> Tous les forums > Forum Sécurité
 1 ligne bizarre dans Hijackthis - pour examen SVPSujet résolu
Ajouter un message à la discussion
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]
bernie50
  Posté le 22/12/2009 @ 17:18 
Aller en bas de la page 
Astucien

Bonsoir,

Le pc fonctionne bien et sans ralentissement, seule cette ligne en rouge m'interpelle, seul changement dans le pc, mise à joue du fichier hosts.

Scan bitdéfender et not en ligne tout deux négatifs

Logfile of random's system information tool 1.05 (written by random/random)
Run by bernard at 2009-12-22 17:11:09
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 26 GB (34%) free of 78 GB
Total RAM: 959 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:31, on 22/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\bernard\Bureau\Maintenance\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bernard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
O1 - Hosts: [Internet Media][AS12008][204.69.234.0 - 204.69.234.255]
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255544920843
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

--
End of file - 6873 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1165262418.job
C:\WINDOWS\tasks\WebReg 20061203223043.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl []
"00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2009-02-23 2652056]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"hpqSRMon"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"Norton Ghost 9.0"=C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe [2004-08-02 1122304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1204224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1204224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe [2004-11-24 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
[]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWindowsUpdate"=0
"NoFavoritesMenu"=0
"NoSMMyPictures"=0
"NoStartMenuMyMusic"=0
"NoRecentDocsNetHood"=0
"NoRun"=0
"NoUserNameInStartMenu"=1
"NoInstrumentation"=0
"NoStartMenuPinnedList"=0
"ForceStartMenuLogoff"=0
"NoSharedDocuments"=1
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWindowsUpdate"=
"NoFavoritesMenu"=
"NoSMMyPictures"=
"NoStartMenuMyMusic"=
"NoRecentDocsNetHood"=
"NoRun"=
"NoInstrumentation"=
"NoSimpleStartMenu"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Assistant Transfert de fichiers et de paramètres"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a2ae7c6-5beb-11d9-9bb1-000b6a7d4d29}]
shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c462f8a-cc79-11de-bfbc-000b6a7d4d29}]
shell\AutoRun\command - E:\setup_vmc_lite.exe /checkApplicationPresence


======List of files/folders created in the last 1 months======

2009-12-22 15:14:33 ----D---- C:\WINDOWS\LastGood
2009-12-22 15:14:31 ----D---- C:\Program Files\ESET
2009-12-19 16:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-12 18:01:49 ----D---- C:\Documents and Settings\bernard\Application Data\Flickr
2009-12-12 17:59:51 ----D---- C:\Program Files\Flickr Uploadr
2009-12-11 17:35:08 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2009-12-11 17:04:47 ----A---- C:\Documents and Settings\bernard\Application Data\inst.exe
2009-12-11 17:04:25 ----D---- C:\Program Files\DVDFab 6
2009-12-09 08:47:28 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 08:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 08:46:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 08:45:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 08:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-04 16:09:07 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2009-12-02 12:26:11 ----D---- C:\Documents and Settings\bernard\Application Data\Audacity
2009-12-02 12:26:03 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2009-11-25 18:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 18:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-24 19:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-11-23 18:49:05 ----D---- C:\Program Files\Microsoft
2009-11-23 18:48:49 ----D---- C:\Program Files\Windows Live SkyDrive
2009-11-23 18:45:21 ----D---- C:\Program Files\Fichiers communs\Windows Live

======List of files/folders modified in the last 1 months======

2009-12-22 17:07:39 ----D---- C:\Program Files\Mozilla Firefox
2009-12-22 17:03:44 ----D---- C:\Program Files\Mozilla Thunderbird
2009-12-22 16:58:29 ----SHD---- C:\WINDOWS\Installer
2009-12-22 16:34:42 ----D---- C:\WINDOWS\Temp
2009-12-22 16:16:35 ----AD---- C:\WINDOWS
2009-12-22 15:14:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-22 15:14:31 ----D---- C:\Program Files
2009-12-22 14:53:45 ----D---- C:\Documents and Settings\bernard\Application Data\QuickScan
2009-12-22 14:36:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-22 14:35:21 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-20 17:58:07 ----D---- C:\WINDOWS\system32\config
2009-12-20 16:57:18 ----D---- C:\WINDOWS\AppPatch
2009-12-19 16:54:29 ----HD---- C:\WINDOWS\inf
2009-12-19 16:54:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-19 16:53:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-19 15:20:15 ----D---- C:\Zebprotect
2009-12-16 15:06:24 ----A---- C:\SecuScan.txt
2009-12-15 15:17:41 ----D---- C:\Program Files\ZebHelpProcess 2
2009-12-15 15:12:52 ----D---- C:\Program Files\Trend Micro
2009-12-12 18:00:08 ----HD---- C:\Config.Msi
2009-12-12 17:12:29 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-11 17:04:52 ----D---- C:\Documents and Settings\bernard\Application Data\Vso
2009-12-11 17:04:50 ----D---- C:\WINDOWS\system32\drivers
2009-12-11 16:31:28 ----A---- C:\WINDOWS\Clony2.ini
2009-12-11 16:25:48 ----D---- C:\Documents and Settings\bernard\Application Data\HpUpdate
2009-12-09 14:06:33 ----D---- C:\WINDOWS\system32
2009-12-09 14:06:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 08:47:08 ----D---- C:\Program Files\Internet Explorer
2009-12-09 08:46:33 ----D---- C:\WINDOWS\ie8updates
2009-12-08 18:59:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-04 17:39:08 ----A---- C:\WINDOWS\CDPlayer.ini
2009-12-04 16:10:26 ----RSD---- C:\WINDOWS\Fonts
2009-12-04 16:10:26 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-12-04 16:04:00 ----D---- C:\WINDOWS\WinSxS
2009-12-04 16:01:49 ----D---- C:\Program Files\Hewlett-Packard
2009-11-29 16:36:19 ----D---- C:\Documents and Settings\bernard\Application Data\ZoomBrowser EX
2009-11-29 16:34:45 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2009-11-28 18:30:36 ----A---- C:\WINDOWS\system.ini
2009-11-27 18:14:26 ----D---- C:\Program Files\NT Registry Optimizer
2009-11-27 14:17:19 ----D---- C:\WINDOWS\pss
2009-11-24 19:09:07 ----D---- C:\Program Files\Messenger Plus! Live
2009-11-23 18:50:50 ----D---- C:\Program Files\Windows Live
2009-11-23 18:45:21 ----D---- C:\Program Files\Fichiers communs
2009-11-23 18:42:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-09-26 25768]
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2008-01-29 16168]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 PQIMount;PQIMount; C:\WINDOWS\system32\drivers\PQIMount.sys [2004-08-02 46779]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2003-10-29 11264]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-11-12 215616]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys []
R2 RHDISK;RHDISK; \??\C:\Program Files\Rohos\RHDISK.SYS []
R2 rttfsfilt;R-TT FS Filter; C:\WINDOWS\system32\DRIVERS\rttfsfilt.sys [2004-11-19 27936]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-12-08 104512]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2009-12-11 47360]
R3 pctplfw;pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys []
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SFilter;PCTools Driver; C:\WINDOWS\system32\DRIVERS\pctfw.sys [2008-09-22 97408]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2003-10-29 427776]
R3 SISNIC;Pilote de carte Fast Ethernet PCI SiS; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2002-06-10 28089]
S3 6a065;6a065; \??\C:\WINDOWS\system32\6a065.sys []
S3 catchme;catchme; C:\WINDOWS\system32\drivers\catchme.sys []
S3 ffs;ffs; C:\WINDOWS\system32\drivers\ffs.sys []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-29 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-29 21568]
S3 jgameenp;jgameenp; C:\WINDOWS\system32\drivers\jgameenp.sys []
S3 MEMSWEEP2;MEMSWEEP2; C:\WINDOWS\system32\drivers\MEMSWEEP2.sys []
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MTK;Media Technology Kernel Driver; C:\WINDOWS\System32\Drivers\fide.sys [2004-12-19 14601]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 RimSerPort;RIM Virtual Serial Port; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-06-13 17920]
S3 RimUsb;Terminal mobile RIM; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-05 5888]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 XE104Sp50;XE104Sp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\XE104Sp50.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-09-08 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2005-03-03 54784]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperLite\DKService.exe [2002-10-16 176128]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2004-08-02 53248]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe [2004-08-02 1269760]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2008-12-11 146800]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [2005-01-19 69632]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-01-08 19:35:39

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Canon Camera Access Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Digital Photo Professional 2.2-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_170b2\uninstall.exe"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
dBpowerAMP WMA V9.1 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
DeepBurner v1.7.0.208-->"C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
Destinator Console Installation-->C:\DESTIN~1\COLLEC~1\UNWISE.EXE C:\DESTIN~1\COLLEC~1\INSTALL.LOG
Diskeeper Lite-->MsiExec.exe /X{A3F60446-48FB-48A8-B5FC-BB3430AEF806}
DVDFab Decrypter 3.0.8.0-->"C:\Program Files\DVDFab Decrypter 3\unins000.exe"
EVEREST Home Edition v2.01-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
eXPert PDF 4-->MsiExec.exe /X{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
ffdshow [rev 1685] [2007-12-06]-->"C:\Program Files\ffdshow\unins000.exe"
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HDTune 2.10 Fr-->C:\Program Files\HDTune\UnInstall_HDTune.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Extended Capabilities 4.7-->C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7-->C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
i-Covers 2008.a-->"C:\Program Files\i-Covers\unins000.exe"
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
IsoBuster 1.8-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
jv16 PowerTools 1.3-->"C:\Program Files\jv16 PowerTools\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LiveUpdate 2.0 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x40c UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{0000040C-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Tool Web Package:WntIpcfg.exe-->MsiExec.exe /X{EA82FF50-E258-4DFE-839B-8F26A01A34A7}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.19)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Music Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x40c
Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 3-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_fre.exe
Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
Norton Ghost 9.0-->MsiExec.exe /X{3C759736-8347-4031-BB9C-D75ADFE6B101}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Package de pilotes Windows - Nokia Modem (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
Package de pilotes Windows - Nokia Modem (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
Photosmart 320,370,7400,8100,8400 Series (fra)-->C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
Photosmart 320,370,7400,8100,8400,8700 Series-->C:\Program Files\Hewlett-Packard\{BA2D9411-DBB4-43e4-9421-780413650A67}\setup\hpzscr01.exe -datfile hphscr01.dat
Power IEv3-->MsiExec.exe /I{AF7C627C-F354-4FF1-8450-398C806B436E}
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Rohos Mini Drive 1.18-->"C:\Program Files\Rohos\unins000.exe"
SafeCast Shared Components-->C:\Program Files\Fichiers communs\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Services Off-line de Home'Bank-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\BBL\Off-line\Uninst.isu"
SiS 661FX_760_741_M661FX_M760_M741-->Rundll32 SiSInst.dll,Uninstall VGA,R,0
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Streamripper Plugin 1.62.0 (Remove only)-->C:\Program Files\Winamp\streamripper_uninstall.exe
Sygate Personal Firewall-->MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
Turbo Lister 2-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Sign-in Assistant-->MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinSCP 4.0.7-->"C:\Program Files\WinSCP\unins000.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
ZebHelpProcess 2.33-->"C:\Program Files\ZebHelpProcess 2\unins000.exe"

======Hosts File======

127.0.0.1 coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 hi.studioaperto.net
127.0.0.1 www.webbrowser.tv
127.0.0.1 www.wazzupnet.com
127.0.0.1 gueb.com
127.0.0.1 kabex.com
127.0.0.1 www.hityou.com
127.0.0.1 miosearch.com
127.0.0.1 wazzupnet.com

======Security center information======

AV: Avira AntiVir PersonalEdition
FW: Sygate Personal Firewall

System event log

Computer Name: BIENFAISANCE
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur :
Le fichier spécifié est introuvable.


Record Number: 2990
Source Name: Service Control Manager
Time Written: 20081218163310.000000+060
Event Type: erreur
User:

Computer Name: BIENFAISANCE
Event Code: 7036
Message: Le service Gestion d'applications est entré dans l'état : arrêté.

Record Number: 2989
Source Name: Service Control Manager
Time Written: 20081218163310.000000+060
Event Type: Informations
User:

Computer Name: BIENFAISANCE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 2988
Source Name: Service Control Manager
Time Written: 20081218163310.000000+060
Event Type: Informations
User: BIENFAISANCE\bernard

Computer Name: BIENFAISANCE
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur :
Le fichier spécifié est introuvable.


Record Number: 2987
Source Name: Service Control Manager
Time Written: 20081218163310.000000+060
Event Type: erreur
User:

Computer Name: BIENFAISANCE
Event Code: 7036
Message: Le service Gestion d'applications est entré dans l'état : arrêté.

Record Number: 2986
Source Name: Service Control Manager
Time Written: 20081218163310.000000+060
Event Type: Informations
User:

Application event log

Computer Name: BIENFAISANCE
Event Code: 32068
Message: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement.
Code de pays/région : '*'
Indicatif régional : '*'

Record Number: 15578
Source Name: Microsoft Fax
Time Written: 20080811172819.000000+120
Event Type: Avertissement
User:

Computer Name: BIENFAISANCE
Event Code: 32026
Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI).
Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé.

Record Number: 15577
Source Name: Microsoft Fax
Time Written: 20080811172819.000000+120
Event Type: Avertissement
User:

Computer Name: BIENFAISANCE
Event Code: 100
Message: Description : Service Norton Ghost démarré.
Détails :
Source : Norton Ghost 9.0

Record Number: 15576
Source Name: Norton Ghost 9.0
Time Written: 20080811172808.000000+120
Event Type: Informations
User:

Computer Name: BIENFAISANCE
Event Code: 2
Message: The Diskeeper Control Center has been started.
Diskeeper service started

Record Number: 15575
Source Name: Diskeeper
Time Written: 20080811172707.000000+120
Event Type: Informations
User:

Computer Name: BIENFAISANCE
Event Code: 1
Message:
Record Number: 15574
Source Name: Bonjour Service
Time Written: 20080811172703.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Executive Software\DiskeeperLite\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VERSION"=3.0.5.001
"SESSIONID"=1165355033313htx6060.cce.hp.com9d5241:10f54927fed:-3010
"COLLECTIONID"=COL8143
"ITEMID"=dj-22741-15
"UPDATEDIR"=C:\DOCUME~1\bernard\LOCALS~1\Temp\radE97E8.tmp
"TOOLPATH"=/C:/Program%20Files/Hewlett-Packard/HP%20Software%20Update/install.htm
"HMSERVER"=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.22.20030804
"OSVER"=winXPH
"LANG"=2060
"TIMEOUT"=0
"DiskeeperIcon"=C:\Program Files\Executive Software\DiskeeperLite\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

204.69.234.0 Whois Information

OrgName: Internet Media Network, Inc.
OrgID: IMN-4
Address: 420 S Smith Rd
City: Tempe
StateProv: AZ
PostalCode: 85281
Country: US

NetRange: 204.69.234.0[Who Is IP][trace][Reverse IP Search] - 204.69.234.255[Who Is IP][trace][Reverse IP Search]
CIDR: 204.69.234.0[Who Is IP][trace][Reverse IP Search]/24
NetName: MAILORDER3
NetHandle: NET-204-69-234-0-1
Parent: NET-204-0-0-0-0
NetType: Direct Assignment
NameServer: UDNS1.ULTRADNS.NET[Who Is Domain][trace][Reverse DNS Search]
NameServer: UDNS2.ULTRADNS.NET[Who Is Domain][trace][Reverse DNS Search]
Comment:
RegDate: 1994-08-26
Updated: 2000-09-19

RTechHandle: RJ48-ARIN
RTechName: Joffe, Rodney
RTechPhone: +1-480-858-9000
RTechEmail: [Who Is Domain][trace][Reverse DNS Search]

# ARIN WHOIS database, last updated 2009-12-21 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3408
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22/12/2009 20:23:36
mbam-log-2009-12-22 (20-23-36).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 221605
Temps écoulé: 2 hour(s), 35 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)



Modifié par bernie50 le 22/12/2009 20:23
Publicité
Joekid33
 Posté le 22/12/2009 à 21:11 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Pour un Up et dire que j'ai la même chose, suite à la maj du fichier Hosts ...

A suivre ..

Ultra Surf ??? peut-être ?????????



Modifié par Joekid33 le 22/12/2009 22:11
philae
 Posté le 22/12/2009 à 22:48 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

bonsoir,

ton pc est de toutes façons infecté.

*- Pour tous les lecteurs :
-- Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.
-- Ne pas utiliser en dehors de ce cas de figure : dangereux!

Téléchargez Combofix (de sUBs) sur l'un de ces liens :

Lien 1
Lien 2
Lien 3

* IMPORTANT !!! Enregistrez ComboFix.exe sur votre Bureau


/!\ Désactivez votre antivirus / antispyware résident / TeaTimer de Spybot (s'ils fonctionnent encore! ) en général via un clic droit sur l'icône de la Zone de notification.

Désactiver les protections résidentes - Tutoriel

* Faites un double clic sur combofix.exe & suivez les invites.

* Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles. Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

* Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.

**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

* Une fois que la Console de récupération Microsoft Windows est installée via ComboFix, vous devriez voir le message suivant:

* Cliquez sur Oui/Yes, pour poursuivre avec la recherche de nuisibles.

* Lorsque l'outil aura terminé, il vous affichera un rapport. Veuillez copier le contenu de C:\ComboFix.txt dans votre prochaine réponse.

------

bernie50
 Posté le 23/12/2009 à 08:30 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjour Phil,

Voici le rapport combofix

ComboFix 09-12-22.03 - bernard 23/12/2009 8:04.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.959.590 [GMT 1:00]
Lancé depuis: c:\documents and settings\bernard\Mes documents\Téléchargements\ComboFix.exe
AV: antivir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\bernard\Application Data\inst.exe
c:\documents and settings\bernard\Mes documents\Saveregistre.reg
c:\documents and settings\bernard\Mes documents\saveregistre1.reg
c:\documents and settings\bernard\Mes documents\ZbThumbnail.info
C:\InfoSat.txt
c:\windows\Downloaded Program Files\rave
c:\windows\Downloaded Program Files\rave\avirexe.vdm
c:\windows\Downloaded Program Files\rave\avirscr.vdm
c:\windows\Downloaded Program Files\rave\base.vdm
c:\windows\Downloaded Program Files\rave\daily.vdm
c:\windows\Downloaded Program Files\rave\daily.vdt
c:\windows\Downloaded Program Files\rave\filters.vdm
c:\windows\Downloaded Program Files\rave\kernel.vdk
c:\windows\Downloaded Program Files\rave\keyring.vdk
c:\windows\Downloaded Program Files\rave\mapi_vdm.vdm
c:\windows\Downloaded Program Files\rave\modules.vdk
c:\windows\Downloaded Program Files\rave\rav8def.vdm
c:\windows\Downloaded Program Files\rave\rufs.vdm
c:\windows\Downloaded Program Files\rave\rufsplg.vdm
c:\windows\Downloaded Program Files\rave\unarch.vdm
c:\windows\Downloaded Program Files\rave\unmail.vdm
c:\windows\Downloaded Program Files\rave\unpack.vdm
c:\windows\patch.exe
c:\windows\system32\kWab.dll
c:\windows\system32\open.ico
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-23 au 2009-12-23 ))))))))))))))))))))))))))))))))))))
.

2009-12-19 15:53 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-12 17:01 . 2009-12-12 17:01 -------- d-----w- c:\documents and settings\bernard\Local Settings\Application Data\Flickr
2009-12-12 17:01 . 2009-12-12 17:01 -------- d-----w- c:\documents and settings\bernard\Application Data\Flickr
2009-12-12 16:59 . 2009-12-12 17:02 -------- d-----w- c:\program files\Flickr Uploadr
2009-12-11 16:35 . 2009-12-11 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-12-11 16:04 . 2009-12-11 16:51 -------- d-----w- c:\program files\DVDFab 6
2009-12-08 15:06 . 2009-12-08 15:06 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-12-04 15:09 . 2009-12-04 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-12-04 15:04 . 2009-12-04 15:10 78363 ----a-w- c:\windows\hpqins05.dat
2009-12-02 11:26 . 2009-12-06 18:45 -------- d-----w- c:\documents and settings\bernard\Application Data\Audacity
2009-12-02 11:26 . 2009-12-02 11:26 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-11-26 18:33 . 2009-11-26 16:39 678912 ----a-w- c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-26 18:33 . 2009-11-26 16:37 768512 ----a-w- c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-23 17:51 . 2009-11-30 16:17 -------- d-----w- c:\documents and settings\bernard\Tracing
2009-11-23 17:49 . 2009-11-23 17:49 -------- d-----w- c:\program files\Microsoft
2009-11-23 17:48 . 2009-11-23 17:48 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-23 17:45 . 2009-11-23 17:45 -------- d-----w- c:\program files\Fichiers communs\Windows Live

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-23 06:48 . 2009-03-20 18:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-22 16:03 . 2005-07-19 14:49 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-22 13:53 . 2009-11-08 17:36 -------- d-----w- c:\documents and settings\bernard\Application Data\QuickScan
2009-12-15 14:17 . 2009-01-04 17:02 -------- d-----w- c:\program files\ZebHelpProcess 2
2009-12-15 14:12 . 2007-11-21 13:43 -------- d-----w- c:\program files\Trend Micro
2009-12-11 16:04 . 2007-02-18 17:41 -------- d-----w- c:\documents and settings\bernard\Application Data\Vso
2009-12-11 16:04 . 2007-02-18 17:41 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-11 16:04 . 2007-02-18 17:41 47360 ----a-w- c:\documents and settings\bernard\Application Data\pcouffin.sys
2009-12-11 16:04 . 2007-02-18 17:41 47360 ----a-w- c:\documents and settings\bernard\Application Data\pcouffin.sys
2009-12-11 15:25 . 2009-09-18 13:02 -------- d-----w- c:\documents and settings\bernard\Application Data\HpUpdate
2009-12-09 13:06 . 2004-08-05 12:00 94426 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-09 13:06 . 2004-08-05 12:00 534756 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-08 17:59 . 2008-05-18 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 17:58 . 2008-06-13 15:05 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-07 16:08 . 2009-04-20 19:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 15:12 . 2004-10-27 14:32 21032 ----a-w- c:\documents and settings\bernard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 15:10 . 2007-01-01 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-04 15:01 . 2006-12-03 20:52 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-03 15:14 . 2008-08-12 16:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2008-05-18 20:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 15:36 . 2007-08-03 14:44 -------- d-----w- c:\documents and settings\bernard\Application Data\ZoomBrowser EX
2009-11-29 15:34 . 2007-08-03 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-11-27 17:14 . 2009-04-27 15:04 -------- d-----w- c:\program files\NT Registry Optimizer
2009-11-24 18:09 . 2008-03-10 17:34 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-23 17:50 . 2008-03-10 17:34 -------- d-----w- c:\program files\Windows Live
2009-11-21 15:58 . 2004-08-05 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 17:24 . 2004-10-29 15:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 17:24 . 2004-10-29 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-17 17:22 . 2008-12-02 18:52 -------- d-----w- c:\program files\Panda Security
2009-11-15 09:05 . 2009-04-27 15:17 -------- d-----w- c:\program files\ERUNT
2009-11-04 08:48 . 2004-12-03 11:28 -------- d-----w- c:\program files\Java
2009-11-04 08:47 . 2009-11-04 08:47 152576 ----a-w- c:\documents and settings\bernard\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-02 09:37 . 2009-11-02 09:37 -------- d-----w- c:\program files\HD Tune
2009-10-29 07:42 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-22 09:17 . 2009-11-04 10:58 5939712 ----a-w- c:\windows\system32\SET56.tmp
2009-10-21 05:39 . 2004-08-05 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-05 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-05 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 14:25 . 2009-10-15 14:26 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-13 10:33 . 2004-08-05 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-05 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2004-08-05 12:00 150528 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-05-13 15:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-28 18:20 . 2009-09-28 18:20 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-09-26 17:57 . 2009-09-26 17:57 25768 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-26 13:26 . 2009-09-26 13:28 38208 ----a-w- c:\documents and settings\bernard\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-09-26 13:26 . 2009-09-26 13:28 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2007-08-16 11:52 . 2007-07-31 13:15 24 --sh--w- c:\windows\SDE2E4CBF.tmp
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-08-02 1122304]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 10:08 935288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2005-11-15 18:21 1204224 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-11-24 17:17 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2/08/2004 16:04 138780]
R0 rttmntr;R-TT Backup Archive Explorer;c:\windows\system32\drivers\rttmntr.sys [19/11/2004 15:11 200512]
R0 snaprtt;R-TT Snapshots Manager;c:\windows\system32\drivers\snaprtt.sys [19/11/2004 15:11 78624]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [20/03/2009 19:14 159600]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2/08/2004 16:23 46779]
R2 AntiVirSchedulerService;Avira antivir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20/04/2009 20:36 108289]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [20/03/2009 19:14 73840]
R2 RHDISK;RHDISK;c:\program files\Rohos\rhdisk.sys [11/11/2008 12:15 29184]
R2 rttfsfilt;R-TT FS Filter;c:\windows\system32\drivers\rttfsfilt.sys [19/11/2004 15:11 27936]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [20/03/2009 19:14 95640]
S3 6a065;6a065;c:\windows\system32\6a065.sys [8/02/2008 17:03 54624]
S3 ffs;ffs; [x]
S3 jgameenp;jgameenp; [x]
S3 MEMSWEEP2;MEMSWEEP2; [x]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [19/12/2004 15:27 14601]
S3 XE104Sp50;XE104Sp50 NDIS Protocol Driver;c:\windows\system32\Drivers\XE104Sp50.sys --> c:\windows\system32\Drivers\XE104Sp50.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.be/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - component: c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-{AAC4FC36-8F89-4587-8DD3-EBC57C83374D} - c:\program files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-23 08:08
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-12-23 08:12:44
ComboFix-quarantined-files.txt 2009-12-23 07:12

Avant-CF: 27.488.874.496 octets libres
Après-CF: 27.460.280.320 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - A3D45F47893D294CB10171889EA269A6

Voici un new rapport RSIT

Logfile of random's system information tool 1.05 (written by random/random)
Run by bernard at 2009-12-23 08:17:23
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 26 GB (34%) free of 78 GB
Total RAM: 959 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:45, on 23/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bernard\Bureau\Maintenance\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bernard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: [Internet Media][AS12008][204.69.234.0 - 204.69.234.255]
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255544920843
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Avira antivir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira antivir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

--
End of file - 7069 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1165262418.job
C:\WINDOWS\tasks\WebReg 20061203223043.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2009-02-23 2652056]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"hpqSRMon"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"Norton Ghost 9.0"=C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe [2004-08-02 1122304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1204224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1204224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe [2004-11-24 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
[]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFavoritesMenu"=0
"NoSMMyPictures"=0
"NoStartMenuMyMusic"=0
"NoRecentDocsNetHood"=0
"NoUserNameInStartMenu"=1
"NoInstrumentation"=0
"NoStartMenuPinnedList"=0
"ForceStartMenuLogoff"=0
"NoSharedDocuments"=1
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFavoritesMenu"=
"NoSMMyPictures"=
"NoStartMenuMyMusic"=
"NoRecentDocsNetHood"=
"NoInstrumentation"=
"NoSimpleStartMenu"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Assistant Transfert de fichiers et de paramètres"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-12-23 08:12:44 ----A---- C:\ComboFix.txt
2009-12-23 08:01:31 ----A---- C:\Boot.bak
2009-12-23 08:01:23 ----RASHD---- C:\cmdcons
2009-12-23 08:00:23 ----A---- C:\WINDOWS\zip.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\SWSC.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\SWREG.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\sed.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\PEV.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\MBR.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\grep.exe
2009-12-23 07:59:27 ----D---- C:\Qoobox
2009-12-19 16:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-12 18:01:49 ----D---- C:\Documents and Settings\bernard\Application Data\Flickr
2009-12-12 17:59:51 ----D---- C:\Program Files\Flickr Uploadr
2009-12-11 17:35:08 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2009-12-11 17:04:25 ----D---- C:\Program Files\DVDFab 6
2009-12-09 08:47:28 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 08:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 08:46:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 08:45:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 08:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-04 16:09:07 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2009-12-02 12:26:11 ----D---- C:\Documents and Settings\bernard\Application Data\Audacity
2009-12-02 12:26:03 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2009-11-25 18:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 18:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-24 19:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$

======List of files/folders modified in the last 1 months======

2009-12-23 08:15:00 ----D---- C:\Program Files\Mozilla Firefox
2009-12-23 08:12:57 ----SHD---- C:\WINDOWS\Installer
2009-12-23 08:12:56 ----D---- C:\WINDOWS\Temp
2009-12-23 08:10:04 ----D---- C:\WINDOWS\ERDNT
2009-12-23 08:08:54 ----AD---- C:\WINDOWS
2009-12-23 08:08:54 ----A---- C:\WINDOWS\system.ini
2009-12-23 08:08:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-23 08:08:24 ----D---- C:\WINDOWS\system32
2009-12-23 08:06:57 ----D---- C:\WINDOWS\system32\drivers
2009-12-23 08:06:57 ----D---- C:\WINDOWS\AppPatch
2009-12-23 08:06:51 ----D---- C:\Program Files\Fichiers communs
2009-12-23 08:01:31 ----RASH---- C:\boot.ini
2009-12-23 07:50:06 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-23 07:48:00 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-12-22 20:41:33 ----D---- C:\Program Files
2009-12-22 17:03:44 ----D---- C:\Program Files\Mozilla Thunderbird
2009-12-22 14:53:45 ----D---- C:\Documents and Settings\bernard\Application Data\QuickScan
2009-12-20 17:58:07 ----D---- C:\WINDOWS\system32\config
2009-12-19 16:54:29 ----HD---- C:\WINDOWS\inf
2009-12-19 16:54:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-19 16:53:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-19 15:20:15 ----D---- C:\Zebprotect
2009-12-16 15:06:24 ----A---- C:\SecuScan.txt
2009-12-15 15:17:41 ----D---- C:\Program Files\ZebHelpProcess 2
2009-12-15 15:12:52 ----D---- C:\Program Files\Trend Micro
2009-12-12 18:00:08 ----D---- C:\Config.Msi
2009-12-12 17:12:29 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-11 17:04:52 ----D---- C:\Documents and Settings\bernard\Application Data\Vso
2009-12-11 16:31:28 ----A---- C:\WINDOWS\Clony2.ini
2009-12-11 16:25:48 ----D---- C:\Documents and Settings\bernard\Application Data\HpUpdate
2009-12-09 14:06:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 08:47:08 ----D---- C:\Program Files\Internet Explorer
2009-12-09 08:46:33 ----D---- C:\WINDOWS\ie8updates
2009-12-08 18:59:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-04 17:39:08 ----A---- C:\WINDOWS\CDPlayer.ini
2009-12-04 16:10:26 ----RSD---- C:\WINDOWS\Fonts
2009-12-04 16:10:26 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-12-04 16:04:00 ----D---- C:\WINDOWS\WinSxS
2009-12-04 16:01:49 ----D---- C:\Program Files\Hewlett-Packard
2009-11-29 16:36:19 ----D---- C:\Documents and Settings\bernard\Application Data\ZoomBrowser EX
2009-11-29 16:34:45 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2009-11-27 18:14:26 ----D---- C:\Program Files\NT Registry Optimizer
2009-11-27 14:17:19 ----D---- C:\WINDOWS\pss
2009-11-24 19:09:07 ----D---- C:\Program Files\Messenger Plus! Live

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-09-26 25768]
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2008-01-29 16168]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 PQIMount;PQIMount; C:\WINDOWS\system32\drivers\PQIMount.sys [2004-08-02 46779]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2003-10-29 11264]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R1 TrueCrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-11-12 215616]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys []
R2 RHDISK;RHDISK; \??\C:\Program Files\Rohos\RHDISK.SYS []
R2 rttfsfilt;R-TT FS Filter; C:\WINDOWS\system32\DRIVERS\rttfsfilt.sys [2004-11-19 27936]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-12-08 104512]
R3 catchme;catchme; \??\C:\DOCUME~1\bernard\LOCALS~1\Temp\catchme.sys []
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2009-12-11 47360]
R3 pctplfw;pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys []
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SFilter;PCTools Driver; C:\WINDOWS\system32\DRIVERS\pctfw.sys [2008-09-22 97408]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2003-10-29 427776]
R3 SISNIC;Pilote de carte Fast Ethernet PCI SiS; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2002-06-10 28089]
S3 6a065;6a065; \??\C:\WINDOWS\system32\6a065.sys []
S3 ffs;ffs; C:\WINDOWS\system32\drivers\ffs.sys []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-29 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-29 21568]
S3 jgameenp;jgameenp; C:\WINDOWS\system32\drivers\jgameenp.sys []
S3 mbr;mbr; \??\C:\DOCUME~1\bernard\LOCALS~1\Temp\mbr.sys []
S3 MEMSWEEP2;MEMSWEEP2; C:\WINDOWS\system32\drivers\MEMSWEEP2.sys []
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MTK;Media Technology Kernel Driver; C:\WINDOWS\System32\Drivers\fide.sys [2004-12-19 14601]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 RimSerPort;RIM Virtual Serial Port; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-06-13 17920]
S3 RimUsb;Terminal mobile RIM; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-05 5888]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WINIO;WINIO; \??\C:\WINDOWS\TEMP\WinIo.sys []
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 XE104Sp50;XE104Sp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\XE104Sp50.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira antivir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
R2 AntiVirService;Avira antivir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-09-08 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperLite\DKService.exe [2002-10-16 176128]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2004-08-02 53248]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe [2004-08-02 1269760]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2008-12-11 146800]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2005-03-03 54784]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [2005-01-19 69632]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------

Merci et bonne journée

bernie50
 Posté le 23/12/2009 à 08:38 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjour Philae,

Voilà le log RSIT
info.txt logfile of random's system information tool 1.05 2009-12-23 08:35:50

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Audacity 1.3.7 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Canon Camera Access Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Digital Photo Professional 2.2-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_170b2\uninstall.exe"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
dBpowerAMP WMA V9.1 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
DeepBurner v1.7.0.208-->"C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
Destinator Console Installation-->C:\DESTIN~1\COLLEC~1\UNWISE.EXE C:\DESTIN~1\COLLEC~1\INSTALL.LOG
Diskeeper Lite-->MsiExec.exe /X{A3F60446-48FB-48A8-B5FC-BB3430AEF806}
DVDFab 6.2.0.5 (11/11/2009)-->"C:\Program Files\DVDFab 6\unins000.exe"
EVEREST Home Edition v2.01-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
eXPert PDF 4-->MsiExec.exe /X{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
ffdshow [rev 1685] [2007-12-06]-->"C:\Program Files\ffdshow\unins000.exe"
Flickr Uploadr 3.2.1-->"C:\Program Files\Flickr Uploadr\uninstall.exe"
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HD Tune 2.55-->"C:\Program Files\HD Tune\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 10.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\Hewlett-Packard\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Image Zone 4.7-->C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 10.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
HP Smart Web Printing-->C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}
i-Covers 2008.a-->"C:\Program Files\i-Covers\unins000.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
IsoBuster 1.8-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
jv16 PowerTools 1.3-->"C:\Program Files\jv16 PowerTools\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LiveUpdate 2.0 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x40c UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{0000040C-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Tool Web Package:WntIpcfg.exe-->MsiExec.exe /X{EA82FF50-E258-4DFE-839B-8F26A01A34A7}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Music Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x40c
Nero Media Player-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 3-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Norton Ghost 9.0-->MsiExec.exe /X{3C759736-8347-4031-BB9C-D75ADFE6B101}
NTREGOPT 1.1j-->"C:\Program Files\NT Registry Optimizer\unins000.exe"
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PC Tools Firewall Plus 5.0-->C:\Program Files\PC Tools Firewall Plus\unins000.exe /LOG
PDF Password Remover v3.0-->"C:\Program Files\PDF Password Remover v3.0\unins000.exe"
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
Photosmart 320,370,7400,8100,8400,8700 Series-->C:\Program Files\Hewlett-Packard\{BA2D9411-DBB4-43e4-9421-780413650A67}\setup\hpzscr01.exe -datfile hphscr01.dat
Power IEv3-->MsiExec.exe /I{AF7C627C-F354-4FF1-8450-398C806B436E}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Rohos Mini Drive 1.18-->"C:\Program Files\Rohos\unins000.exe"
SafeCast Shared Components-->C:\Program Files\Fichiers communs\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Services Off-line de Home'Bank-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\BBL\Off-line\Uninst.isu"
Shop for HP Supplies-->C:\Program Files\Hewlett-Packard\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SiS 661FX_760_741_M661FX_M760_M741-->Rundll32 SiSInst.dll,Uninstall VGA,R,0
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Streamripper Plugin 1.62.0 (Remove only)-->C:\Program Files\Winamp\streamripper_uninstall.exe
TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinSCP 4.0.7-->"C:\Program Files\WinSCP\unins000.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
ZebHelpProcess 2.33-->"C:\Program Files\ZebHelpProcess 2\unins000.exe"
ZHPDiag 1.24-->"C:\Program Files\ZHPDiag\unins000.exe"

=====HijackThis Backups=====

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207405927359
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214320929671
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225559252875
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R3 - Default URLSearchHook is missing
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230653430921
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader5.cab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1242218116437
O16 - DPF: {774FE9E1-A8F8-4A40-9706-8F673D8DB6ED} (UNYKContactsFinderOCX.main) - http://www1.unyk.com/Diffusion/ActiveX/UNYKContactsFinder.cab
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

======Hosts File======

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com

======Security center information======

AV: AntiVir Desktop
FW: PC Tools Firewall Plus

System event log

Computer Name: BIENFAISANCE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

Record Number: 24194
Source Name: Service Control Manager
Time Written: 20091128183601.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: BIENFAISANCE
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

Record Number: 24193
Source Name: Service Control Manager
Time Written: 20091128183601.000000+060
Event Type: Informations
User:

Computer Name: BIENFAISANCE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service hpqcxs08.

Record Number: 24192
Source Name: Service Control Manager
Time Written: 20091128183601.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: BIENFAISANCE
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

Record Number: 24191
Source Name: Service Control Manager
Time Written: 20091128183601.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: BIENFAISANCE
Event Code: 7022
Message: Le service Service HP CUE DeviceDiscovery est en attente de démarrage.

Record Number: 24190
Source Name: Service Control Manager
Time Written: 20091128183601.000000+060
Event Type: erreur
User:

Application event log

Computer Name: BIENFAISANCE
Event Code: 11606
Message: Produit : DJ_AIO_03_F2200_ProductContext -- Error 1606. Impossible d'accéder à l'emplacement réseau %USERPROFILE%\Mes documents\Mes images\.

Record Number: 29154
Source Name: MsiInstaller
Time Written: 20091201145546.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM

Computer Name: BIENFAISANCE
Event Code: 0
Message:
Record Number: 29153
Source Name: iPod Service
Time Written: 20091201145054.000000+060
Event Type: Informations
User:

Computer Name: BIENFAISANCE
Event Code: 11606
Message: Produit : DJ_AIO_03_F2200_ProductContext -- Error 1606. Impossible d'accéder à l'emplacement réseau %USERPROFILE%\Mes documents\Mes images\.

Record Number: 29152
Source Name: MsiInstaller
Time Written: 20091201145043.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM

Computer Name: BIENFAISANCE
Event Code: 11606
Message: Produit : DJ_AIO_03_F2200_ProductContext -- Error 1606. Impossible d'accéder à l'emplacement réseau %USERPROFILE%\Mes documents\Mes images\.

Record Number: 29151
Source Name: MsiInstaller
Time Written: 20091201145043.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM

Computer Name: BIENFAISANCE
Event Code: 11606
Message: Produit : DJ_AIO_03_F2200_ProductContext -- Error 1606. Impossible d'accéder à l'emplacement réseau %USERPROFILE%\Mes documents\Mes images\.

Record Number: 29150
Source Name: MsiInstaller
Time Written: 20091201144903.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Executive Software\DiskeeperLite;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VERSION"=3.0.5.001
"SESSIONID"=1165355033313htx6060.cce.hp.com9d5241:10f54927fed:-3010
"COLLECTIONID"=COL8143
"ITEMID"=dj-22741-15
"UPDATEDIR"=C:\DOCUME~1\bernard\LOCALS~1\Temp\radE97E8.tmp
"TOOLPATH"=/C:/Program%20Files/Hewlett-Packard/HP%20Software%20Update/install.htm
"HMSERVER"=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.22.20030804
"OSVER"=winXPH
"LANG"=2060
"TIMEOUT"=0
"DiskeeperIcon"=C:\Program Files\Executive Software\DiskeeperLite\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

bernie50
 Posté le 23/12/2009 à 14:26 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjour,

Problème de la ligne 01 [hosts] .......... résolu et n'apparait plus dans le log hijackthis suite à la manip préconsée par le Che.

Celle-ci est due à une petite erreur dans le fichier hosts, manque un

# devant [Internet Media][AS12008][204.69.234.0- 204.69.234.255]

voir ici :

https://forum.pcastuces.com/maj_hosts_de_mvps_du_22_12_2009-f25s22866.htm?page=13�



Modifié par bernie50 le 23/12/2009 14:28
bernie50
 Posté le 24/12/2009 à 18:09 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonsoir,

Passage de malwarebytes en mode sans echec

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3408
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

24/12/2009 18:04:19
mbam-log-2009-12-24 (18-04-19).txt

Type de recherche: Examen complet (C:\|H:\|)
Eléments examinés: 220499
Temps écoulé: 1 hour(s), 13 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{55D49C96-22E6-4F1D-BFAE-A64DA33D72FE}\RP23\A0006815.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Je désactive la restauration système et redémarrage pour créer un point sain.

bernie50
 Posté le 24/12/2009 à 18:37 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonsoir,

Après une mise à jour de combofix:

ComboFix 09-12-24.02 - bernard 24/12/2009 18:21:50.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.959.558 [GMT 1:00]
Lancé depuis: c:\documents and settings\bernard\Bureau\Maintenance\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-24 au 2009-12-24 ))))))))))))))))))))))))))))))))))))
.

2009-12-24 15:00 . 2009-12-24 01:52 684032 ----a-w- c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-24 15:00 . 2009-12-24 01:52 776704 ----a-w- c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-12-19 15:53 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-12 17:01 . 2009-12-12 17:01 -------- d-----w- c:\documents and settings\bernard\Local Settings\Application Data\Flickr
2009-12-12 17:01 . 2009-12-12 17:01 -------- d-----w- c:\documents and settings\bernard\Application Data\Flickr
2009-12-11 16:35 . 2009-12-11 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-12-11 16:04 . 2009-12-11 16:51 -------- d-----w- c:\program files\DVDFab 6
2009-12-08 15:06 . 2009-12-08 15:06 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-12-04 15:09 . 2009-12-04 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-12-04 15:04 . 2009-12-04 15:10 78363 ----a-w- c:\windows\hpqins05.dat
2009-12-02 11:26 . 2009-12-06 18:45 -------- d-----w- c:\documents and settings\bernard\Application Data\Audacity

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 17:15 . 2009-03-20 18:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-24 13:25 . 2005-07-19 14:49 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-23 16:59 . 2009-01-04 17:02 -------- d-----w- c:\program files\ZebHelpProcess 2
2009-12-22 13:53 . 2009-11-08 17:36 -------- d-----w- c:\documents and settings\bernard\Application Data\QuickScan
2009-12-15 14:12 . 2007-11-21 13:43 -------- d-----w- c:\program files\Trend Micro
2009-12-11 16:04 . 2007-02-18 17:41 -------- d-----w- c:\documents and settings\bernard\Application Data\Vso
2009-12-11 16:04 . 2007-02-18 17:41 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-11 16:04 . 2007-02-18 17:41 47360 ----a-w- c:\documents and settings\bernard\Application Data\pcouffin.sys
2009-12-11 16:04 . 2007-02-18 17:41 47360 ----a-w- c:\documents and settings\bernard\Application Data\pcouffin.sys
2009-12-11 15:25 . 2009-09-18 13:02 -------- d-----w- c:\documents and settings\bernard\Application Data\HpUpdate
2009-12-09 13:06 . 2004-08-05 12:00 94426 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-09 13:06 . 2004-08-05 12:00 534756 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-08 17:59 . 2008-05-18 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 17:58 . 2008-06-13 15:05 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-07 16:08 . 2009-04-20 19:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 15:12 . 2004-10-27 14:32 21032 ----a-w- c:\documents and settings\bernard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 15:10 . 2007-01-01 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-04 15:01 . 2006-12-03 20:52 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-03 15:14 . 2008-08-12 16:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2008-05-18 20:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 15:36 . 2007-08-03 14:44 -------- d-----w- c:\documents and settings\bernard\Application Data\ZoomBrowser EX
2009-11-29 15:34 . 2007-08-03 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-11-27 17:14 . 2009-04-27 15:04 -------- d-----w- c:\program files\NT Registry Optimizer
2009-11-24 18:09 . 2008-03-10 17:34 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-23 17:50 . 2008-03-10 17:34 -------- d-----w- c:\program files\Windows Live
2009-11-23 17:49 . 2009-11-23 17:49 -------- d-----w- c:\program files\Microsoft
2009-11-23 17:48 . 2009-11-23 17:48 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-23 17:45 . 2009-11-23 17:45 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-11-21 15:58 . 2004-08-05 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 17:24 . 2004-10-29 15:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 17:24 . 2004-10-29 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-17 17:22 . 2008-12-02 18:52 -------- d-----w- c:\program files\Panda Security
2009-11-15 09:05 . 2009-04-27 15:17 -------- d-----w- c:\program files\ERUNT
2009-11-04 08:48 . 2004-12-03 11:28 -------- d-----w- c:\program files\Java
2009-11-04 08:47 . 2009-11-04 08:47 152576 ----a-w- c:\documents and settings\bernard\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-02 09:37 . 2009-11-02 09:37 -------- d-----w- c:\program files\HD Tune
2009-10-29 07:42 . 2004-08-05 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-22 09:17 . 2009-11-04 10:58 5939712 ----a-w- c:\windows\system32\SET56.tmp
2009-10-21 05:39 . 2004-08-05 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-05 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-05 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 14:25 . 2009-10-15 14:26 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-13 10:33 . 2004-08-05 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-05 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2004-08-05 12:00 150528 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-05-13 15:16 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-28 18:20 . 2009-09-28 18:20 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-09-26 17:57 . 2009-09-26 17:57 25768 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-26 13:26 . 2009-09-26 13:28 38208 ----a-w- c:\documents and settings\bernard\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-09-26 13:26 . 2009-09-26 13:28 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2007-08-16 11:52 . 2007-07-31 13:15 24 --sh--w- c:\windows\SDE2E4CBF.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-12-23_07.08.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-24 17:14 . 2009-12-24 17:14 16384 c:\windows\Temp\Perflib_Perfdata_5f8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-08-02 1122304]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 10:08 935288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2005-11-15 18:21 1204224 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-11-24 17:17 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2/08/2004 16:04 138780]
R0 rttmntr;R-TT Backup Archive Explorer;c:\windows\system32\drivers\rttmntr.sys [19/11/2004 15:11 200512]
R0 snaprtt;R-TT Snapshots Manager;c:\windows\system32\drivers\snaprtt.sys [19/11/2004 15:11 78624]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [20/03/2009 19:14 159600]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2/08/2004 16:23 46779]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20/04/2009 20:36 108289]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [20/03/2009 19:14 73840]
R2 RHDISK;RHDISK;c:\program files\Rohos\rhdisk.sys [11/11/2008 12:15 29184]
R2 rttfsfilt;R-TT FS Filter;c:\windows\system32\drivers\rttfsfilt.sys [19/11/2004 15:11 27936]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [20/03/2009 19:14 95640]
S3 6a065;6a065;c:\windows\system32\6a065.sys [8/02/2008 17:03 54624]
S3 ffs;ffs; [x]
S3 jgameenp;jgameenp; [x]
S3 MEMSWEEP2;MEMSWEEP2; [x]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [19/12/2004 15:27 14601]
S3 XE104Sp50;XE104Sp50 NDIS Protocol Driver;c:\windows\system32\Drivers\XE104Sp50.sys --> c:\windows\system32\Drivers\XE104Sp50.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.be/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - component: c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-24 18:28
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-12-24 18:32:45
ComboFix-quarantined-files.txt 2009-12-24 17:32
ComboFix2.txt 2009-12-23 07:12

Avant-CF: 31.279.722.496 octets libres
Après-CF: 31.242.788.864 octets libres

- - End Of File - - DD6E635DF8F9F18B84DA975944BA433F

Nettoyage avec ccleaner effectué.



Modifié par bernie50 le 26/12/2009 13:13
bernie50
 Posté le 30/12/2009 à 10:48 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjour,

Un up pour vérifier si l'infection est éradiquée

merci

Publicité
bernie50
 Posté le 02/01/2010 à 12:42 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjour,

up

Meilleurs voeux à tous pour 2010.

bernie50
 Posté le 04/01/2010 à 17:48 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonsoir,

Un up pour vérifier si l'infection est éradiquée

merci

philae
 Posté le 05/01/2010 à 22:56 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

bonsoir bernie50

j'avais enlevé de mes suivis, vu que tu avais l'air de dire (enfin j'ai cru) que c'était ok

donc je reprends le dernier rapport combo, et je vois que tout n'est pas clean.

Je vais regarder, je reviens un peu plus tard

philae
 Posté le 05/01/2010 à 23:06 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

re

supprime combo, et retélécharge le, tu le relanceras il est encore trop vieux celui ci

/!\ Désactivez votre antivirus / antispyware résident / TeaTimer de Spybot (si présent)
Désactiver les protections résidentes - Tutoriel
* Fermez tous les navigateurs ouverts

* Sélectionnez et copiez (Ctrl+C) le texte en citation ci-dessous :

Killall::

Driver::
jgameenp
6a065

File::
c:\windows\system32\6a065.sys
C:\WINDOWS\system32\drivers\jgameenp.sys
c:\windows\SDE2E4CBF.tmp


  • Ouvrez le Bloc-Notes puis collez (Ctrl+V) le texte précédemment copié. (Bloc-Notes: démarrer > Tous les programmes > Accessoires > Bloc-Notes...)
  • Sauvegardez ce fichier sous le nom de: CFScript.txt au même endroit que ComboFix.exe
  • Comme l'image le montre, fais glisser CFScript.txt sur ComboFix.exe

  • Une fenêtre bleue va apparaître; au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises, c'est normal!
  • Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu dans ton prochain message.
  • Si le fichier ne s'ouvre pas, tu le trouveras dans -> C:\ComboFix.txt


bernie50
 Posté le 06/01/2010 à 15:04 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjour,

ComboFix 10-01-04.01 - bernard 06/01/2010 14:42:18.3.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.959.641 [GMT 1:00]
Lancé depuis: c:\documents and settings\bernard\Mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés
c:\documents and settings\bernard\Mes documents\Téléchargements\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

FILE
:: "c:\windows\SDE2E4CBF.tmp"
"c:\windows\system32\6a065.sys"
"c:\windows\system32\drivers\jgameenp.sys"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\fxavx.ini
c:\windows\SDE2E4CBF.tmp
c:\windows\system32\6a065.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6A065
-------\Legacy_JGAMEENP
-------\Service_6a065
-------\Service_jgameenp


((((((((((((((((((((((((((((( Fichiers créés du 2009-12-06 au 2010-01-06 ))))))))))))))))))))))))))))))))))))
.

2010-01-02 12:03 . 2010-01-02 12:03 -------- d-----w- c:\documents and settings\SURF\Application Data\HpUpdate
2010-01-01 19:51 . 2010-01-01 19:52 -------- d-----w- c:\documents and settings\SURF\Local Settings\Application Data\Adobe
2010-01-01 15:51 . 2010-01-04 12:30 -------- d-----w- c:\documents and settings\SURF\Application Data\QuickScan
2010-01-01 15:47 . 2010-01-01 15:47 -------- d-sh--w- c:\documents and settings\SURF\IECompatCache
2010-01-01 15:46 . 2010-01-01 15:46 -------- d-sh--w- c:\documents and settings\SURF\PrivacIE
2010-01-01 14:37 . 2010-01-01 14:37 -------- d-----w- c:\documents and settings\SURF\Application Data\Ahead
2010-01-01 14:34 . 2010-01-01 14:34 -------- d-----w- c:\documents and settings\SURF\Application Data\Malwarebytes
2009-12-31 15:51 . 2009-12-31 15:51 -------- d-----w- c:\documents and settings\SURF\Application Data\Talkback
2009-12-31 15:26 . 2009-12-31 15:45 -------- d-----w- c:\documents and settings\SURF\Tracing
2009-12-31 15:26 . 2009-12-31 15:26 21032 ----a-w- c:\documents and settings\SURF\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 15:24 . 2009-12-31 15:25 -------- d-----w- c:\documents and settings\SURF\Local Settings\Application Data\Thunderbird
2009-12-31 15:24 . 2009-12-31 15:24 -------- d-----w- c:\documents and settings\SURF\Application Data\Thunderbird
2009-12-31 13:43 . 2009-12-31 13:43 -------- d-----w- c:\documents and settings\SURF\Local Settings\Application Data\Mozilla
2009-12-31 13:41 . 2009-12-31 13:41 -------- d-----w- c:\documents and settings\SURF\Application Data\PCToolsFirewallPlus
2009-12-31 13:37 . 2004-10-27 15:52 -------- d--h--w- c:\documents and settings\SURF\Voisinage réseau
2009-12-31 13:37 . 2004-10-27 15:52 -------- d--h--w- c:\documents and settings\SURF\Voisinage d'impression
2009-12-31 13:37 . 2004-10-27 14:00 -------- d--h--w- c:\documents and settings\SURF\Modèles
2009-12-31 13:37 . 2010-01-05 16:49 -------- d-----w- c:\documents and settings\SURF
2009-12-26 19:20 . 2009-12-26 19:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-12-26 19:20 . 2009-12-26 19:20 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-12-25 14:27 . 2009-12-25 14:30 -------- d-----w- C:\UsbFix
2009-12-25 12:57 . 2009-12-25 12:58 -------- d-----w- c:\windows\avxoscan
2009-12-24 17:45 . 2009-12-25 13:24 -------- d-----w- c:\program files\ZHPFix
2009-12-19 18:22 . 2009-12-19 18:22 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-12-19 15:53 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-12-12 17:01 . 2009-12-12 17:01 -------- d-----w- c:\documents and settings\bernard\Local Settings\Application Data\Flickr
2009-12-12 17:01 . 2009-12-12 17:01 -------- d-----w- c:\documents and settings\bernard\Application Data\Flickr
2009-12-11 16:35 . 2009-12-11 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-12-11 16:04 . 2009-12-11 16:51 -------- d-----w- c:\program files\DVDFab 6

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 13:52 . 2009-03-20 18:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-05 16:26 . 2005-07-19 14:49 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-02 23:26 . 2010-01-03 13:15 789320 ----a-w- c:\documents and settings\SURF\Application Data\Mozilla\Firefox\Profiles\tuof541s.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-01-02 23:26 . 2010-01-03 13:15 697672 ----a-w- c:\documents and settings\SURF\Application Data\Mozilla\Firefox\Profiles\tuof541s.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-31 16:32 . 2008-05-18 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 16:31 . 2008-06-13 15:05 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-30 14:07 . 2009-11-08 17:36 -------- d-----w- c:\documents and settings\bernard\Application Data\QuickScan
2009-12-30 13:55 . 2008-08-12 16:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2008-05-18 20:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 20:02 . 2009-12-30 14:05 689152 ----a-w- c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-29 20:01 . 2009-12-30 14:05 781312 ----a-w- c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-12-26 12:07 . 2009-09-18 13:02 -------- d-----w- c:\documents and settings\bernard\Application Data\HpUpdate
2009-12-25 13:25 . 2009-08-05 13:36 -------- d-----w- c:\program files\ZHPDiag
2009-12-15 14:12 . 2007-11-21 13:43 -------- d-----w- c:\program files\Trend Micro
2009-12-11 16:04 . 2007-02-18 17:41 -------- d-----w- c:\documents and settings\bernard\Application Data\Vso
2009-12-11 16:04 . 2007-02-18 17:41 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-11 16:04 . 2007-02-18 17:41 47360 ----a-w- c:\documents and settings\bernard\Application Data\pcouffin.sys
2009-12-11 16:04 . 2007-02-18 17:41 47360 ----a-w- c:\documents and settings\bernard\Application Data\pcouffin.sys
2009-12-09 13:06 . 2004-08-05 12:00 94426 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-09 13:06 . 2004-08-05 12:00 534756 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-07 16:08 . 2009-04-20 19:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-06 18:45 . 2009-12-02 11:26 -------- d-----w- c:\documents and settings\bernard\Application Data\Audacity
2009-12-04 15:12 . 2004-10-27 14:32 21032 ----a-w- c:\documents and settings\bernard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 15:10 . 2009-12-04 15:04 78363 ----a-w- c:\windows\hpqins05.dat
2009-12-04 15:10 . 2007-01-01 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-04 15:09 . 2009-12-04 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-12-04 15:01 . 2006-12-03 20:52 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-29 15:36 . 2007-08-03 14:44 -------- d-----w- c:\documents and settings\bernard\Application Data\ZoomBrowser EX
2009-11-29 15:34 . 2007-08-03 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-11-27 17:14 . 2009-04-27 15:04 -------- d-----w- c:\program files\NT Registry Optimizer
2009-11-24 18:09 . 2008-03-10 17:34 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-23 17:50 . 2008-03-10 17:34 -------- d-----w- c:\program files\Windows Live
2009-11-23 17:49 . 2009-11-23 17:49 -------- d-----w- c:\program files\Microsoft
2009-11-23 17:48 . 2009-11-23 17:48 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-23 17:45 . 2009-11-23 17:45 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-11-21 15:58 . 2004-08-05 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 17:24 . 2004-10-29 15:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 17:24 . 2004-10-29 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-17 17:22 . 2008-12-02 18:52 -------- d-----w- c:\program files\Panda Security
2009-11-15 09:05 . 2009-04-27 15:17 -------- d-----w- c:\program files\ERUNT
2009-11-04 08:47 . 2009-11-04 08:47 152576 ----a-w- c:\documents and settings\bernard\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:42 . 2004-08-05 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-22 09:17 . 2009-11-04 10:58 5939712 ----a-w- c:\windows\system32\SET56.tmp
2009-10-21 05:39 . 2004-08-05 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-05 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-05 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 14:25 . 2009-10-15 14:26 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-13 10:33 . 2004-08-05 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-05 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2004-08-05 12:00 150528 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-05-13 15:16 411368 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-08-02 1122304]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 10:08 935288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2005-11-15 18:21 1204224 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-11-24 17:17 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2/08/2004 16:04 138780]
R0 rttmntr;R-TT Backup Archive Explorer;c:\windows\system32\drivers\rttmntr.sys [19/11/2004 15:11 200512]
R0 snaprtt;R-TT Snapshots Manager;c:\windows\system32\drivers\snaprtt.sys [19/11/2004 15:11 78624]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [20/03/2009 19:14 159600]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2/08/2004 16:23 46779]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20/04/2009 20:36 108289]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [20/03/2009 19:14 73840]
R2 RHDISK;RHDISK;c:\program files\Rohos\rhdisk.sys [11/11/2008 12:15 29184]
R2 rttfsfilt;R-TT FS Filter;c:\windows\system32\drivers\rttfsfilt.sys [19/11/2004 15:11 27936]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [20/03/2009 19:14 95640]
S3 esihdrv;esihdrv;\??\c:\docume~1\bernard\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\bernard\LOCALS~1\Temp\esihdrv.sys [?]
S3 ffs;ffs; [x]
S3 MEMSWEEP2;MEMSWEEP2; [x]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [19/12/2004 15:27 14601]
S3 XE104Sp50;XE104Sp50 NDIS Protocol Driver;c:\windows\system32\Drivers\XE104Sp50.sys --> c:\windows\system32\Drivers\XE104Sp50.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'

2009-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2006-12-04 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4165262418.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]

2006-12-03 c:\windows\Tasks\WebReg 20061203223043.job
- c:\program files\Hewlett-Packard\digital imaging\bin\hpqwrg.exe [2007-10-14 18:40]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.be/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - component: c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 14:52
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2744)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Executive Software\DiskeeperLite\DKService.exe
c:\windows\System32\GEARSec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\locator.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Heure de fin: 2010-01-06 15:02:08 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-06 14:02
ComboFix2.txt 2009-12-24 17:32
ComboFix3.txt 2009-12-23 07:12

Avant-CF: 30.886.137.856 octets libres
Après-CF: 30.794.571.776 octets libres

- - End Of File - - 6C095A1BC34F2B4B5B1BB294534647D6

philae
 Posté le 06/01/2010 à 16:25 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

bonjour,

relance combo cette fois avec ce script

Killall::

driver::

esihdrv

file::
c:\docume~1\bernard\LOCALS~1\Temp\esihdrv.sys

tu posteras le rapport et

  • Télécharge gmer sur le bureau et dézippe-le (clic droit et extraire ici).
  • Double-clique sur gmer.exe sur le bureau. Si ton antivirus réagit, ne t'inquiète et ignore l'alerte.
  • Clique sur l'onglet "rootkit", puis clique sur scan.
  • A la fin du scan, clique sur le bouton copy.
  • Dans démarrer>programmes>accessoires : ouvre le bloc-note et clique sur CTRL+V afin de copier le rapport dans ce même bloc-note.
  • Edite ce rapport dans ta prochaine réponse.
bernie50
 Posté le 06/01/2010 à 20:48 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonsoir,

le log combofix:

ComboFix 10-01-04.01 - bernard 06/01/2010 18:07:03.4.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.959.488 [GMT 1:00]
Lancé depuis: c:\documents and settings\bernard\Mes documents\Téléchargements\ComboFix.exe
Commutateurs utilisés
c:\documents and settings\bernard\Mes documents\Téléchargements\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

FILE
:: "c:\docume~1\bernard\LOCALS~1\Temp\esihdrv.sys"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ESIHDRV
-------\Service_esihdrv


((((((((((((((((((((((((((((( Fichiers créés du 2009-12-06 au 2010-01-06 ))))))))))))))))))))))))))))))))))))
.

2010-01-02 12:03 . 2010-01-02 12:03 -------- d-----w- c:\documents and settings\SURF\Application Data\HpUpdate
2010-01-01 19:51 . 2010-01-01 19:52 -------- d-----w- c:\documents and settings\SURF\Local Settings\Application Data\Adobe
2010-01-01 15:51 . 2010-01-06 14:30 -------- d-----w- c:\documents and settings\SURF\Application Data\QuickScan
2010-01-01 15:47 . 2010-01-01 15:47 -------- d-sh--w- c:\documents and settings\SURF\IECompatCache
2010-01-01 15:46 . 2010-01-01 15:46 -------- d-sh--w- c:\documents and settings\SURF\PrivacIE
2010-01-01 14:37 . 2010-01-01 14:37 -------- d-----w- c:\documents and settings\SURF\Application Data\Ahead
2010-01-01 14:34 . 2010-01-01 14:34 -------- d-----w- c:\documents and settings\SURF\Application Data\Malwarebytes
2009-12-31 15:51 . 2009-12-31 15:51 -------- d-----w- c:\documents and settings\SURF\Application Data\Talkback
2009-12-31 15:26 . 2009-12-31 15:45 -------- d-----w- c:\documents and settings\SURF\Tracing
2009-12-31 15:26 . 2009-12-31 15:26 21032 ----a-w- c:\documents and settings\SURF\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 15:24 . 2009-12-31 15:25 -------- d-----w- c:\documents and settings\SURF\Local Settings\Application Data\Thunderbird
2009-12-31 15:24 . 2009-12-31 15:24 -------- d-----w- c:\documents and settings\SURF\Application Data\Thunderbird
2009-12-31 13:43 . 2009-12-31 13:43 -------- d-----w- c:\documents and settings\SURF\Local Settings\Application Data\Mozilla
2009-12-31 13:41 . 2009-12-31 13:41 -------- d-----w- c:\documents and settings\SURF\Application Data\PCToolsFirewallPlus
2009-12-31 13:38 . 2009-12-31 13:38 -------- d-sh--w- c:\documents and settings\SURF\IETldCache
2009-12-31 13:37 . 2004-10-27 15:52 -------- d--h--w- c:\documents and settings\SURF\Voisinage d'impression
2009-12-31 13:37 . 2004-10-27 14:00 -------- d--h--w- c:\documents and settings\SURF\Modèles
2009-12-31 13:37 . 2010-01-06 14:37 -------- d-----w- c:\documents and settings\SURF
2009-12-26 19:20 . 2009-12-26 19:20 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-12-26 19:20 . 2009-12-26 19:20 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2009-12-25 14:27 . 2009-12-25 14:30 -------- d-----w- C:\UsbFix
2009-12-25 12:57 . 2009-12-25 12:58 -------- d-----w- c:\windows\avxoscan
2009-12-24 17:45 . 2009-12-25 13:24 -------- d-----w- c:\program files\ZHPFix
2009-12-19 18:22 . 2009-12-19 18:22 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-12-19 15:53 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-17 22:25 . 2009-12-17 22:25 26024 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-12-12 17:01 . 2009-12-12 17:01 -------- d-----w- c:\documents and settings\bernard\Local Settings\Application Data\Flickr
2009-12-12 17:01 . 2009-12-12 17:01 -------- d-----w- c:\documents and settings\bernard\Application Data\Flickr
2009-12-11 16:35 . 2009-12-11 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-12-11 16:04 . 2009-12-11 16:51 -------- d-----w- c:\program files\DVDFab 6

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 17:26 . 2009-03-20 18:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-06 16:24 . 2005-07-19 14:49 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-02 23:26 . 2010-01-03 13:15 789320 ----a-w- c:\documents and settings\SURF\Application Data\Mozilla\Firefox\Profiles\tuof541s.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-01-02 23:26 . 2010-01-03 13:15 697672 ----a-w- c:\documents and settings\SURF\Application Data\Mozilla\Firefox\Profiles\tuof541s.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-31 16:32 . 2008-05-18 20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 16:31 . 2008-06-13 15:05 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-30 14:07 . 2009-11-08 17:36 -------- d-----w- c:\documents and settings\bernard\Application Data\QuickScan
2009-12-30 13:55 . 2008-08-12 16:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54 . 2008-05-18 20:14 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 20:02 . 2009-12-30 14:05 689152 ----a-w- c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-29 20:01 . 2009-12-30 14:05 781312 ----a-w- c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-12-26 12:07 . 2009-09-18 13:02 -------- d-----w- c:\documents and settings\bernard\Application Data\HpUpdate
2009-12-25 13:25 . 2009-08-05 13:36 -------- d-----w- c:\program files\ZHPDiag
2009-12-15 14:12 . 2007-11-21 13:43 -------- d-----w- c:\program files\Trend Micro
2009-12-11 16:04 . 2007-02-18 17:41 -------- d-----w- c:\documents and settings\bernard\Application Data\Vso
2009-12-11 16:04 . 2007-02-18 17:41 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-11 16:04 . 2007-02-18 17:41 47360 ----a-w- c:\documents and settings\bernard\Application Data\pcouffin.sys
2009-12-11 16:04 . 2007-02-18 17:41 47360 ----a-w- c:\documents and settings\bernard\Application Data\pcouffin.sys
2009-12-09 13:06 . 2004-08-05 12:00 94426 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-09 13:06 . 2004-08-05 12:00 534756 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-07 16:08 . 2009-04-20 19:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-06 18:45 . 2009-12-02 11:26 -------- d-----w- c:\documents and settings\bernard\Application Data\Audacity
2009-12-04 15:12 . 2004-10-27 14:32 21032 ----a-w- c:\documents and settings\bernard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 15:10 . 2009-12-04 15:04 78363 ----a-w- c:\windows\hpqins05.dat
2009-12-04 15:10 . 2007-01-01 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-04 15:09 . 2009-12-04 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-12-04 15:01 . 2006-12-03 20:52 -------- d-----w- c:\program files\Hewlett-Packard
2009-11-29 15:36 . 2007-08-03 14:44 -------- d-----w- c:\documents and settings\bernard\Application Data\ZoomBrowser EX
2009-11-29 15:34 . 2007-08-03 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-11-27 17:14 . 2009-04-27 15:04 -------- d-----w- c:\program files\NT Registry Optimizer
2009-11-24 18:09 . 2008-03-10 17:34 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-23 17:50 . 2008-03-10 17:34 -------- d-----w- c:\program files\Windows Live
2009-11-23 17:49 . 2009-11-23 17:49 -------- d-----w- c:\program files\Microsoft
2009-11-23 17:48 . 2009-11-23 17:48 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-23 17:45 . 2009-11-23 17:45 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-11-21 15:58 . 2004-08-05 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-17 17:24 . 2004-10-29 15:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-17 17:24 . 2004-10-29 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-17 17:22 . 2008-12-02 18:52 -------- d-----w- c:\program files\Panda Security
2009-11-15 09:05 . 2009-04-27 15:17 -------- d-----w- c:\program files\ERUNT
2009-11-04 08:47 . 2009-11-04 08:47 152576 ----a-w- c:\documents and settings\bernard\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-29 07:42 . 2004-08-05 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-22 09:17 . 2009-11-04 10:58 5939712 ----a-w- c:\windows\system32\SET56.tmp
2009-10-21 05:39 . 2004-08-05 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-05 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-05 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 14:25 . 2009-10-15 14:26 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-13 10:33 . 2004-08-05 12:00 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-05 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:39 . 2004-08-05 12:00 150528 ----a-w- c:\windows\system32\rastls.dll
2009-10-11 03:17 . 2009-05-13 15:16 411368 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-08-02 1122304]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 10:08 935288 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2005-11-15 18:21 1204224 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-11-24 17:17 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb13.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2/08/2004 16:04 138780]
R0 rttmntr;R-TT Backup Archive Explorer;c:\windows\system32\drivers\rttmntr.sys [19/11/2004 15:11 200512]
R0 snaprtt;R-TT Snapshots Manager;c:\windows\system32\drivers\snaprtt.sys [19/11/2004 15:11 78624]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [20/03/2009 19:14 159600]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2/08/2004 16:23 46779]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20/04/2009 20:36 108289]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [20/03/2009 19:14 73840]
R2 RHDISK;RHDISK;c:\program files\Rohos\rhdisk.sys [11/11/2008 12:15 29184]
R2 rttfsfilt;R-TT FS Filter;c:\windows\system32\drivers\rttfsfilt.sys [19/11/2004 15:11 27936]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [20/03/2009 19:14 95640]
S3 ffs;ffs; [x]
S3 MEMSWEEP2;MEMSWEEP2; [x]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\drivers\FIDE.SYS [19/12/2004 15:27 14601]
S3 XE104Sp50;XE104Sp50 NDIS Protocol Driver;c:\windows\system32\Drivers\XE104Sp50.sys --> c:\windows\system32\Drivers\XE104Sp50.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'

2009-07-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2006-12-04 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4165262418.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 16:56]

2006-12-03 c:\windows\Tasks\WebReg 20061203223043.job
- c:\program files\Hewlett-Packard\digital imaging\bin\hpqwrg.exe [2007-10-14 18:40]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.be/
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - component: c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\documents and settings\bernard\Application Data\Mozilla\Firefox\Profiles\vrv36dri.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 18:25
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1952)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Executive Software\DiskeeperLite\DKService.exe
c:\windows\System32\GEARSec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\system32\locator.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2010-01-06 18:32:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-01-06 17:32
ComboFix2.txt 2010-01-06 14:02
ComboFix3.txt 2009-12-24 17:32
ComboFix4.txt 2009-12-23 07:12

Avant-CF: 30.762.139.648 octets libres
Après-CF: 30.735.745.024 octets libres

- - End Of File - - 9B9F95DDE1B8F472B7A5342CDBAC4A6A

Après un long scan voici le résultat:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-06 20:47:25
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\bernard\LOCALS~1\Temp\kwtdrpod.sys


---- System - GMER 1.0.15 ----

SSDT F7CA2866 ZwCreateKey
SSDT F7CA285C ZwCreateThread
SSDT F7CA286B ZwDeleteKey
SSDT F7CA2875 ZwDeleteValueKey
SSDT F7CA287A ZwLoadKey
SSDT F7CA2848 ZwOpenProcess
SSDT F7CA284D ZwOpenThread
SSDT F7CA2884 ZwReplaceKey
SSDT F7CA287F ZwRestoreKey
SSDT F7CA2870 ZwSetValueKey
SSDT F7CA2857 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

? Combo-Fix.sys Le fichier spécifié est introuvable. !
? C:\ComboFix\catchme.sys Le chemin d'accès spécifié est introuvable. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Le fichier spécifié est introuvable. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

---- EOF - GMER 1.0.15 ----



Modifié par bernie50 le 06/01/2010 20:50
philae
 Posté le 08/01/2010 à 00:26 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

bonsoir,

je vais regarder le rapport, mais je m'interroge, si tu as norton ghost, pourquoi ne pas être revenu en arrière sur une image propre ?

Publicité
philae
 Posté le 08/01/2010 à 00:40 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

le rapport a l'air mieux maintenant

le pc se comporte comment ?

on n'a pas fait de scan en ligne il me semble, faudrait le faire

ESET on line

poste le rapport ici ensuite

bernie50
 Posté le 08/01/2010 à 16:29 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjour,

Ce qui est étonnant dans cas de figure c'est que le pc a toujours fonctionné sans ralentissement notable, à croire que les nouvelles générations de trojans se font plus discréte.

le scan eset est en cours dés qu'il est terminé , je poste le rapport.

philae
 Posté le 08/01/2010 à 16:39 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

bonjour,

oui effectivement c'est assez étrange, en général on ressent ralentissement et autres

bernie50
 Posté le 08/01/2010 à 17:09 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjour Philae,

Le compte infecté était en mode administrateur, je le modifierai en limité dés qu'il sera clean.

philae
 Posté le 08/01/2010 à 21:33 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

bonsoir

ok

pour le scan eset, il n'est tjs pas terminé ?

bernie50
 Posté le 09/01/2010 à 12:01 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjour,

Scan Eset R.A.S (rien à signaler) aucune infection trouvée.

Ps: a l'air d'être très performant cet antivirus Eset online.

philae
 Posté le 09/01/2010 à 12:21 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

bonjour,

pour la route, reposte un rapport RSIT

Tu n'as pas répondu à ma question concernant norton ghost....

@+

bernie50
 Posté le 09/01/2010 à 15:11 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Astucien

Bonjout,

Voici le dernier log de R.S.I.T

Logfile of random's system information tool 1.05 (written by random/random)
Run by bernard at 2010-01-09 15:07:59
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 29 GB (37%) free of 78 GB
Total RAM: 959 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:09:13, on 9/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\bernard\Bureau\Maintenance\RSIT.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\trend micro\bernard.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262433952687
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe

--
End of file - 6780 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1165262418.job
C:\WINDOWS\tasks\WebReg 20061203223043.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2009-02-23 2652056]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"hpqSRMon"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"Norton Ghost 9.0"=C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe [2004-08-02 1122304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2005-11-15 1204224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb13.exe [2004-11-24 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
[]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFavoritesMenu"=0
"NoSMMyPictures"=0
"NoStartMenuMyMusic"=0
"NoRecentDocsNetHood"=0
"NoUserNameInStartMenu"=1
"NoInstrumentation"=0
"NoStartMenuPinnedList"=0
"ForceStartMenuLogoff"=0
"NoSharedDocuments"=1
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFavoritesMenu"=
"NoSMMyPictures"=
"NoStartMenuMyMusic"=
"NoRecentDocsNetHood"=
"NoInstrumentation"=
"NoSimpleStartMenu"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Assistant Transfert de fichiers et de paramètres"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-01-08 15:04:49 ----D---- C:\Program Files\ESET
2010-01-07 20:16:56 ----SHD---- C:\RECYCLER
2010-01-06 18:32:32 ----A---- C:\ComboFix.txt
2010-01-06 18:12:41 ----D---- C:\WINDOWS\temp
2009-12-25 15:28:11 ----A---- C:\UsbFix.txt
2009-12-25 15:27:40 ----D---- C:\UsbFix
2009-12-25 13:57:29 ----D---- C:\WINDOWS\avxoscan
2009-12-24 18:45:37 ----D---- C:\Program Files\ZHPFix
2009-12-24 16:19:08 ----A---- C:\WINDOWS\system32\tmp.txt
2009-12-24 16:18:51 ----A---- C:\rapport.txt
2009-12-23 08:01:31 ----A---- C:\Boot.bak
2009-12-23 08:01:23 ----RASHD---- C:\cmdcons
2009-12-23 08:00:23 ----A---- C:\WINDOWS\zip.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\SWSC.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\SWREG.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\sed.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\PEV.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\MBR.exe
2009-12-23 08:00:23 ----A---- C:\WINDOWS\grep.exe
2009-12-23 07:59:27 ----D---- C:\Qoobox
2009-12-19 16:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-12 18:01:49 ----D---- C:\Documents and Settings\bernard\Application Data\Flickr
2009-12-11 17:35:08 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2009-12-11 17:04:25 ----D---- C:\Program Files\DVDFab 6

======List of files/folders modified in the last 1 months======

2010-01-09 15:08:43 ----D---- C:\Program Files\Trend Micro
2010-01-09 15:08:37 ----SHD---- C:\WINDOWS\Installer
2010-01-09 15:08:25 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-09 15:07:52 ----AD---- C:\WINDOWS
2010-01-09 15:06:28 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-08 15:17:48 ----D---- C:\Program Files\Mozilla Firefox
2010-01-08 15:04:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-08 15:04:49 ----D---- C:\Program Files
2010-01-07 20:06:43 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-06 18:32:35 ----D---- C:\WINDOWS\system32\drivers
2010-01-06 18:25:33 ----A---- C:\WINDOWS\system.ini
2010-01-06 18:13:02 ----D---- C:\WINDOWS\system32\config
2010-01-06 18:12:50 ----D---- C:\WINDOWS\ERDNT
2010-01-06 18:10:55 ----D---- C:\WINDOWS\system32
2010-01-06 18:10:55 ----D---- C:\WINDOWS\AppPatch
2010-01-06 18:10:50 ----D---- C:\Program Files\Fichiers communs
2010-01-06 14:47:58 ----D---- C:\Program Files\Internet Explorer
2010-01-02 13:06:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-31 17:32:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-31 14:40:48 ----D---- C:\Config.Msi
2009-12-31 14:37:44 ----D---- C:\Documents and Settings
2009-12-30 15:07:02 ----D---- C:\Documents and Settings\bernard\Application Data\QuickScan
2009-12-26 13:07:43 ----D---- C:\Documents and Settings\bernard\Application Data\HpUpdate
2009-12-25 14:25:10 ----D---- C:\Program Files\ZHPDiag
2009-12-24 18:17:05 ----SHD---- C:\System Volume Information
2009-12-24 18:17:05 ----D---- C:\WINDOWS\system32\Restore
2009-12-24 18:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-12-24 16:10:33 ----D---- C:\ToolBar SD
2009-12-24 16:10:33 ----A---- C:\TB.txt
2009-12-24 16:06:31 ----D---- C:\rsit
2009-12-23 15:05:42 ----D---- C:\WINDOWS\Debug
2009-12-23 08:01:31 ----RASH---- C:\boot.ini
2009-12-19 16:54:29 ----HD---- C:\WINDOWS\inf
2009-12-19 16:53:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-19 15:20:15 ----D---- C:\Zebprotect
2009-12-16 15:06:24 ----A---- C:\SecuScan.txt
2009-12-12 17:12:29 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-11 17:04:52 ----D---- C:\Documents and Settings\bernard\Application Data\Vso
2009-12-11 16:31:28 ----A---- C:\WINDOWS\Clony2.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\GearAspiWDM.sys [2008-01-29 16168]
R1 pctgntdi;pctgntdi; \??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 PQIMount;PQIMount; C:\WINDOWS\system32\drivers\PQIMount.sys [2004-08-02 46779]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2003-10-29 11264]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-11-12 215616]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys []
R2 RHDISK;RHDISK; \??\C:\Program Files\Rohos\RHDISK.SYS []
R2 rttfsfilt;R-TT FS Filter; C:\WINDOWS\system32\DRIVERS\rttfsfilt.sys [2004-11-19 27936]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-12-19 104512]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-09 1373120]
R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2009-12-11 47360]
R3 pctplfw;pctplfw; \??\C:\WINDOWS\system32\drivers\pctplfw.sys []
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SFilter;PCTools Driver; C:\WINDOWS\system32\DRIVERS\pctfw.sys [2008-09-22 97408]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2003-10-29 427776]
R3 SISNIC;Pilote de carte Fast Ethernet PCI SiS; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2002-06-10 28089]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 ffs;ffs; C:\WINDOWS\system32\drivers\ffs.sys []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-29 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-29 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-29 21568]
S3 MEMSWEEP2;MEMSWEEP2; C:\WINDOWS\system32\drivers\MEMSWEEP2.sys []
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MTK;Media Technology Kernel Driver; C:\WINDOWS\System32\Drivers\fide.sys [2004-12-19 14601]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 RimSerPort;RIM Virtual Serial Port; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2005-06-13 17920]
S3 RimUsb;Terminal mobile RIM; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-05 5888]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WINIO;WINIO; \??\C:\WINDOWS\TEMP\WinIo.sys []
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 XE104Sp50;XE104Sp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\XE104Sp50.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-09-08 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2005-03-03 54784]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperLite\DKService.exe [2002-10-16 176128]
R2 GEARSecurity;GEARSecurity; C:\WINDOWS\System32\GEARSec.exe [2004-08-02 53248]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe [2004-08-02 1269760]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2008-12-11 146800]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [2005-01-19 69632]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------

Pour Norton ghost (bien pratique ce logiciel) la dernière image date un peu et comme entretemps j'ai installé plusieurs logiciels.

philae
 Posté le 09/01/2010 à 16:27 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

bien oui quand on a un logiciel qui permet des images disques, on tâche d'en profiter et de l'utiliser, mainteannt les logiciels que tu as installés, tu peux aussi les réinstaller à moins qu'ils ne soient pas arrivés là d'une manière très......catholique, rien n'est impossible à refaire

as tu depuis le début de ce sujet utilisé une clé usb ou un support externe ?

Publicité
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]

Vous devez être connecté pour poster des messages. Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !


Sujets relatifs
ligne suspecte dans rapport HijackThis
Fixer une ligne dans Hijackthis : elle résiste !
Ligne dans analyse hijackthis
nouvelle ligne dans hijackthis
ligne 020 dans Hijackthis
Ligne 09 dans HijackThis
Log hijackthis de pascal pour examen [resolu]
Aide pour desinfection Ordinateur ( rapport hijackthis )
Conseils pour les achats en ligne en toute sécurité
Google Drive/Photo. synchroniser dossier pc et en ligne pour la suppression
Plus de sujets relatifs à 1 ligne bizarre dans Hijackthis - pour examen SVP
 > Tous les forums > Forum Sécurité