.inf
2007-01-30 20:22 . 2007-01-30 20:22 52876 -c--a-w- c:\program files\setup.log
2007-01-30 20:22 . 2007-01-30 20:22 773 ----a-w- c:\program files\OFFICE One 6.5.lnk
2007-01-30 20:22 . 2007-01-30 20:22 761 ----a-w- c:\program files\OFFICE One Setup.lnk
2004-03-08 05:00 . 2004-03-08 05:00 7 -c--a-w- c:\program files\ooversion.txt
2004-03-08 05:00 . 2004-03-08 05:00 20680 -c--a-w- c:\program files\license.txt
2004-03-08 05:00 . 2004-03-08 05:00 17 -c--a-w- c:\program files\license.html
2004-03-08 05:00 . 2004-03-08 05:00 15 -c--a-w- c:\program files\readme.txt
2004-03-08 05:00 . 2004-03-08 05:00 0 -c--a-w- c:\program files\readme.html
.
((((((((((((((((((((((((((((( SnapShot@2009-08-31_11.16.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-01 08:58 . 2009-09-01 08:58 16384 c:\windows\Temp\Perflib_Perfdata_f8.dat
- 2009-08-31 11:14 . 2009-08-31 11:14 16384 c:\windows\Temp\Perflib_Perfdata_714.dat
+ 2009-09-01 09:41 . 2009-09-01 09:41 16384 c:\windows\Temp\Perflib_Perfdata_714.dat
+ 2009-06-25 08:18 . 2009-06-25 08:18 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2009-02-03 20:10 . 2009-06-25 08:18 56320 c:\windows\system32\dllcache\secur32.dll
+ 2009-06-22 11:35 . 2009-06-22 11:35 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2008-11-02 12:57 . 2009-02-06 18:46 408064 c:\windows\system32\netlogon.dll
+ 2008-11-02 12:57 . 2009-06-25 08:18 168448 c:\windows\system32\dllcache\schannel.dll
+ 2009-02-06 18:46 . 2009-02-06 18:46 408064 c:\windows\system32\dllcache\netlogon.dll
+ 2009-06-25 08:18 . 2009-06-25 08:18 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2008-11-02 12:57 . 2009-06-25 08:18 736256 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:18 . 2009-06-25 08:18 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-08-31 16:55 . 2009-08-31 16:55 817152 c:\windows\Installer\119bb9e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-03-18 630784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"MM_MODULE"="c:\program files\MIC\HAWAII\Hawaii.exe" [2005-11-16 121856]
"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2005-08-12 1859584]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-11 31232]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-08-30 520024]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"NECHotkey"="mHotkey.exe" - c:\windows\mHotkey.exe [2006-01-11 548864]
"atwtusb"="atwtusb.exe" - c:\windows\system32\ATWTUSB.EXE [2005-09-21 290816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-6-28 40960]
Picture Package Menu.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe [2008-4-5 151552]
Picture Package VCD Maker.lnk - c:\program files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe [2008-4-5 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2005-08-12 15:01 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\D:^Documents and Settings^n^Menu Démarrer^Programmes^Démarrage^OFFICE One 6.5.lnk]
path=d:\documents and settings\n\Menu Démarrer\Programmes\Démarrage\OFFICE One 6.5.lnk
backup=c:\windows\pss\OFFICE One 6.5.lnkStartup
[HKLM\~\startupfolder\D:^Documents and Settings^n^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk]
path=d:\documents and settings\n\Menu Démarrer\Programmes\Démarrage\Yahoo! Widget Engine.lnk
backup=c:\windows\pss\Yahoo! Widget Engine.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\JEUX 2\\empire of sport\\Empire of Sports\\NetworkDiagnostic.exe"=
"d:\\JEUX 2\\empire of sport\\Empire of Sports\\EmpireOfSports.exe"=
"d:\\Documents and Settings\\n\\Local Settings\\Application Data\\F4\\ClientUpdater\\ClientUpdater.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\JEUX 2\\arma\\ArmADemo\\ArmADemo.exe"=
"d:\\JEUX 2\\Left 4 Dead\\Left 4 Dead\\left4dead.exe"=
"d:\\JEUX 2\\BF 1942\\BF1942.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30/08/2009 20:20 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [05/04/2008 22:01 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/04/2008 22:01 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/01/2009 23:04 210216]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [09/10/2006 08:11 882688]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [09/10/2006 08:13 7040]
S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [26/12/2007 18:25 22272]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 MosIrUsb;MosIrUsb.sys;c:\windows\system32\drivers\MosIrUsb.sys [14/04/2004 14:52 20736]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/02/2007 05:29 29178224]
S3 USBModem000;LGE Mobile USB Modem TC;c:\windows\system32\drivers\usbser.sys [02/11/2008 14:57 25600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 18:20]
2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2009-09-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.mini15.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: localhost
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - d:\documents and settings\n\Application Data\Mozilla\Firefox\Profiles\bewerzgr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Deezer
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppl3260.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nprpjplug.dll
FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: d:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: d:\documents and settings\n\Application Data\Mozilla\Firefox\Profiles\bewerzgr.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 11:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2406763803-1347832285-3105926710-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9c,26,e4,b7,e2,0e,c6,88,9b,d7,37,60,f4,15,b8,72,c6,d9,60,51,bf,fd,87,
ca,7f,74,d1,5f,2c,6e,f5,f0,24,3e,53,80,9e,67,9a,c4,d8,dd,bb,2c,15,98,07,ab,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(844)
c:\apps\Softex\OmniPass\opxpgina.dll
- - - - - - - > 'explorer.exe'(2656)
c:\program files\RocketDock\RocketDock.dll
c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\apps\Softex\OmniPass\SCUREDLL.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\apps\Softex\OmniPass\OmniServ.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\apps\Softex\OmniPass\OPXPApp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Fingerprint Sensor\ATSwpNav.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-09-01 11:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-01 09:51
ComboFix2.txt 2009-08-31 11:25
Pre-Run: 2 275 856 384 octets libres
Post-Run: 2 175 492 096 octets libres
2811 --- E O F --- 2009-09-01 08:54
d'après toi :
mon infection est bel et bien réglée ?
il y a d'autre truc dont je pourrais me passer lors du démarrage de windows (qui est très long !) ?
Vois-tu pourquoi ce démarrage windows est si long ?
Tu changerais Avast contre Antivir ?
Merci d'avance pour les réponses ! Dit moi quand je pourrais mettre "résolu"
Pour le moment tout roule mais j'attends quand même tes indications pour être sûr !
- Menu Démarrer > Exécuter > Tape combofix /u et valide.
| Citation : mon infection est bel et bien réglée ? |
--> Il semblerait.
| Citation : il y a d'autre truc dont je pourrais me passer lors du démarrage de windows (qui est très long !) ?
|
--> Depuis quand ?
| Citation : Tu changerais Avast contre Antivir ? |
--> C'est déjà fait.
Cool je te remercie !
Sinon mon ordi est lent au démarrage depuis son acquisition ! (c'est un packard bell , 3 ans d'age , Core 2 duo 2ghz , 2 giga de ram , XP SP 2 , environ 500 go de disque dur utilisé une carte graphique Nvidia 8800 GTX (même si je pense que ça change rien ^^)
tu vois des programmes au démarrage inutile ? Des astuces pour qu'il soit plus rapide ?
sinon quand je te demandais si tu changerais Avast contre Antivir je voulais avoir ton avis ... quels sont les avantages de Antivir et surtout est-il toujours en Anglais ? (J'ai pas trop de mal avec l'Anglais mais bon dans la précipitation en cas de virus ...) comment passer de Avast à Antivir etc etc ...
sinon tu penses que je peux mettre résolu ?
J'ai repassé un coup de Mbam un coup d'avast et rien d'anormal ... je peux remettre Spybot et TeaTimer (que j'avais enlevé pour Combofix) ?
Message édité par simant le 01-09-2009 à 14:02:01
Poste un nouveau rapport HijackThis.
AntiVir est en français. Il reconnaît les nouvelles infections plus rapidement qu'Avast. Le seul truc que je trouve embêtant, c'est le popup AntiVir à chaque mise à jour mais c'est désactivable.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:16:49, on 01/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\MIC\HAWAII\Hawaii.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Documents and Settings\n\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini15.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MM_MODULE] C:\Program Files\MIC\HAWAII\Hawaii.exe
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll (file missing)
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/ga [...] n11USA.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn. [...] tPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 12712 bytes
Avec CCleaner, tu as la possibilité de désactiver des programmes qui se lancent au démarrage.
Je m'absente.
Il y a 2946 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
