> Tous les forumsSécurité

 arnaque boonty comment le virer?
Statut du sujet : NON RESOLU Imprimer
 rafiot689
  Posté le 06/01/2009 @ 00:55  
 Petit astucien

168 Messages

Salut je voudrais avoir la procédure pour virer cette merde qui pille notre vie privée

merci de votre précieuse aide

 
 Aller en bas de la page  
 
Publicité
 Anonyme  Posté le 06/01/2009 à 01:10  
  Maître astucien

11806 Messages

Bonsoir rafiot689,

pour une meilleure réponse, télécharge le logiciel HijackThis v 2.0.2
Lien de téléchargement et démo en image.
Puis fais un scan et poste l' analyse.

A+ tard.


 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 rafiot689  Posté le 06/01/2009 à 01:27  
Petit astucien

168 Messages

info.txt logfile of random's system information tool 1.05 2009-01-05 22:02:22

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->MsiExec /X{27DC856A-0916-4988-8198-8714DDD3183D}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
AGEIA PhysX v7.05.17-->MsiExec.exe /X{27DC856A-0916-4988-8198-8714DDD3183D}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x001d
Avira antivir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Ciel Comptes Personnels 6.0-->MsiExec.exe /I{04660D14-69E6-4585-95AF-5C96C0D624BF}
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -ILEOHERza.INF
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
ESU for Microsoft Vista-->MsiExec.exe /I{AD3FDC40-BCF4-476D-A2D6-C4B154DD9DF5}
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Freecorder 2.3 (with Skype Call Recording)-->C:\Windows\iun6002.exe "C:\Program Files\Freecorder\irunin.ini"
Freecorder Toolbar 3.02 Application-->"C:\Windows\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml"
Garmin Communicator Plugin-->MsiExec.exe /X{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}
Garmin POI Loader-->MsiExec.exe /X{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}
Garmin WebUpdater-->MsiExec.exe /X{366FFC89-C800-4366-B903-B9C4314109A5}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly
Google Talk Plugin-->MsiExec.exe /I{DFB48451-4F78-33DC-BC42-8C403C74939F}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -I*.INF
HijackThis 2.0.2-->"C:\Users\raphael\Downloads\HijackThis.exe" /uninstall
HP DVD Play 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Help and Support-->MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe
LightScribe System Software 1.10.19.1-->MsiExec.exe /X{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WorldWide Telescope-->MsiExec.exe /I{3F692FA9-348B-4264-B4EA-DE6BFA45D8AE}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.42-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x001d -removeonly
OpenOffice.org 3.0 Language Pack (French)-->MsiExec.exe /I{2A0DB319-6365-4876-B7D8-994A79AA1329}
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u
PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}
QuickPlay SlingPlayer 0.4.6-->"C:\Program Files\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x001d -removeonly
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Ston3D Web Player 1.6.0.0-->C:\Program Files\StoneTrip\Player\Ston3D Web Player-uninst.exe
TagScanner 5.0 build 525-->"C:\Program Files\TagScanner\unins000.exe"
Terragen 2 Free Edition (Beta)-->MsiExec.exe /I{4A5D4604-EA08-4EDC-8EE7-A004946FB016}
Total Uninstall 5.0.2-->"C:\Program Files\Total Uninstall 5\unins000.exe"
Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Vuze-->C:\Program Files\Vuze\uninstall.exe
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Windows Defender

System event log

Computer Name: raphael-dator
Event Code: 7001
Message: Le service Service Liste des réseaux dépend du service Connaissance des emplacements réseau qui n'a pas pu démarrer en raison de l'erreur :
Le service ou le groupe de dépendance n'a pas pu démarrer.
Record Number: 19241
Source Name: Service Control Manager
Time Written: 20090105205759.000000-000
Event Type: Erreur
User:

Computer Name: raphael-dator
Event Code: 7001
Message: Le service Service Liste des réseaux dépend du service Connaissance des emplacements réseau qui n'a pas pu démarrer en raison de l'erreur :
Le service ou le groupe de dépendance n'a pas pu démarrer.
Record Number: 19242
Source Name: Service Control Manager
Time Written: 20090105205759.000000-000
Event Type: Erreur
User:

Computer Name: raphael-dator
Event Code: 7001
Message: Le service Service Liste des réseaux dépend du service Connaissance des emplacements réseau qui n'a pas pu démarrer en raison de l'erreur :
Le service ou le groupe de dépendance n'a pas pu démarrer.
Record Number: 19243
Source Name: Service Control Manager
Time Written: 20090105205759.000000-000
Event Type: Erreur
User:

Computer Name: raphael-dator
Event Code: 7036
Message: Le service Services de base de module de plateforme sécurisée est entré dans l'état : arrêté.
Record Number: 19244
Source Name: Service Control Manager
Time Written: 20090105205833.000000-000
Event Type: Information
User:

Computer Name: raphael-dator
Event Code: 537
Message: Aucun périphérique de sécurité du module de plateforme sécurisée compatible trouvé sur cet ordinateur. Impossible de démarrer les services de base de module de plateforme sécurisée.
Record Number: 19245
Source Name: Microsoft-Windows-TBS
Time Written: 20090105205833.095397-000
Event Type: Information
User: AUTORITE NT\SERVICE LOCAL

Application event log

Computer Name: raphael-dator
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 3541
Source Name: Microsoft-Windows-WMI
Time Written: 20090105205759.000000-000
Event Type: Erreur
User:

Computer Name: raphael-dator
Event Code: 3006
Message: Impossible de lire les chaînes du compteur de performance défini pour l'ID de langue 00C. Le premier DWORD de la section Data contient le code d'erreur Win32.
Record Number: 3542
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090105210209.000000-000
Event Type: Avertissement
User:

Computer Name: raphael-dator
Event Code: 1001
Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été supprimés. Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système et les dernières entrées du registre d'aide.
Record Number: 3543
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090105210209.000000-000
Event Type: Information
User:

Computer Name: raphael-dator
Event Code: 3006
Message: Impossible de lire les chaînes du compteur de performance défini pour l'ID de langue 00C. Le premier DWORD de la section Data contient le code d'erreur Win32.
Record Number: 3544
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090105210209.000000-000
Event Type: Avertissement
User:

Computer Name: raphael-dator
Event Code: 1000
Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été chargés. Les données d'enregistrement dans la section des données contiennent les nouvelles valeurs d'index assignées à ce service.
Record Number: 3545
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090105210209.000000-000
Event Type: Information
User:

Security event log

Computer Name: raphael-dator
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 6640
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105210220.856857-000
Event Type: Échec de l'audit
User:

Computer Name: raphael-dator
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 6641
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105210220.872457-000
Event Type: Échec de l'audit
User:

Computer Name: raphael-dator
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 6642
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105210220.903657-000
Event Type: Échec de l'audit
User:

Computer Name: raphael-dator
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 6643
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105210220.919257-000
Event Type: Échec de l'audit
User:

Computer Name: raphael-dator
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 6644
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105210220.934857-000
Event Type: Échec de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------

Revenir en haut de la page

Logfile of random's system information tool 1.05 (written by random/random)
Run by raphael at 2009-01-05 22:02:07
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 107 GB (70%) free of 153 GB
Total RAM: 2037 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:21, on 05/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\raphael\Desktop\RSIT.exe
C:\Users\raphael\Downloads\raphael.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: KeyScramblerBHO Class - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Omemo] C:\Program Files\Omemo\Omemo.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\raphael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: StartVista1.lnk = ?
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Lavasoft Ad-aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira antivir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira antivir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6341 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2346639680-523251181-4089467162-1000.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
KeyScramblerBHO Class - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2009-01-05 804840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-05 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-08-16 218408]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-08-28 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-08-28 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-08-28 137752]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-19 468264]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-12-21 217088]
"ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-05 185872]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"Omemo"=C:\Program Files\Omemo\Omemo.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-10-18 455968]
"Google Update"=C:\Users\raphael\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-12 133104]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyInsights]
C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
StartVista1.lnk - C:\WINDOWS\INSTALL\StartVista1.cmd

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-08-20 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fbc1fe6-aa56-11dd-be47-001eec781004}]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37d659a-d9be-11dd-80da-001eec781004}]
shell\AutoRun\command - E:\LaunchU3.exe


======List of files/folders created in the last 1 months======

2009-01-05 22:02:07 ----D---- C:\rsit
2009-01-05 18:37:00 ----D---- C:\Program Files\Lavalys
2009-01-05 17:46:23 ----A---- C:\Windows\ntbtlog.txt
2009-01-05 12:16:14 ----D---- C:\ProgramData\Martau
2009-01-05 12:16:13 ----D---- C:\Program Files\Total Uninstall 5
2009-01-05 12:15:13 ----AD---- C:\ProgramData\TEMP
2009-01-05 12:15:11 ----A---- C:\Windows\system32\MSSTDFMT.DLL
2009-01-05 12:15:10 ----D---- C:\Program Files\SpywareBlaster
2009-01-05 10:31:38 ----D---- C:\Users\raphael\AppData\Roaming\Malwarebytes
2009-01-05 10:31:34 ----D---- C:\ProgramData\Malwarebytes
2009-01-05 10:31:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-04 23:29:04 ----D---- C:\Program Files\DNA
2009-01-04 22:05:11 ----D---- C:\ProgramData\Azureus
2009-01-04 22:04:59 ----D---- C:\Users\raphael\AppData\Roaming\Azureus
2009-01-04 22:03:40 ----D---- C:\Program Files\Vuze
2009-01-04 22:01:54 ----D---- C:\Users\raphael\AppData\Roaming\uk.co.planetside
2009-01-04 22:01:29 ----D---- C:\Users\raphael\AppData\Roaming\Planetside Software
2009-01-04 21:04:49 ----SHD---- C:\omemoData
2009-01-04 20:46:19 ----D---- C:\Users\raphael\AppData\Roaming\mIRC
2009-01-04 19:06:53 ----D---- C:\Program Files\Planetside Software
2009-01-03 17:47:25 ----D---- C:\Users\raphael\AppData\Roaming\PeerNetworking
2009-01-02 18:01:17 ----D---- C:\Python25
2009-01-02 17:55:19 ----D---- C:\Users\raphael\AppData\Roaming\Blender Foundation
2009-01-02 17:55:17 ----D---- C:\Program Files\Blender Foundation
2009-01-02 17:46:26 ----D---- C:\Users\raphael\AppData\Roaming\LimeWire
2009-01-02 17:46:06 ----D---- C:\Program Files\LimeWire
2009-01-01 18:11:57 ----D---- C:\Windows\Freecorder Toolbar
2009-01-01 18:11:57 ----D---- C:\Program Files\Freecorder Toolbar
2009-01-01 18:04:17 ----A---- C:\Windows\iun6002.exe
2009-01-01 18:04:16 ----D---- C:\Program Files\Freecorder
2008-12-31 10:23:11 ----D---- C:\Program Files\ToniArts
2008-12-29 19:10:10 ----D---- C:\Users\raphael\AppData\Roaming\StoneTrip
2008-12-24 17:23:59 ----A---- C:\Windows\system32\javaws.exe
2008-12-24 17:23:59 ----A---- C:\Windows\system32\javaw.exe
2008-12-24 17:23:59 ----A---- C:\Windows\system32\java.exe
2008-12-20 15:28:36 ----D---- C:\Program Files\1st Mp3 tag Editor
2008-12-20 10:49:57 ----D---- C:\Users\raphael\AppData\Roaming\GARMIN
2008-12-20 10:49:21 ----D---- C:\Program Files\Garmin GPS Plugin
2008-12-20 10:38:31 ----D---- C:\Garmin
2008-12-18 22:18:08 ----D---- C:\ProgramData\OrbNetworks
2008-12-18 22:18:02 ----D---- C:\Program Files\Winamp Remote
2008-12-18 22:17:09 ----N---- C:\Windows\system32\pxinsa64.exe
2008-12-18 22:17:09 ----N---- C:\Windows\system32\pxhpinst.exe
2008-12-18 22:17:09 ----N---- C:\Windows\system32\pxcpya64.exe
2008-12-18 22:17:09 ----N---- C:\Windows\system32\pxafs.dll
2008-12-18 22:17:08 ----N---- C:\Windows\system32\vxblock.dll
2008-12-18 22:17:08 ----N---- C:\Windows\system32\pxwave.dll
2008-12-18 22:17:08 ----N---- C:\Windows\system32\pxsfs.dll
2008-12-18 22:17:08 ----N---- C:\Windows\system32\pxmas.dll
2008-12-18 22:17:08 ----N---- C:\Windows\system32\pxdrv.dll
2008-12-18 22:17:08 ----N---- C:\Windows\system32\px.dll
2008-12-18 22:17:01 ----D---- C:\Users\raphael\AppData\Roaming\Winamp
2008-12-18 22:17:01 ----D---- C:\Program Files\Winamp
2008-12-18 21:46:57 ----D---- C:\Users\raphael\AppData\Roaming\Apple Computer
2008-12-18 21:46:19 ----A---- C:\Windows\system32\GEARAspi.dll
2008-12-18 21:46:18 ----DC---- C:\Windows\system32\DRVSTORE
2008-12-18 21:46:01 ----D---- C:\Program Files\iPod
2008-12-18 21:45:58 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-18 21:45:58 ----D---- C:\Program Files\iTunes
2008-12-18 21:45:16 ----D---- C:\Program Files\Bonjour
2008-12-18 21:03:37 ----D---- C:\Program Files\The GodFather
2008-12-18 20:48:58 ----D---- C:\Users\raphael\AppData\Roaming\Mp3tag
2008-12-18 20:48:36 ----D---- C:\Program Files\Mp3tag
2008-12-18 19:39:57 ----D---- C:\Program Files\TagScanner
2008-12-18 15:30:50 ----D---- C:\Users\raphael\AppData\Roaming\RapidSolution
2008-12-18 15:17:32 ----D---- C:\Program Files\PixiePack Codec Pack
2008-12-18 15:15:34 ----D---- C:\ProgramData\RapidSolution
2008-12-18 03:01:32 ----A---- C:\Windows\system32\mshtml.dll
2008-12-17 00:12:34 ----D---- C:\ProgramData\LightScribe
2008-12-17 00:03:22 ----D---- C:\Program Files\Atheros(5)
2008-12-16 22:35:54 ----D---- C:\Program Files\Broadcom
2008-12-16 17:42:54 ----D---- C:\Program Files\RegCleaner
2008-12-16 17:03:43 ----D---- C:\Program Files\Lavasoft
2008-12-16 16:57:12 ----D---- C:\ProgramData\Avira
2008-12-16 16:57:12 ----D---- C:\Program Files\Avira
2008-12-13 19:53:00 ----D---- C:\Program Files\Crawler
2008-12-12 13:36:17 ----A---- C:\Windows\system32\acXMLParser.dll
2008-12-12 13:36:16 ----A---- C:\Windows\system32\cdintf300.dll
2008-12-12 13:36:15 ----D---- C:\Program Files\Common Files\MSSoap
2008-12-12 13:36:13 ----D---- C:\Program Files\Common Files\Ciel
2008-12-12 13:36:06 ----D---- C:\ProgramData\Ciel
2008-12-12 13:36:06 ----D---- C:\Program Files\Ciel
2008-12-11 08:43:56 ----A---- C:\Windows\explorer.exe
2008-12-11 08:43:53 ----A---- C:\Windows\system32\gdi32.dll
2008-12-11 08:43:46 ----A---- C:\Windows\system32\shell32.dll
2008-12-11 08:43:38 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-11 08:43:36 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-11 08:43:30 ----A---- C:\Windows\system32\urlmon.dll
2008-12-11 08:43:30 ----A---- C:\Windows\system32\ieframe.dll
2008-12-11 08:43:29 ----A---- C:\Windows\system32\wininet.dll
2008-12-11 08:43:29 ----A---- C:\Windows\system32\mstime.dll
2008-12-11 08:43:28 ----A---- C:\Windows\system32\iertutil.dll
2008-12-11 08:43:27 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-11 08:43:24 ----A---- C:\Windows\system32\mf.dll
2008-12-11 08:43:23 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-11 08:43:22 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-11 08:43:22 ----A---- C:\Windows\system32\logagent.exe
2008-12-09 10:58:56 ----D---- C:\Users\raphael\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2008-12-09 10:58:56 ----D---- C:\ProgramData\Adobe
2008-12-09 10:58:48 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-12-07 16:24:53 ----D---- C:\Windows\system32\Adobe
2008-12-07 14:48:29 ----D---- C:\ProgramData\WindowsSearch
2008-12-06 22:57:42 ----A---- C:\Windows\ST4UNST.EXE
2008-12-06 20:16:25 ----A---- C:\Windows\system32\DBCLIENT.DLL
2008-12-06 20:16:24 ----D---- C:\Program Files\Common Files\Borland Shared
2008-12-06 20:15:55 ----D---- C:\Program Files\VBW
2008-12-06 19:37:28 ----D---- C:\Users\raphael\AppData\Roaming\gtk-2.0
2008-12-06 19:31:49 ----D---- C:\Program Files\Common Files\PC SOFT
2008-12-06 18:57:13 ----D---- C:\Windows\Downloaded Installations
2008-12-06 18:22:26 ----D---- C:\Users\raphael\AppData\Roaming\emcpuser
2008-12-06 18:21:19 ----D---- C:\Users\raphael\AppData\Roaming\Emjysoft
2008-12-06 18:10:16 ----D---- C:\Users\raphael\AppData\Roaming\OMP
2008-12-06 16:40:30 ----D---- C:\Users\raphael\AppData\Roaming\Grisbi
2008-12-06 11:14:09 ----D---- C:\Users\raphael\AppData\Roaming\AlauxSoft

======List of files/folders modified in the last 1 months======

2009-01-05 22:02:09 ----D---- C:\Windows\System32
2009-01-05 22:02:09 ----D---- C:\Windows\inf
2009-01-05 22:02:09 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-05 21:52:56 ----D---- C:\Windows\Temp
2009-01-05 21:05:24 ----D---- C:\Windows\Minidump
2009-01-05 21:05:15 ----D---- C:\Windows
2009-01-05 19:58:59 ----D---- C:\Program Files\Alwil Software
2009-01-05 19:58:58 ----D---- C:\Windows\system32\drivers
2009-01-05 18:55:39 ----SHD---- C:\System Volume Information
2009-01-05 18:37:00 ----RD---- C:\Program Files
2009-01-05 17:55:18 ----D---- C:\Windows\Prefetch
2009-01-05 13:56:54 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-01-05 13:33:08 ----HD---- C:\ProgramData
2009-01-05 13:29:51 ----SD---- C:\ProgramData\Microsoft
2009-01-05 12:52:51 ----D---- C:\Program Files\KeyScrambler
2009-01-05 12:15:30 ----D---- C:\Program Files\Mozilla Firefox
2009-01-05 03:35:21 ----D---- C:\Windows\system32\catroot2
2009-01-05 01:37:19 ----A---- C:\Windows\DUMP44fb.tmp
2009-01-04 19:07:00 ----SHD---- C:\Windows\Installer
2009-01-03 18:48:28 ----D---- C:\Windows\system32\wbem
2009-01-03 18:47:44 ----D---- C:\Windows\Tasks
2009-01-03 18:47:43 ----D---- C:\Windows\system32\spool
2009-01-03 18:47:40 ----D---- C:\Users\raphael\AppData\Roaming\vlc
2009-01-03 18:47:36 ----D---- C:\Users\raphael\AppData\Roaming\MiniLyrics
2009-01-03 18:47:34 ----D---- C:\Users\raphael\AppData\Roaming\dvdcss
2009-01-03 18:47:30 ----D---- C:\Windows\registration
2009-01-03 18:47:30 ----D---- C:\Program Files\CCleaner
2009-01-03 18:32:52 ----D---- C:\Windows\system32\config
2009-01-03 17:06:01 ----D---- C:\Windows\system32\LogFiles
2009-01-03 01:00:23 ----D---- C:\Users\raphael\AppData\Roaming\U3
2009-01-01 01:07:01 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-01 01:06:12 ----D---- C:\Program Files\Google
2008-12-31 10:59:13 ----D---- C:\Users\raphael\AppData\Roaming\uTorrent
2008-12-30 17:53:31 ----D---- C:\Windows\system32\Tasks
2008-12-24 17:23:58 ----D---- C:\Program Files\Java
2008-12-22 16:42:13 ----D---- C:\Windows\system32\WDI
2008-12-20 11:04:59 ----SD---- C:\Users\raphael\AppData\Roaming\Microsoft
2008-12-20 10:41:02 ----D---- C:\Windows\system32\catroot
2008-12-18 21:45:58 ----D---- C:\ProgramData\Apple Computer
2008-12-18 21:43:32 ----D---- C:\Program Files\Common Files\Apple
2008-12-18 03:02:01 ----D---- C:\Windows\winsxs
2008-12-17 02:40:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-17 01:48:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-17 01:27:53 ----D---- C:\Windows\system32\Msdtc
2008-12-17 01:26:38 ----RSD---- C:\Windows\Media
2008-12-17 01:26:38 ----D---- C:\Windows\system32\migration
2008-12-17 01:26:38 ----D---- C:\Program Files\Internet Explorer
2008-12-17 01:26:30 ----D---- C:\Windows\system32\zh-TW
2008-12-17 01:26:30 ----D---- C:\Windows\system32\zh-CN
2008-12-17 01:26:30 ----D---- C:\Windows\system32\tr-TR
2008-12-17 01:26:30 ----D---- C:\Windows\system32\sv-SE
2008-12-17 01:26:30 ----D---- C:\Windows\system32\ru-RU
2008-12-17 01:26:30 ----D---- C:\Windows\system32\pt-PT
2008-12-17 01:26:30 ----D---- C:\Windows\system32\pl-PL
2008-12-17 01:26:30 ----D---- C:\Windows\system32\nn-NO
2008-12-17 01:26:30 ----D---- C:\Windows\system32\nl-NL
2008-12-17 01:26:30 ----D---- C:\Windows\system32\ko-KR
2008-12-17 01:26:30 ----D---- C:\Windows\system32\ja-JP
2008-12-17 01:26:30 ----D---- C:\Windows\system32\it-IT
2008-12-17 01:26:30 ----D---- C:\Windows\system32\hu-HU
2008-12-17 01:26:30 ----D---- C:\Windows\system32\fr-FR
2008-12-17 01:26:30 ----D---- C:\Windows\system32\fi-FI
2008-12-17 01:26:30 ----D---- C:\Windows\system32\es-ES
2008-12-17 01:26:30 ----D---- C:\Windows\system32\en-US
2008-12-17 01:26:30 ----D---- C:\Windows\system32\el-GR
2008-12-17 01:26:29 ----D---- C:\Windows\system32\de-DE
2008-12-17 01:26:29 ----D---- C:\Windows\system32\da-DK
2008-12-17 01:26:29 ----D---- C:\Windows\system32\cs-CZ
2008-12-17 01:26:29 ----D---- C:\Windows\system32\CodeIntegrity
2008-12-17 01:26:20 ----D---- C:\Program Files\Common Files
2008-12-17 01:26:19 ----D---- C:\Program Files\Atheros
2008-12-17 01:26:18 ----D---- C:\Boonty
2008-12-16 23:39:31 ----D---- C:\ProgramData\Atheros
2008-12-16 22:35:41 ----D---- C:\swsetup
2008-12-16 18:42:40 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-12 08:45:19 ----D---- C:\Windows\Debug
2008-12-12 08:34:53 ----D---- C:\Windows\AppPatch
2008-12-12 08:34:53 ----D---- C:\Program Files\Windows Mail
2008-12-11 19:51:33 ----D---- C:\Windows\Logs
2008-12-10 00:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-09 10:57:50 ----D---- C:\Users\raphael\AppData\Roaming\Adobe
2008-12-07 16:26:43 ----D---- C:\Windows\system32\Macromed
2008-12-07 00:21:18 ----RSD---- C:\Windows\Fonts
2008-12-06 23:40:14 ----D---- C:\Program Files\Common Files\microsoft shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-01-08 165424]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 KeyScrambler;KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [2008-06-24 113896]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
S3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-02-27 201728]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-01-04 38496]
S3 MSKSSRV;Tjänstproxy för Microsoft-direktuppspelning; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Klockproxy för Microsoft-direktuppspelning; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Kvalitetshanteringsproxy för Microsoft-direktuppspelning; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Tee/Sink-to-Sink-konverterare för Microsoft-direktuppspelning; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-04-24 50176]
S3 usbvideo;USB-videoenhet (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-12-17 611664]
S2 AntiVirScheduler;Planificateur Avira antivir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
S2 AntiVirService;Avira antivir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-10-18 79136]
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-11-09 69120]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]

-----------------EOF-----------------

 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
 Anonyme  Posté le 06/01/2009 à 03:03  
  Maître astucien

11806 Messages

Re,

désactive le Contrôle des comptes utilisateurs (UAC, tu le réactiveras après la désinfection) :

- Va dans démarrer>Panneau de configuration
- Double-clique sur l' icône Comptes d' utilisateurs
- Clique ensuite sur désactiver puis valide

*Télécharge LOP S&D (merci Eric71) : http://eric.71.mespages.googlepages.com/lop.sd.exe
-Double-clique dessus pour lancer l' installation, puis sur le raccourci présent sur ton Bureau
-Fais démarrer>Exécuter et copie-colle :

"%SystemDrive%\Lop SD\LopSD" /boo

-Valide par OK
-Patiente jusqu' à la fin du scan.
-Poste le rapport généré (situé également ici : C:\lopR.txt).

A+ tard.




Modifié par Anonyme le 06/01/2009 03:13
 Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Haut de la page 
Inscrivez-vous au Forum PC Astuces !
  • Posez vos questions
  • Résolvez vos problèmes
  • Aidez les autres
  • Participez et créez vos discussions
  • Dialoguez en privé avec d'autres membres
  • Suivez vos sujets préférés
  • Affichez les signatures des membres
TOUT EST GRATUIT !

Je crée mon compte


Sur PC Astuces

 > Tous les forumsSécurité

 
Forum PC Astuces© 1997-2014 WebastucesAller en haut de la page