Se connecter / S'enregistrer
Votre question

Infection PC

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Février 2009 19:03:52

Bonjour à tous,

Depuis hier mon pc s'est fait infecté et je n'arrive pas à me débarrasser de la menace. J'ai des pop-up et des messages d'alerte du type "Warning!!! Your computer is infected!...".

Quelqu'un pourrait me filer un coup de main svp ?

Merci d'avance pour vos réponses.

Toms

Autres pages sur : infection

22 Février 2009 19:20:02

Voici le résultat du scan RIST :

Rapport LOG :

Spoiler
Logfile of random's system information tool 1.05 (written by random/random)
Run by Toms at 2009-02-22 18:57:09
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 50 GB (21%) free of 238 GB
Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:52, on 22/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Documents and Settings\Toms\Application Data\uninstall.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\x.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Toms\Bureau\RSIT.exe
C:\Program Files\trend micro\Toms.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\mlJBTjhH.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {94AB205C-18C6-4E03-98E5-1370A981A2F9} - C:\WINDOWS\system32\efcARhHY.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winupdate] C:\Documents and Settings\Toms\Application Data\uninstall.exe
O4 - HKLM\..\Run: [5cab08aa] rundll32.exe "C:\WINDOWS\system32\oetrmelq.dll",b
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [winupdate] C:\Documents and Settings\Toms\Application Data\uninstall.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1343024091-413027322-725345543-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-21-1343024091-413027322-725345543-1008\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Fichiers communs\Nero\Lib\NMFirstStart.exe" (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0....
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Co...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredet...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Unibet/FlashAX.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O20 - Winlogon Notify: mlJBTjhH - C:\WINDOWS\SYSTEM32\mlJBTjhH.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 13815 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}]
dsWebAllowBHO Class - C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 265432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\mlJBTjhH.dll [2009-02-22 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94AB205C-18C6-4E03-98E5-1370A981A2F9}]
C:\WINDOWS\system32\efcARhHY.dll [2009-02-22 237568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-22 136600]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
""= []
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-27 734264]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-09 13680640]
"nwiz"=nwiz.exe /install []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-09 86016]
"winupdate"=C:\Documents and Settings\Toms\Application Data\uninstall.exe [2009-02-21 24576]
"5cab08aa"=C:\WINDOWS\system32\oetrmelq.dll [2009-02-22 68608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"kava"=C:\WINDOWS\system32\kavo.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-11-23 203720]
"winupdate"=C:\Documents and Settings\Toms\Application Data\uninstall.exe [2009-02-21 24576]
"Power2GoExpress"=C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe /Startup []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Lancement rapide d'Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
Wireless Configuration Utility HW.14.lnk - C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe

C:\Documents and Settings\Toms\Menu Démarrer\Programmes\Démarrage
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlJBTjhH]
C:\WINDOWS\system32\mlJBTjhH.dll [2009-02-22 37376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 233472]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\mlJBTjhH.dll [2009-02-22 37376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\efcARhHY

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:D isabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:p nkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:p nkBstrB"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe"="C:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ada51f1-c5fd-11dc-b712-001d606d102c}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cdc4820-34e0-11dd-b78b-0014d142f8b1}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47322c1c-f302-11dd-b886-001cdf911245}]
shell\AutoRun\command - F:\
shell\explore\command - F:\RECYCLED\INFO.exe
shell\open\command - F:\RECYCLED\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7aad1346-8993-11dd-b7d1-001cdf911245}]
shell\AutoRun\command - J:\EmDesk.exe
shell\EmDesk\command - J:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dd81fa1-fb67-11dd-b8a2-001cdf911245}]
shell\AutoRun\command - E:\OblivionLauncher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d89e4fc8-c5ee-11dd-b83c-001cdf911245}]
shell\AutoRun\command - G:\
shell\explore\command - G:\RECYCLED\INFO.exe
shell\open\command - G:\RECYCLED\INFO.exe


======List of files/folders created in the last 1 months======

2009-02-22 18:57:15 ----D---- C:\Program Files\trend micro
2009-02-22 18:57:09 ----D---- C:\rsit
2009-02-22 12:33:51 ----SH---- C:\WINDOWS\system32\qlemrteo.ini
2009-02-22 12:33:48 ----A---- C:\WINDOWS\system32\oetrmelq.dll
2009-02-22 12:33:47 ----A---- C:\WINDOWS\system32\5788ccd4-.txt
2009-02-22 12:33:19 ----ASH---- C:\WINDOWS\system32\YHhRAcfe.ini2
2009-02-22 12:33:19 ----ASH---- C:\WINDOWS\system32\YHhRAcfe.ini
2009-02-22 12:33:17 ----A---- C:\WINDOWS\system32\efcARhHY.dll
2009-02-22 12:32:02 ----D---- C:\Documents and Settings\Toms\Application Data\CyberLink
2009-02-22 12:29:31 ----D---- C:\Program Files\CyberLink
2009-02-22 12:29:15 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-02-22 12:28:05 ----A---- C:\WINDOWS\system32\x5.exe
2009-02-22 12:28:00 ----A---- C:\WINDOWS\system32\mlJBTjhH.dll
2009-02-22 12:19:49 ----A---- C:\x.exe
2009-02-22 00:17:12 ----D---- C:\Documents and Settings\Toms\Application Data\vlc
2009-02-22 00:15:48 ----D---- C:\Program Files\VideoLAN
2009-02-21 23:40:55 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-02-21 23:37:29 ----A---- C:\Documents and Settings\Toms\Application Data\CyberLink_Power2Go6.exe
2009-02-21 23:37:27 ----A---- C:\Documents and Settings\Toms\Application Data\uninstall.exe
2009-02-21 23:14:41 ----D---- C:\Documents and Settings\All Users\Application Data\DVD X Studios
2009-02-20 16:28:34 ----A---- C:\WINDOWS\system32\CSVer.dll
2009-02-20 16:16:27 ----D---- C:\Program Files\ma-config.com
2009-02-20 16:16:27 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2009-02-15 16:10:08 ----D---- C:\Program Files\Lavalys
2009-02-15 14:53:13 ----D---- C:\WINDOWS\74224F8D4A1748169EDB7BB854DE532C.TMP
2009-02-15 14:31:53 ----D---- C:\Program Files\DAEMON Tools Pro
2009-02-12 01:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-02-05 15:27:09 ----D---- C:\Program Files\The Witcher Enhanced Edition
2009-02-01 12:20:51 ----D---- C:\Program Files\Everest Casino

======List of files/folders modified in the last 1 months======

2009-02-22 18:57:15 ----D---- C:\Program Files
2009-02-22 18:48:41 ----D---- C:\WINDOWS\system32
2009-02-22 17:59:23 ----D---- C:\WINDOWS\Temp
2009-02-22 17:35:18 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-22 16:17:36 ----D---- C:\Program Files\PokerStars
2009-02-22 16:15:39 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-22 14:02:10 ----D---- C:\Documents and Settings\Toms\Application Data\Microgaming
2009-02-22 14:00:26 ----D---- C:\Program Files\Everest Poker
2009-02-22 13:58:16 ----A---- C:\WINDOWS\RTacDbg.txt
2009-02-22 13:47:49 ----D---- C:\WINDOWS
2009-02-22 13:46:26 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-22 12:35:45 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-22 12:34:54 ----D---- C:\Program Files\Fichiers communs
2009-02-22 12:34:52 ----SHD---- C:\WINDOWS\Installer
2009-02-22 12:15:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-22 12:14:43 ----RASH---- C:\boot.ini
2009-02-22 03:04:11 ----D---- C:\Documents and Settings\Toms\Application Data\Azureus
2009-02-21 23:40:57 ----D---- C:\WINDOWS\Prefetch
2009-02-20 16:38:17 ----D---- C:\NVIDIA
2009-02-20 16:35:39 ----HD---- C:\WINDOWS\inf
2009-02-20 16:35:14 ----D---- C:\WINDOWS\Help
2009-02-20 16:35:13 ----D---- C:\WINDOWS\nview
2009-02-20 16:34:04 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-02-20 16:33:46 ----D---- C:\Program Files\AGEIA Technologies
2009-02-20 16:32:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-20 16:32:49 ----D---- C:\WINDOWS\system32\drivers
2009-02-20 16:32:41 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-20 16:28:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-20 16:16:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-15 15:24:31 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-02-15 14:54:05 ----D---- C:\WINDOWS\system32\DirectX
2009-02-15 14:53:54 ----RSD---- C:\WINDOWS\assembly
2009-02-15 14:52:54 ----D---- C:\Program Files\Ubisoft
2009-02-15 14:32:10 ----AC---- C:\WINDOWS\system32\BASSMOD.dll
2009-02-12 01:36:20 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-12 01:36:19 ----A---- C:\WINDOWS\imsins.BAK
2009-02-12 01:36:10 ----D---- C:\Program Files\Internet Explorer
2009-02-12 01:36:02 ----D---- C:\WINDOWS\ie7updates
2009-02-09 22:44:31 ----D---- C:\WINDOWS\Minidump
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwssr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrstr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsth.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrssl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrssk.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrspt.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrses.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrseng.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsel.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwrsar.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvvitvsr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrszht.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrstr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsth.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrssv.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrssl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrssk.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsru.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrspt.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrspl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsno.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsko.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsja.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsit.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrshu.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrshe.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrses.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrseng.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsel.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsde.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsda.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrscs.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvrsar.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvmoblsr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvmccssr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nview.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvgamesr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvdispsr.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcpluir.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-02-09 13:18:00 ----A---- C:\WINDOWS\system32\keystone.exe
2009-02-05 22:11:35 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-02-04 19:07:00 ----D---- C:\Documents and Settings\Toms\Application Data\U3
2009-02-04 00:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-28 11:25:59 ----D---- C:\Program Files\Azureus

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-04-14 21035]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-05 279712]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-05 25888]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\System32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-30 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-09 6307328]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 517632]
R3 TotRec7;Total Recorder WDM audio driver; C:\WINDOWS\system32\drivers\TotRec7.sys [2008-10-23 126472]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-27 61984]
S3 aafaxoqt;aafaxoqt; C:\WINDOWS\system32\drivers\aafaxoqt.sys []
S3 alb1tw10;alb1tw10; C:\WINDOWS\system32\drivers\alb1tw10.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys [2007-05-04 215040]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2008-06-03 72704]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-22 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-09 163908]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-02 66872]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-22 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-12-02 183112]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe [2008-12-03 72704]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------


Rapport INFO :

Spoiler
info.txt logfile of random's system information tool 1.05 2009-02-22 18:57:59

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3dk-mat-pack v.0905-->C:\Documents and Settings\Toms\Bureau\Uninstal.exe
3dk-mat-pack v.1005-->C:\Documents and Settings\Toms\Bureau\U3dkmpo5.exe
3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=040c
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Age of Empires III - The Asian Dynasties-->C:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\install.exe -runfromtemp -l0x040c
Age of Empires III - The WarChiefs-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Empires III-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{485775E8-AEB8-46BD-922B-242879E03DD5}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\WINDOWS\System32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\System32\Attansic\L1 x86 1969 1048 L1
Autodesk 3ds Max 8 Additional Maps and Materials-->MsiExec.exe /I{59D070F5-CCE6-418B-84A3-CCA63D75ED8A}
Autodesk 3ds Max 8 Architectural Materials-->MsiExec.exe /I{28FDF917-8750-4A54-9E05-D7798E699B47}
Autodesk 3ds Max 8 Reference Files-->MsiExec.exe /I{73C935A7-36C6-48B5-A32E-FD5BD96FD25C}
Autodesk 3ds Max 9 32-bit-->MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Brothers in Arms: Hell's Highway-->C:\Program Files\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\uninst.exe
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative DVD Audio Plugin for Audigy Series-->"C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Elys - Yuda The Elder Trainer-->MsiExec.exe /I{3EBDE066-429C-44BD-8640-09E104EB0E45}
EuroPoker (remove only)-->"C:\Program Files\EuroPoker\uninstall.exe"
Everest Casino (Remove Only)-->C:\Program Files\Everest Casino\cstart.exe /uninstall
Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall
EVEREST Ultimate Edition v5.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FBX Plugin 2006.08 for Max 9.0-->C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
GameTime+-->MsiExec.exe /I{8DFB3904-FBDB-4C2B-AC98-20EFDD37C83D}
Garmin City Navigator Europe NT 2008-->MsiExec.exe /X{EEC8205A-E3DE-4C00-B60C-48E3B9B58B13}
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x040c -removeonly
GTA San Andreas-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InterVideo WinDVD 5-->"C:\Program Files\InstallShield Installation Information\{1B399A41-C1D0-40A2-9E4F-095868EFAF01}\setup.exe" REMOVEALL
IZArc 3.81-->"C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.6.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1-->"C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{9F5DF7FC-3AF2-4502-9084-F62FC00A5A3F}
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
Oblivion - Construction Set-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23D683DD-93C6-48E6-B84E-78B57778F126}\setup.exe" -l0x9 -removeonly
Oblivion - Knights of the Nine-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
Oblivion mod manager 1.1.12-->"C:\Program Files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe"
Oblivion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\SETUP.EXE" -l0x40c -removeonly
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Poker 770-->"C:\Poker\Poker 770\_SetupCasino.exe" /uninstall
Poker Tracker Version 2.17.02-->"C:\Program Files\Poker Tracker V2\unins000.exe"
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:p okerStars
PokerTracker 3 (remove only)-->"C:\Program Files\PokerTracker 3\uninstall.exe"
PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c -removeonly
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly
Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
SQLite ODBC Driver (remove only)-->C:\Program Files\SQLite ODBC Driver\Uninstall.exe
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeLL me More-->"C:\TELL ME MORE NV\BIN\unsetup.exe" -file "C:\TELL ME MORE NV\unsetup.aui"
The Club-->"C:\Program Files\InstallShield Installation Information\{5695B707-C5A9-4EF4-9534-31A798683362}\setup.exe" -runfromtemp -l0x040c -removeonly
The Witcher Enhanced Edition-->"C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x040c -removeonly
Titan Poker-->"C:\Poker\Titan Poker\_SetupPoker.exe" /uninstall
Total Recorder 7.1-->"C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U
TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{C43421C0-0DCB-4F26-8A3B-BF16155F9879}
Unibet Poker-->C:\MICROG~1\Poker\UNIBET~1\UNIBET~1\UNWISE.EXE C:\MICROG~1\Poker\UNIBET~1\UNIBET~1\INSTALL.LOG
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Desktop Search -->"C:\WINDOWS\$NtUninstallKB911993-V2$\spuninst\spuninst.exe"
Windows Desktop Search Multilingual User Interface Pack -->"C:\WINDOWS\$NtUninstallKB916513$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Worms Armageddon - New Edition-->C:\WINDOWS\WANEUninstaller.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.255.255.255 serial.alcohol-soft.com

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090221-0]

System event log

Computer Name: THOMAS
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{56D814C1-B4F2-452F-897D-BF0270895CEA} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 8291
Source Name: Tcpip
Time Written: 20090130223714.000000+060
Event Type: Informations
User:

Computer Name: THOMAS
Event Code: 1003
Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 001CDF911245. Il s'est
produit l'erreur suivante :
L'opération a été annulée par l'utilisateur.
.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Record Number: 8290
Source Name: Dhcp
Time Written: 20090130223704.000000+060
Event Type: Avertissement
User:

Computer Name: THOMAS
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{56D814C1-B4F2-452F-897D-BF0270895CEA} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 8289
Source Name: Tcpip
Time Written: 20090130223704.000000+060
Event Type: Informations
User:

Computer Name: THOMAS
Event Code: 1003
Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 001CDF911245. Il s'est
produit l'erreur suivante :
L'opération a été annulée par l'utilisateur.
.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Record Number: 8288
Source Name: Dhcp
Time Written: 20090130223659.000000+060
Event Type: Avertissement
User:

Computer Name: THOMAS
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{56D814C1-B4F2-452F-897D-BF0270895CEA} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 8287
Source Name: Tcpip
Time Written: 20090130223659.000000+060
Event Type: Informations
User:

Application event log

Computer Name: THOMAS
Event Code: 0
Message: Server started and accepting connections


Record Number: 1378
Source Name: PostgreSQL
Time Written: 20081204182540.000000+060
Event Type: Informations
User:

Computer Name: THOMAS
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 1377
Source Name: SecurityCenter
Time Written: 20081204182539.000000+060
Event Type: Informations
User:

Computer Name: THOMAS
Event Code: 0
Message: 2008-12-04 18:25:38 CET LOG: loaded library "$libdir/plugins/plugin_debugger.dll"


Record Number: 1376
Source Name: PostgreSQL
Time Written: 20081204182538.000000+060
Event Type: Informations
User:

Computer Name: THOMAS
Event Code: 0
Message: Waiting for server startup...


Record Number: 1375
Source Name: PostgreSQL
Time Written: 20081204182538.000000+060
Event Type: Informations
User:

Computer Name: THOMAS
Event Code: 105
Message: The service was started.

Record Number: 1374
Source Name: PLFlash DeviceIoControl Service
Time Written: 20081204182538.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\Fichiers communs\Autodesk Shared\;C:\Program Files\Autodesk\Backburner\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------


Toms
m
0
l
a b 8 Sécurité
22 Février 2009 20:43:02

Bonjour,

Merci d'éviter les balises spoiler.

Sélectionne l'intégralité du cadre ci-dessous :

Driver::

File::

Folder::

Registry::



  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix.
  • Tu devras accepter la licence.

    Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

    Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
    m
    0
    l
    Contenus similaires
    22 Février 2009 21:18:54

    Bonsoir Angeldark, et merci beaucoup pour ton aide !

    Ci-dessous le rapport ComboFix.txt :

    ComboFix 09-02-21.01 - Toms 2009-02-22 21:04:25.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1436 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Toms\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\Toms\Bureau\CFScript.txt
    AV: avast! antivirus 4.8.1335 [VPS 090221-0] *On-access scanning disabled* (Updated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Toms\Application Data\CyberLink_Power2Go6.exe
    c:\documents and settings\Toms\Application Data\m\
    c:\windows\system32\efcARhHY.dll
    c:\windows\system32\mlJBTjhH.dll
    c:\windows\system32\oetrmelq.dll
    c:\windows\system32\qlemrteo.ini
    c:\windows\system32\YHhRAcfe.ini
    c:\windows\system32\YHhRAcfe.ini2
    C:\x.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-22 au 2009-02-22 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-22 20:50 . 2009-02-22 20:50 0 --a------ c:\windows\nsreg.dat
    2009-02-22 18:57 . 2009-02-22 18:57 <REP> d-------- C:\rsit
    2009-02-22 18:57 . 2009-02-22 18:57 <REP> d-------- c:\program files\trend micro
    2009-02-22 12:32 . 2009-02-22 12:32 <REP> d-------- c:\documents and settings\Toms\Application Data\CyberLink
    2009-02-22 12:29 . 2009-02-22 13:46 <REP> d-------- c:\program files\CyberLink
    2009-02-22 12:29 . 2009-02-22 12:28 29,480 --a------ c:\windows\system32\msxml3a.dll
    2009-02-22 12:28 . 2009-02-22 12:28 204,800 --a------ c:\windows\system32\x5.exe
    2009-02-22 00:17 . 2009-02-22 00:17 <REP> d-------- c:\documents and settings\Toms\Application Data\vlc
    2009-02-22 00:15 . 2009-02-22 00:15 <REP> d-------- c:\program files\VideoLAN
    2009-02-21 23:42 . 2009-02-21 23:42 5 --a------ C:\chkit
    2009-02-21 23:40 . 2009-02-21 23:40 <REP> d-------- c:\documents and settings\All Users\Application Data\CyberLink
    2009-02-21 23:37 . 2009-02-21 23:48 24,576 --a------ c:\documents and settings\Toms\Application Data\uninstall.exe
    2009-02-21 23:14 . 2009-02-21 23:14 <REP> d-------- c:\documents and settings\All Users\Application Data\DVD X Studios
    2009-02-21 23:14 . 2009-02-21 23:14 14 --a------ c:\windows\system32\SystemInfo32.sys
    2009-02-20 16:28 . 2008-12-04 09:31 53,248 --a------ c:\windows\system32\CSVer.dll
    2009-02-20 16:16 . 2009-02-20 16:16 <REP> d-------- c:\program files\ma-config.com
    2009-02-20 16:16 . 2009-02-20 16:16 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
    2009-02-15 16:10 . 2009-02-15 16:10 <REP> d-------- c:\program files\Lavalys
    2009-02-15 14:53 . 2009-02-15 14:53 <REP> d-------- c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
    2009-02-15 14:31 . 2009-02-15 14:47 <REP> d-------- c:\program files\DAEMON Tools Pro
    2009-02-09 22:13 . 2009-02-09 13:18 211,189 --a------ c:\windows\system32\nvapps.nvb
    2009-02-09 13:18 . 2009-02-09 13:18 401,408 --a------ c:\windows\system32\nvcuvid.dll
    2009-02-05 15:27 . 2009-02-05 15:47 <REP> d-------- c:\program files\The Witcher Enhanced Edition
    2009-02-01 12:20 . 2009-02-22 16:57 <REP> d-------- c:\program files\Everest Casino
    2009-01-22 18:58 . 2009-01-22 18:57 410,984 --a------ c:\windows\system32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-22 16:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-02-22 15:17 --------- d-----w c:\program files\PokerStars
    2009-02-22 13:02 --------- d-----w c:\documents and settings\Toms\Application Data\Microgaming
    2009-02-22 13:00 --------- d-----w c:\program files\Everest Poker
    2009-02-22 11:35 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-22 02:04 --------- d-----w c:\documents and settings\Toms\Application Data\Azureus
    2009-02-20 15:34 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2009-02-20 15:33 --------- d-----w c:\program files\AGEIA Technologies
    2009-02-15 13:52 --------- d-----w c:\program files\Ubisoft
    2009-02-09 12:18 6,307,328 ----a-w c:\windows\system32\drivers\nv4_mini.sys
    2009-02-05 14:44 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys
    2009-02-05 14:44 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys
    2009-02-04 18:07 --------- d-----w c:\documents and settings\Toms\Application Data\U3
    2009-01-28 10:25 --------- d-----w c:\program files\Azureus
    2009-01-22 17:57 --------- d-----w c:\program files\Java
    2009-01-18 11:31 --------- d-----w c:\program files\EA Games
    2009-01-13 17:24 --------- d-----w c:\documents and settings\Toms\Application Data\Uniblue
    2009-01-03 11:50 --------- d-----w c:\documents and settings\Toms\Application Data\Apple Computer
    2009-01-03 11:49 --------- d-----w c:\program files\QuickTime
    2009-01-03 11:49 --------- d-----w c:\program files\Bonjour
    2009-01-03 11:49 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
    2009-01-03 11:48 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
    2008-05-08 09:53 22,328 -c--a-w c:\documents and settings\Toms\Application Data\PnkBstrK.sys
    2008-04-15 15:46 1 -c--a-w c:\documents and settings\Toms\SI.bin
    2008-09-07 13:40 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090720080908\index.dat
    .

    ------- Sigcheck -------

    2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
    2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 c:\windows\$NtServicePackUninstall$\explorer.exe
    2004-08-20 00:09 1036288 2a7bd330924252a2fd80344fc949bb72 c:\windows\$NtUninstallKB938828$\explorer.exe
    2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-22 136600]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
    "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 c:\windows\RTHDCPL.exe]
    "nwiz"="nwiz.exe" [2009-02-09 c:\windows\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Toms\Menu D‚marrer\Programmes\D‚marrage\
    RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
    TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
    UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
    Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-19 184320]
    Lancement rapide d'Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2008-05-22 25214]
    Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 257752]
    Wireless Configuration Utility HW.14.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2007-07-09 634880]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"= DrvTrNTm.dll
    "wave"= DrvTrNTm.dll
    "msacm.l3codecp"= l3codecp.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
    "c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-05 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-05 20560]
    R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008-01-18 38656]
    R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2008-07-29 517632]
    R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-10-25 126472]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]
    S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2008-04-14 215040]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    \Shell\AutoRun\command - H:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ada51f1-c5fd-11dc-b712-001d606d102c}]
    \Shell\AutoRun\command - G:\LaunchU3.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cdc4820-34e0-11dd-b78b-0014d142f8b1}]
    \Shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7aad1346-8993-11dd-b7d1-001cdf911245}]
    \Shell\AutoRun\command - J:\EmDesk.exe
    \Shell\EmDesk\command - J:\EmDesk.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8dd81fa1-fb67-11dd-b8a2-001cdf911245}]
    \Shell\AutoRun\command - E:\OblivionLauncher.exe
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{BA73C439-6044-4B1A-95E7-451532457107} - c:\windows\system32\efcARhHY.dll
    HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
    HKCU-Run-Power2GoExpress - c:\program files\CyberLink\Power2Go\Power2GoExpress.exe


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/ig
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: Convertir en Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir en un fichier PDF existant - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_1_0.cab
    DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
    FF - ProfilePath - c:\documents and settings\Toms\Application Data\Mozilla\Firefox\Profiles\ds0p3ura.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-22 21:08:47
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1343024091-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *L*e*s* *g*u*e*r*r*e*s* *d*u* *T*i*b*e*r*i*u*m*"!\Assistance]
    "Order"=hex:08,00,00,00,02,00,00,00,ce,02,00,00,01,00,00,00,04,00,00,00,92,00,
    00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\

    [HKEY_USERS\S-1-5-21-1343024091-413027322-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:4d,b5,e1,56,61,92,1d,98,45,e8,33,7a,04,6a,4f,cb,cd,c5,ea,92,09,49,bb,
    44,38,75,ef,63,bc,ec,5d,02,e2,60,04,c2,72,3f,f2,17,a6,6e,e5,f9,58,e2,ea,0c,\
    "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

    [HKEY_USERS\S-1-5-21-1343024091-413027322-725345543-1003\Software\SecuROM\License information*]
    "datasecu"=hex:89,a5,ec,c3,f0,2d,2c,e2,c4,78,69,2e,5b,9f,66,b6,55,30,62,a9,f1,
    30,96,a5,97,7d,c5,8d,f9,b8,27,91,bd,d3,d1,d7,83,6e,6e,e0,e8,de,f2,29,d3,6a,\
    "rkeysecu"=hex:31,49,d7,e2,10,45,57,43,89,4a,3c,f3,9d,df,44,c6

    [HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'lsass.exe'(980)
    c:\windows\system32\scecli.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\IoctlSvc.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\program files\PostgreSQL\8.3\bin\postgres.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
    c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-02-22 21:13:59 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-02-22 20:13:57

    Avant-CF: 53 437 321 216 octets libres
    Après-CF: 54,236,303,360 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

    Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
    257 --- E O F --- 2009-02-12 00:37:39


    Toms
    m
    0
    l
    a b 8 Sécurité
    23 Février 2009 13:01:47

    Tu auras certainement remarqué que je me suis trompé dans la procédure, mais enfin, tu t'en es sorti :D 
    Refais un quand même un scan combofix juste en double-cliquant dessus.
    m
    0
    l
    24 Février 2009 19:08:38

    Salut,

    J'ai fait un nouveau scan. Et combofix a suprimé un autre fichier, qui avait été déjà suprimé au préxédent scan "m" bizard...

    Mais le problème a l'air d'être résolu ! [:187] [:187] [:187]

    Merci
    m
    0
    l
    a b 8 Sécurité
    24 Février 2009 21:02:31

    Ok si tu le dis :D 
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS