Se connecter / S'enregistrer
Votre question

[Résolu]PB Zapchast (Trojan) : a.bat

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Novembre 2008 13:30:58

Bonjour,

j'ai moi aussi le problème avec ce fichier a.bat... qui se recrée à chaque démarrage de windows.

Voici le rapport Hijackthis en mode normal :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:32, on 24/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
D:\Jeux\Steam\Steam.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\Explorer.EXE
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\winnt32.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 11142 bytes





Et le rapport Hijackthis effectué en mode sans échec :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21:06, on 24/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9119 bytes

Quelqu'un a une idée ? :) 
Merci d'avance pour votre aide, bonne journée !

Autres pages sur : resolu zapchast trojan bat

a c 275 8 Sécurité
a b 9 Windows
24 Novembre 2008 13:45:23

Salut,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparait à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : Les rapports sont sauvegardés dans le dossier C:\rsit
    24 Novembre 2008 13:52:28

    Salut,

    voila info.txt :

    info.txt logfile of random's system information tool 1.04 2008-11-24 13:50:16

    ======Uninstall list======

    -->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
    32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
    Acronis Disk Director Suite 10 build 2160-->C:\Program Files\Acronis Disk Director Suite 10 build 2160\Uninstal.exe
    Acronis Disk Director Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
    Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
    Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
    adsl TV-->C:\Program Files\adslTV\Uninstal.exe
    AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
    Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
    Avira AntiVir Personal – Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
    Bink and Smacker-->C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
    Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
    Counter-Strike-->"D:\Jeux\Steam\steam.exe" steam://uninstall/10
    DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
    ESU for Microsoft Vista-->MsiExec.exe /I{AD3FDC40-BCF4-476D-A2D6-C4B154DD9DF5}
    EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
    FileZilla Client 3.1.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
    Fraps (remove only)-->"C:\Fraps\uninstall.exe"
    Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
    FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
    Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly
    Garry's Mod-->"D:\Jeux\Steam\steam.exe" steam://uninstall/4000
    Giants-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97370293-96EC-11D4-9DEF-00104B70C5FB}\setup.exe"
    GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
    Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
    Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
    Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
    Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
    HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
    HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
    HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
    HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
    HP Imaging Device Functions 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP Photosmart All-In-One Software 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
    HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
    HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst
    HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
    HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
    HP Solution Center 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
    HP User Guides 0088-->MsiExec.exe /I{8347A7A5-4AB8-433F-82AA-496B0D189A9B}
    HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
    HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
    ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
    Intel(R) Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
    iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
    Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
    Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
    Launchy 2.1.2-->"C:\Program Files\Launchy\unins000.exe"
    Left 4 Dead-->"D:\Jeux\Steam\steam.exe" steam://uninstall/500
    Ma-Config.com-->MsiExec.exe /X{DD987A54-122B-4CFD-A8C5-5577027A6B78}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
    Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSCU for Microsoft Vista-->MsiExec.exe /I{E87F5651-CE15-493F-AE99-3B670E25A54E}
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
    Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
    nLite 1.4.9.1-->"C:\Program Files\nLite\unins000.exe"
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    On2 VP7 Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
    Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
    Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
    PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
    PVK-->D:\Jeux\Counter-Strike 1.6 + Half-Life\pvk\uninstall.exe
    Quake III Arena Point Release 1.32-->C:\Windows\unvise32.exe d:\jeux\q3\uninstal5.log
    Quake III Arena-->C:\Windows\IsUninst.exe -fd:\jeux\q3\QIII.isu
    QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
    Rocket Arena 3 1.76 (remove only)-->"D:\Jeux\Q3\arena\uninstall.exe"
    Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Team Fortress 2-->"D:\Jeux\Steam\steam.exe" steam://uninstall/440
    TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
    VistaBootPRO 3.3-->MsiExec.exe /I{6C9FA746-8759-4040-A436-42922CB3492E}
    Warkeys 1.8.1.0b-->C:\Program Files\Warkeys\uninst.exe
    WC3Banlist-->"C:\Program Files\WC3Banlist\unins000.exe"
    Windows Live Bêta (tous les programmes)-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Windows Live Bêta (tous les programmes)-->MsiExec.exe /I{9C4AB6FB-43CD-4ADF-8B59-6C52A6B74324}
    Windows Live Call-->MsiExec.exe /I{868EC13B-52DA-43B9-8C05-50CD897674DF}
    Windows Live Messenger-->MsiExec.exe /X{F72F8316-91E8-4C80-9E39-EBE933E1EDFB}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe

    ======Security center information======

    AV: Avira AntiVir PersonalEdition
    AS: Windows Defender

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;C:\Program Files\QuickTime\QTSystem\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=1706
    "NUMBER_OF_PROCESSORS"=2
    "PLATFORM"=MCD
    "PCBRAND"=Pavilion
    "OnlineServices"=Services en ligne
    "USERPART"=F:
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

    -----------------EOF-----------------



    et log.txt :

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Shiv at 2008-11-24 13:50:14
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 18 GB (34%) free of 54 GB
    Total RAM: 3070 MB (62% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:50:15, on 24/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hp\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    D:\Jeux\Steam\Steam.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Launchy\Launchy.exe
    C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Windows\Explorer.EXE
    C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\winnt32.exe
    C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
    C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shiv\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Shiv.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 11423 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\GoogleUpdateTaskUser.job
    C:\Windows\tasks\User_Feed_Synchronization-{122E98E7-B0DB-4DBC-AEBA-1C3CCD2AAC49}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-05 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-05 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
    "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208]
    "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-09-12 182808]
    "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]
    "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
    "OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
    "HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
    "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
    "WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-05 144792]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-02-12 262401]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
    "HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-02-27 13515296]
    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-02-27 92704]
    "Windows NT Service"=C:\Windows\system32\winnt32.exe [2008-01-19 1272320]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-09-08 3513344]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
    "Steam"=d:\jeux\steam\steam.exe [2008-10-11 1410296]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
    "Google Update"=C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 133104]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

    C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    My_AutoWarkey_Script.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    Warkeys Update.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableLUA"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B:*:Enabled:Windows NT Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a94c31c0-7b58-11dd-a01b-001e685f61ec}]
    shell\AutoRun\command - I:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a94c31da-7b58-11dd-a01b-001e685f61ec}]
    shell\AutoRun\command - wd_windows_tools\WDSetup.exe


    ======List of files/folders created in the last 1 months======

    2008-11-24 13:50:14 ----D---- C:\rsit
    2008-11-24 13:18:18 ----D---- C:\Program Files\CCleaner
    2008-11-24 13:12:36 ----D---- C:\Program Files\Trend Micro
    2008-11-24 12:55:30 ----D---- C:\VundoFix Backups
    2008-11-24 12:55:30 ----A---- C:\VundoFix.txt
    2008-11-21 16:33:23 ----A---- C:\Windows\system32\PnkBstrA.exe
    2008-11-21 16:33:14 ----A---- C:\Windows\system32\PnkBstrB.exe
    2008-11-21 16:31:43 ----A---- C:\Windows\system32\paul.dll
    2008-11-21 16:29:47 ----D---- C:\Users\Shiv\AppData\Roaming\Leadertech
    2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvexpbar.dll
    2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcpluir.dll
    2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcplui.exe
    2008-11-20 21:30:51 ----D---- C:\NVIDIA
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wups2.dll
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wucltux.dll
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuaueng.dll
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuauclt.exe
    2008-11-20 09:15:04 ----A---- C:\Windows\system32\wups.dll
    2008-11-20 09:15:04 ----A---- C:\Windows\system32\wudriver.dll
    2008-11-20 09:15:04 ----A---- C:\Windows\system32\wuapi.dll
    2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuwebv.dll
    2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuapp.exe
    2008-11-11 22:57:19 ----A---- C:\Windows\system32\msxml3.dll
    2008-11-11 22:57:09 ----A---- C:\Windows\system32\msxml6.dll
    2008-11-10 15:15:05 ----A---- C:\Windows\system32\XMLConfig_SYSID.ini
    2008-11-09 15:46:58 ----RHD---- C:\Users\Shiv\AppData\Roaming\SecuROM
    2008-11-09 15:46:56 ----A---- C:\Windows\system32\CmdLineExt.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAudio2_2.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAPOFX1_1.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\xactengine3_2.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\d3dx10_39.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\D3DCompiler_39.dll
    2008-11-09 15:37:26 ----A---- C:\Windows\system32\D3DX9_39.dll
    2008-11-09 15:36:51 ----A---- C:\Windows\system32\wrap_oal.dll
    2008-11-09 15:36:51 ----A---- C:\Windows\system32\OpenAL32.dll
    2008-11-09 15:21:27 ----D---- C:\Windows\system32\AGEIA
    2008-11-09 15:21:26 ----D---- C:\Program Files\AGEIA Technologies
    2008-11-09 15:21:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAudio2_3.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAPOFX1_2.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\xactengine3_3.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DX9_40.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\d3dx10_40.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DCompiler_40.dll
    2008-11-08 19:19:52 ----A---- C:\Windows\system32\X3DAudio1_5.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAudio2_1.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAPOFX1_0.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\xactengine3_1.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\X3DAudio1_4.dll
    2008-11-08 19:19:50 ----A---- C:\Windows\system32\d3dx10_38.dll
    2008-11-08 19:19:50 ----A---- C:\Windows\system32\D3DCompiler_38.dll
    2008-11-08 19:19:49 ----A---- C:\Windows\system32\XAudio2_0.dll
    2008-11-08 19:19:49 ----A---- C:\Windows\system32\xactengine3_0.dll
    2008-11-08 19:19:49 ----A---- C:\Windows\system32\D3DX9_38.dll
    2008-11-08 19:19:48 ----A---- C:\Windows\system32\X3DAudio1_3.dll
    2008-11-08 19:19:48 ----A---- C:\Windows\system32\d3dx10_37.dll
    2008-11-08 19:19:48 ----A---- C:\Windows\system32\D3DCompiler_37.dll
    2008-11-08 19:19:46 ----A---- C:\Windows\system32\xactengine2_10.dll
    2008-11-08 19:19:46 ----A---- C:\Windows\system32\D3DX9_37.dll
    2008-11-08 19:19:45 ----A---- C:\Windows\system32\d3dx10_36.dll
    2008-11-08 19:19:45 ----A---- C:\Windows\system32\D3DCompiler_36.dll
    2008-11-08 19:19:44 ----A---- C:\Windows\system32\xactengine2_9.dll
    2008-11-08 19:19:44 ----A---- C:\Windows\system32\d3dx9_36.dll
    2008-11-08 19:19:42 ----A---- C:\Windows\system32\d3dx10_35.dll
    2008-11-08 19:19:42 ----A---- C:\Windows\system32\D3DCompiler_35.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\xactengine2_8.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\X3DAudio1_2.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx9_35.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx10_34.dll
    2008-11-08 19:19:40 ----A---- C:\Windows\system32\d3dx9_34.dll
    2008-11-08 19:19:40 ----A---- C:\Windows\system32\D3DCompiler_34.dll
    2008-11-08 19:19:39 ----A---- C:\Windows\system32\xinput1_3.dll
    2008-11-08 19:19:39 ----A---- C:\Windows\system32\xactengine2_7.dll
    2008-11-08 19:19:38 ----A---- C:\Windows\system32\d3dx10_33.dll
    2008-11-08 19:19:38 ----A---- C:\Windows\system32\D3DCompiler_33.dll
    2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_6.dll
    2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_5.dll
    2008-11-08 19:19:37 ----A---- C:\Windows\system32\d3dx9_33.dll
    2008-11-08 19:19:36 ----A---- C:\Windows\system32\d3dx10.dll
    2008-11-08 19:19:35 ----A---- C:\Windows\system32\xactengine2_4.dll
    2008-11-08 19:19:35 ----A---- C:\Windows\system32\x3daudio1_1.dll
    2008-11-08 19:19:35 ----A---- C:\Windows\system32\d3dx9_32.dll
    2008-11-08 19:19:34 ----A---- C:\Windows\system32\xinput1_2.dll
    2008-11-08 19:19:34 ----A---- C:\Windows\system32\xactengine2_3.dll
    2008-11-08 19:19:34 ----A---- C:\Windows\system32\d3dx9_31.dll
    2008-11-08 19:19:33 ----A---- C:\Windows\system32\xinput1_1.dll
    2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_2.dll
    2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_1.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\xactengine2_0.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\x3daudio1_0.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_30.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_29.dll
    2008-11-08 19:19:26 ----A---- C:\Windows\system32\d3dx9_28.dll
    2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_27.dll
    2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_26.dll
    2008-11-08 19:19:24 ----A---- C:\Windows\system32\d3dx9_25.dll
    2008-11-08 19:19:22 ----A---- C:\Windows\system32\d3dx9_24.dll
    2008-11-08 11:22:40 ----D---- C:\Program Files\Lavalys
    2008-11-08 10:24:29 ----D---- C:\ProgramData\ma-config.com
    2008-11-08 10:24:29 ----D---- C:\Program Files\ma-config.com
    2008-11-07 21:31:44 ----SH---- C:\boot.ini
    2008-11-07 18:44:15 ----A---- C:\Windows\system32\AutoPartNt.exe
    2008-11-07 18:43:34 ----D---- C:\ProgramData\Acronis
    2008-11-07 18:28:42 ----D---- C:\Program Files\Acronis
    2008-11-07 18:28:41 ----D---- C:\Program Files\Common Files\Acronis
    2008-11-07 18:26:58 ----D---- C:\Program Files\Acronis Disk Director Suite 10 build 2160
    2008-11-07 17:21:37 ----D---- C:\Program Files\OurToolbar
    2008-11-07 14:24:24 ----D---- C:\Program Files\WinImage
    2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCRTD.DLL
    2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCP60D.DLL
    2008-11-05 21:04:40 ----A---- C:\Windows\system32\WMAFile.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\TABCTFR.DLL
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\MSCMCFR.DLL
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudPlayer.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioVisu.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioRecord.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioInfos.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudFile.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDisplay.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDesign.dll
    2008-11-05 21:04:38 ----D---- C:\Program Files\Free Audio Pack
    2008-11-05 21:04:38 ----A---- C:\Windows\system32\msvcr70.dll
    2008-11-05 21:04:38 ----A---- C:\Windows\system32\lame_enc.dll
    2008-11-05 05:33:51 ----A---- C:\Windows\system32\EncDec.dll
    2008-11-05 05:33:50 ----A---- C:\Windows\system32\psisdecd.dll
    2008-11-03 15:50:54 ----D---- C:\Intel
    2008-11-03 15:50:49 ----D---- C:\Users\Shiv\AppData\Roaming\InstallShield
    2008-11-03 15:44:23 ----D---- C:\Windows\Minidump
    2008-10-29 08:35:08 ----A---- C:\Windows\system32\win32spl.dll
    2008-10-29 08:35:08 ----A---- C:\Windows\system32\wersvc.dll
    2008-10-29 08:35:08 ----A---- C:\Windows\system32\Faultrep.dll
    2008-10-27 17:45:30 ----D---- C:\Program Files\On2 Technologies
    2008-10-27 17:45:30 ----A---- C:\Windows\system32\vp7vfw.dll
    2008-10-25 13:31:41 ----D---- C:\Users\Shiv\AppData\Roaming\FrostWire
    2008-10-25 13:31:36 ----D---- C:\Program Files\FrostWire

    ======List of files/folders modified in the last 1 months======

    2008-11-24 13:50:15 ----D---- C:\Windows\Prefetch
    2008-11-24 13:50:07 ----D---- C:\Windows\Temp
    2008-11-24 13:37:19 ----D---- C:\Users\Shiv\AppData\Roaming\Skype
    2008-11-24 13:36:55 ----SHD---- C:\System Volume Information
    2008-11-24 13:29:11 ----D---- C:\Windows\System32
    2008-11-24 13:29:10 ----D---- C:\Windows\inf
    2008-11-24 13:29:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2008-11-24 13:24:59 ----D---- C:\Windows
    2008-11-24 13:20:02 ----D---- C:\Windows\Debug
    2008-11-24 13:18:18 ----RD---- C:\Program Files
    2008-11-24 12:45:42 ----D---- C:\Users\Shiv\AppData\Roaming\skypePM
    2008-11-24 12:43:32 ----HD---- C:\Config.Msi
    2008-11-24 12:41:53 ----D---- C:\Users\Shiv\AppData\Roaming\uTorrent
    2008-11-23 23:25:31 ----D---- C:\Program Files\Mozilla Firefox
    2008-11-23 15:57:09 ----SHD---- C:\Windows\Installer
    2008-11-23 15:56:25 ----D---- C:\ProgramData\Adobe
    2008-11-23 15:56:18 ----D---- C:\Program Files\Common Files\Adobe
    2008-11-23 15:56:17 ----D---- C:\Program Files\Adobe
    2008-11-23 15:56:09 ----D---- C:\Windows\winsxs
    2008-11-22 20:29:12 ----D---- C:\Users\Shiv\AppData\Roaming\Hamachi
    2008-11-22 20:18:52 ----D---- C:\Users\Shiv\AppData\Roaming\teamspeak2
    2008-11-22 15:10:15 ----D---- C:\Program Files\Common Files\Steam
    2008-11-21 16:33:21 ----D---- C:\Windows\system32\drivers
    2008-11-21 16:29:37 ----D---- C:\Windows\system32\LogFiles
    2008-11-21 16:22:53 ----RSD---- C:\Windows\assembly
    2008-11-20 23:20:58 ----D---- C:\ProgramData\NVIDIA
    2008-11-20 23:20:33 ----HD---- C:\ProgramData
    2008-11-20 23:17:02 ----D---- C:\Windows\system32\catroot
    2008-11-20 23:17:01 ----D---- C:\Windows\system32\catroot2
    2008-11-20 23:15:54 ----D---- C:\SWSETUP
    2008-11-20 22:03:18 ----D---- C:\Windows\rescache
    2008-11-20 21:42:41 ----D---- C:\Windows\Help
    2008-11-20 21:28:13 ----D---- C:\Windows\system32\fr-FR
    2008-11-20 10:09:29 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-11-19 22:14:17 ----D---- C:\Windows\Tasks
    2008-11-17 21:40:59 ----D---- C:\Program Files\Full Tilt Poker
    2008-11-12 18:16:27 ----SD---- C:\Users\Shiv\AppData\Roaming\Microsoft
    2008-11-12 14:08:34 ----N---- C:\Windows\win.ini
    2008-11-09 15:21:19 ----D---- C:\Program Files\Common Files
    2008-11-07 19:08:09 ----D---- C:\Windows\Logs
    2008-11-07 16:36:53 ----SD---- C:\ProgramData\Microsoft
    2008-11-07 16:23:27 ----D---- C:\Program Files\nLite
    2008-11-07 16:21:40 ----D---- C:\XPiso
    2008-11-06 10:59:36 ----D---- C:\Program Files\Microsoft Office
    2008-11-05 10:46:38 ----D---- C:\Windows\Microsoft.NET
    2008-11-05 10:21:12 ----D---- C:\Windows\ehome
    2008-11-04 01:10:25 ----A---- C:\Windows\system32\mrt.exe
    2008-10-25 15:29:10 ----D---- C:\Users\Shiv\AppData\Roaming\Apple Computer

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
    R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-03-04 79424]
    R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
    R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-02-18 49472]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-10-11 25280]
    R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
    R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552]
    R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-02-27 7602688]
    R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 98816]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
    R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-17 983936]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
    R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
    S3 asg1xfbp;asg1xfbp; C:\Windows\system32\drivers\asg1xfbp.sys []
    S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
    S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
    S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
    S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-11-02 15360]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
    S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
    S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
    S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
    S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2005-08-02 32512]
    S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
    S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
    S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-03-07 68865]
    R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-03-26 147201]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
    R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-09-12 354840]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-02-27 49152]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-11-21 66872]
    R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760]
    R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
    R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
    R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-11-22 104944]
    S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
    S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-02 195752]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]

    -----------------EOF-----------------

    En espérant que ça aide !
    Contenus similaires
    a c 275 8 Sécurité
    a b 9 Windows
    24 Novembre 2008 14:02:22

  • Désactive l'UAC le temps de la désinfection.

  • Télécharge UsbFix (de Chiquitine29) sur ton Bureau.
  • Lance l'installation avec les paramètres par défaut.
  • Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Clique droit sur le raccourci UsbFix situé sur ton Bureau et choisis Exécuter en tant qu'administrateur.
  • Choisis l'option 1 (Nettoyage).
  • Le PC va redémarrer.
  • Après redémarrage, poste le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
    24 Novembre 2008 14:17:35

    Voici le rapport :



    -------------- UsbFix V2.413 ---------------

    * User : Shiv - PC-DE-SHIV
    * Outils mis a jours le 23/11/2008 par Chiquitine29 et Chimay8
    * Recherche effectuée à 14:13:28 le 24/11/2008
    * Windows Vista - Internet Explorer 7.0.6001.18000


    --------------- [ Processus actifs ] ----------------


    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Users\Shiv\AppData\Local\Temp\95D8.tmp\b2e.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\PresentationSettings.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

    --------------- [ Informations lecteurs ] ----------------

    C: - Lecteur fixe
    D: - Lecteur fixe
    E: - Lecteur fixe
    G: - Lecteur fixe
    H: - Lecteur fixe
    J: - Lecteur fixe
    K: - Lecteur amovible

    --------------- [ Lecteur C ] ----------------

    C: - Lecteur fixe

    +- Listing des fichiers présents :

    [27/11/2007 00:48][--a------] C:\autoexec.bat
    [04/08/2004 12:00][-rahs----] C:\NTDETECT.COM
    [07/11/2008 21:35][---hs----] C:\boot.ini
    [24/11/2008 14:13][--a------] C:\UsbFix.txt
    [24/11/2008 14:13][--a------] C:\VundoFix.txt
    [18/09/2006 22:43][--a------] C:\config.sys
    [18/09/2006 22:43][--a------] C:\hiberfil.sys
    [18/09/2006 22:43][--a------] C:\IO.SYS
    [18/09/2006 22:43][--a------] C:\MSDOS.SYS
    [18/09/2006 22:43][--a------] C:\pagefile.sys

    --------------- [ Lecteur D ] ----------------

    D: - Lecteur fixe

    +- Listing des fichiers présents :


    --------------- [ Lecteur E ] ----------------

    E: - Lecteur fixe

    +- Listing des fichiers présents :

    [06/09/2008 12:19][---hs----] E:\Desktop.ini
    [10/09/2002 17:14][---hs----] E:\Folder.htt

    --------------- [ Lecteur G ] ----------------

    G: - Lecteur fixe

    +- Listing des fichiers présents :


    --------------- [ Lecteur H ] ----------------

    H: - Lecteur fixe

    +- Listing des fichiers présents :

    [07/11/2008 21:45][--ahs----] H:\pagefile.sys

    --------------- [ Lecteur J ] ----------------

    J: - Lecteur fixe

    +- Listing des fichiers présents :


    --------------- [ Lecteur K ] ----------------

    K: - Lecteur amovible

    +- Listing des fichiers présents :

    [07/11/2008 21:43][--a------] K:\dotnetfx.exe
    [07/11/2008 21:43][--a------] K:\VistaBootPRO_3.3.0.exe
    [07/11/2008 21:43][--a------] K:\everest-ultimate_everest_ultimate_4.60_anglais_12281.exe
    [07/11/2008 21:43][--a------] K:\sp33411(2).exe
    [07/11/2008 21:43][--a------] K:\Sacred2-UK-2_10_0_0-2_12_0_0.exe

    --------------- [ Registre / Startup ] ----------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

    Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    ehTray.exe=C:\Windows\ehome\ehTray.exe
    Steam="d:\jeux\steam\steam.exe" -silent
    DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    Google Update="C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

    SynTPStart=C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    SMSERIAL=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    RtHDVCpl=RtHDVCpl.exe
    IAAnotif=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    QPService="C:\Program Files\HP\QuickPlay\QPService.exe"
    QlbCtrl=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    OnScreenDisplay=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
    HP Health Check Scheduler=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    hpWirelessAssistant=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    WAWifiMessage=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
    avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    HP Software Update=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    AppleSyncNotifier=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
    NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    Windows NT Service=winnt32.exe
    Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
    NoChange=1
    Installed=1
    <NO NAME>=
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
    Installed=1
    <NO NAME>=

    --------------- [ Registre / Mountpoint2 ] ----------------

    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a94c31c0-7b58-11dd-a01b-001e685f61ec}\Shell\AutoRun\command
    Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a94c31da-7b58-11dd-a01b-001e685f61ec}\Shell\AutoRun\command

    --------------- [ Nettoyage des disques ] ----------------

    Supprimé ! - [20/09/2007 21:05][--a------] C:\Windows\system32\autorun.inf
    Supprimé ! - [10/09/2002 17:14][---hs----] E:\Folder.htt

    --------------- [ Resumé ] ----------------

    -> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

    [27/11/2007 00:48][--a------] C:\autoexec.bat
    [04/08/2004 12:00][-rahs----] C:\NTDETECT.COM
    [07/11/2008 21:35][---hs----] C:\boot.ini
    [06/09/2008 12:19][---hs----] E:\Desktop.ini
    [07/11/2008 21:43][--a------] K:\dotnetfx.exe
    [07/11/2008 21:43][--a------] K:\VistaBootPRO_3.3.0.exe
    [07/11/2008 21:43][--a------] K:\everest-ultimate_everest_ultimate_4.60_anglais_12281.exe
    [07/11/2008 21:43][--a------] K:\sp33411(2).exe
    [07/11/2008 21:43][--a------] K:\Sacred2-UK-2_10_0_0-2_12_0_0.exe

    --------------- ! Fin du rapport ! ----------------



    Par contre suite au redémarrage, j'ai des processus qui n'ont pas démarrés automatiquement : antivir, skype, steam etc.. c'est normal ?

    En tout cas, le fichier a.bat n'est plus présent, ça m'a tout l'air d'être réglé ! Et pas de pop up de mon antivirus.
    a c 275 8 Sécurité
    a b 9 Windows
    24 Novembre 2008 15:05:59

    Citation :
    Par contre suite au redémarrage, j'ai des processus qui n'ont pas démarrés automatiquement : antivir, skype, steam etc.. c'est normal ?

    ---> Si tu redémarres encore, je pense qu'ils reviendront.

  • Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) sur ton Bureau.
  • Clique droit sur SmitfraudFix.exe et choisis Exécuter en tant qu'administrateur.
  • Choisis l'option 1 puis Entrée.
  • Un rapport sera généré, poste-le dans ta prochaine réponse.

    /!\ process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus./!\

    ** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix.
    24 Novembre 2008 16:18:18

    Bonjour,

    Poste pour suivre.

    ;) 
    24 Novembre 2008 18:43:17

    Bon, j'ai du redemarrer mon pc, et apres ce reboot, j'ai eu une fois de plus mon antivirus qui s'affolait, toujours avec ce a.bat !

    Voila le nouveau rapport :

    SmitFraudFix v2.376

    Scan done at 18:36:57,78, 24/11/2008
    Run from C:\Users\Shiv\Desktop\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hp\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    D:\Jeux\Steam\Steam.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Launchy\Launchy.exe
    C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\Steam\SteamService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\program files\avira\antivir personaledition classic\avconfig.exe
    C:\Windows\system32\winnt32.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\conime.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Shiv


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Shiv\AppData\Local\Temp


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Shiv\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Shiv\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, following keys are not inevitably infected!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    "LoadAppInit_DLLs"=dword:00000000


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\Windows\\system32\\userinit.exe,"


    »»»»»»»»»»»»»»»»»»»»»»»» RK



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Intel(R) PRO/Wireless 3945ABG Network Connection
    DNS Server Search Order: 192.168.2.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{201DADFC-C498-463F-A53D-7757B614A55E}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{36ABEDAD-47D5-42BE-A889-6FD9457E357A}: DhcpNameServer=10.0.0.138
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{201DADFC-C498-463F-A53D-7757B614A55E}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{36ABEDAD-47D5-42BE-A889-6FD9457E357A}: DhcpNameServer=10.0.0.138
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{201DADFC-C498-463F-A53D-7757B614A55E}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{36ABEDAD-47D5-42BE-A889-6FD9457E357A}: DhcpNameServer=10.0.0.138
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Sinon effectivement les processus sont revenus :) 

    a c 275 8 Sécurité
    a b 9 Windows
    24 Novembre 2008 20:02:48

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen complet.
  • Clique sur Rechercher.
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    24 Novembre 2008 22:26:39

    Voici le resultat ... :

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1419
    Windows 6.0.6001 Service Pack 1

    24/11/2008 22:23:19
    mbam-log-2008-11-24 (22-23-19).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|G:\|H:\|)
    Eléments examinés: 228695
    Temps écoulé: 2 hour(s), 0 minute(s), 14 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)



    a c 275 8 Sécurité
    a b 9 Windows
    25 Novembre 2008 00:52:28

    a.bat est détecté à quel endroit ?
    25 Novembre 2008 07:02:34

    Dans C:\a.bat
    a c 275 8 Sécurité
    a b 9 Windows
    25 Novembre 2008 13:41:55

  • Supprime le dossier RSIT situé dans C:\
  • Refais un scan RSIT et poste les deux rapports.
    25 Novembre 2008 13:45:21

    Tu penses qu'il vaudrait mieux que je reboot (a.bat va revenir) et que je lance RSIT avant que mon antivirus delete a.bat ??
    25 Novembre 2008 14:04:05

    Donc j'ai reboot, a.bat est revenu, cette fois je ne l'ai pas delete avec antivir.

    Voila log.txt :

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Shiv at 2008-11-25 13:59:48
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 18 GB (34%) free of 54 GB
    Total RAM: 3070 MB (69% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:59:56, on 25/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hp\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    D:\Jeux\Steam\Steam.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Launchy\Launchy.exe
    C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\System32\winnt32.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
    C:\Users\Shiv\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Shiv.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 10925 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\GoogleUpdateTaskUser.job
    C:\Windows\tasks\User_Feed_Synchronization-{122E98E7-B0DB-4DBC-AEBA-1C3CCD2AAC49}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-05 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-05 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
    "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208]
    "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-09-12 182808]
    "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]
    "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
    "OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
    "HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
    "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
    "WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-05 144792]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-11-25 266497]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
    "HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-02-27 13515296]
    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-02-27 92704]
    "Windows NT Service"=C:\Windows\system32\winnt32.exe [2008-01-19 1272320]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-09-08 3513344]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
    "Steam"=d:\jeux\steam\steam.exe [2008-10-11 1410296]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
    "Google Update"=C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 133104]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

    C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    My_AutoWarkey_Script.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    Warkeys Update.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableLUA"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†­uÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†­uÿÿÿÿc°B:*:Enabled:Windows NT Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======List of files/folders created in the last 1 months======

    2008-11-25 13:59:48 ----D---- C:\rsit
    2008-11-25 13:59:28 ----A---- C:\a.bat
    2008-11-24 20:15:39 ----D---- C:\Users\Shiv\AppData\Roaming\Malwarebytes
    2008-11-24 20:15:35 ----D---- C:\ProgramData\Malwarebytes
    2008-11-24 20:15:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-11-24 18:37:00 ----A---- C:\Windows\system32\tmp.txt
    2008-11-24 18:36:57 ----A---- C:\rapport.txt
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\WS2Fix.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\VCCLSID.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\VACFix.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\swxcacls.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\swsc.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\swreg.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\SrchSTS.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\Process.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\o4Patch.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\IEDFix.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\IEDFix.C.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\dumphive.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\404Fix.exe
    2008-11-24 14:13:28 ----A---- C:\UsbFix.txt
    2008-11-24 14:07:57 ----D---- C:\Program Files\UsbFix
    2008-11-24 13:18:18 ----D---- C:\Program Files\CCleaner
    2008-11-24 13:12:36 ----D---- C:\Program Files\Trend Micro
    2008-11-24 12:55:30 ----D---- C:\VundoFix Backups
    2008-11-24 12:55:30 ----A---- C:\VundoFix.txt
    2008-11-21 16:33:23 ----A---- C:\Windows\system32\PnkBstrA.exe
    2008-11-21 16:33:14 ----A---- C:\Windows\system32\PnkBstrB.exe
    2008-11-21 16:31:43 ----A---- C:\Windows\system32\paul.dll
    2008-11-21 16:29:47 ----D---- C:\Users\Shiv\AppData\Roaming\Leadertech
    2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvexpbar.dll
    2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcpluir.dll
    2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcplui.exe
    2008-11-20 21:30:51 ----D---- C:\NVIDIA
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wups2.dll
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wucltux.dll
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuaueng.dll
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuauclt.exe
    2008-11-20 09:15:04 ----A---- C:\Windows\system32\wups.dll
    2008-11-20 09:15:04 ----A---- C:\Windows\system32\wudriver.dll
    2008-11-20 09:15:04 ----A---- C:\Windows\system32\wuapi.dll
    2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuwebv.dll
    2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuapp.exe
    2008-11-11 22:57:19 ----A---- C:\Windows\system32\msxml3.dll
    2008-11-11 22:57:09 ----A---- C:\Windows\system32\msxml6.dll
    2008-11-10 15:15:05 ----A---- C:\Windows\system32\XMLConfig_SYSID.ini
    2008-11-09 15:46:58 ----RHD---- C:\Users\Shiv\AppData\Roaming\SecuROM
    2008-11-09 15:46:56 ----A---- C:\Windows\system32\CmdLineExt.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAudio2_2.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAPOFX1_1.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\xactengine3_2.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\d3dx10_39.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\D3DCompiler_39.dll
    2008-11-09 15:37:26 ----A---- C:\Windows\system32\D3DX9_39.dll
    2008-11-09 15:36:51 ----A---- C:\Windows\system32\wrap_oal.dll
    2008-11-09 15:36:51 ----A---- C:\Windows\system32\OpenAL32.dll
    2008-11-09 15:21:27 ----D---- C:\Windows\system32\AGEIA
    2008-11-09 15:21:26 ----D---- C:\Program Files\AGEIA Technologies
    2008-11-09 15:21:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAudio2_3.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAPOFX1_2.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\xactengine3_3.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DX9_40.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\d3dx10_40.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DCompiler_40.dll
    2008-11-08 19:19:52 ----A---- C:\Windows\system32\X3DAudio1_5.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAudio2_1.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAPOFX1_0.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\xactengine3_1.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\X3DAudio1_4.dll
    2008-11-08 19:19:50 ----A---- C:\Windows\system32\d3dx10_38.dll
    2008-11-08 19:19:50 ----A---- C:\Windows\system32\D3DCompiler_38.dll
    2008-11-08 19:19:49 ----A---- C:\Windows\system32\XAudio2_0.dll
    2008-11-08 19:19:49 ----A---- C:\Windows\system32\xactengine3_0.dll
    2008-11-08 19:19:49 ----A---- C:\Windows\system32\D3DX9_38.dll
    2008-11-08 19:19:48 ----A---- C:\Windows\system32\X3DAudio1_3.dll
    2008-11-08 19:19:48 ----A---- C:\Windows\system32\d3dx10_37.dll
    2008-11-08 19:19:48 ----A---- C:\Windows\system32\D3DCompiler_37.dll
    2008-11-08 19:19:46 ----A---- C:\Windows\system32\xactengine2_10.dll
    2008-11-08 19:19:46 ----A---- C:\Windows\system32\D3DX9_37.dll
    2008-11-08 19:19:45 ----A---- C:\Windows\system32\d3dx10_36.dll
    2008-11-08 19:19:45 ----A---- C:\Windows\system32\D3DCompiler_36.dll
    2008-11-08 19:19:44 ----A---- C:\Windows\system32\xactengine2_9.dll
    2008-11-08 19:19:44 ----A---- C:\Windows\system32\d3dx9_36.dll
    2008-11-08 19:19:42 ----A---- C:\Windows\system32\d3dx10_35.dll
    2008-11-08 19:19:42 ----A---- C:\Windows\system32\D3DCompiler_35.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\xactengine2_8.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\X3DAudio1_2.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx9_35.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx10_34.dll
    2008-11-08 19:19:40 ----A---- C:\Windows\system32\d3dx9_34.dll
    2008-11-08 19:19:40 ----A---- C:\Windows\system32\D3DCompiler_34.dll
    2008-11-08 19:19:39 ----A---- C:\Windows\system32\xinput1_3.dll
    2008-11-08 19:19:39 ----A---- C:\Windows\system32\xactengine2_7.dll
    2008-11-08 19:19:38 ----A---- C:\Windows\system32\d3dx10_33.dll
    2008-11-08 19:19:38 ----A---- C:\Windows\system32\D3DCompiler_33.dll
    2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_6.dll
    2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_5.dll
    2008-11-08 19:19:37 ----A---- C:\Windows\system32\d3dx9_33.dll
    2008-11-08 19:19:36 ----A---- C:\Windows\system32\d3dx10.dll
    2008-11-08 19:19:35 ----A---- C:\Windows\system32\xactengine2_4.dll
    2008-11-08 19:19:35 ----A---- C:\Windows\system32\x3daudio1_1.dll
    2008-11-08 19:19:35 ----A---- C:\Windows\system32\d3dx9_32.dll
    2008-11-08 19:19:34 ----A---- C:\Windows\system32\xinput1_2.dll
    2008-11-08 19:19:34 ----A---- C:\Windows\system32\xactengine2_3.dll
    2008-11-08 19:19:34 ----A---- C:\Windows\system32\d3dx9_31.dll
    2008-11-08 19:19:33 ----A---- C:\Windows\system32\xinput1_1.dll
    2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_2.dll
    2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_1.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\xactengine2_0.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\x3daudio1_0.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_30.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_29.dll
    2008-11-08 19:19:26 ----A---- C:\Windows\system32\d3dx9_28.dll
    2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_27.dll
    2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_26.dll
    2008-11-08 19:19:24 ----A---- C:\Windows\system32\d3dx9_25.dll
    2008-11-08 19:19:22 ----A---- C:\Windows\system32\d3dx9_24.dll
    2008-11-08 11:22:40 ----D---- C:\Program Files\Lavalys
    2008-11-08 10:24:29 ----D---- C:\ProgramData\ma-config.com
    2008-11-08 10:24:29 ----D---- C:\Program Files\ma-config.com
    2008-11-07 21:31:44 ----SH---- C:\boot.ini
    2008-11-07 18:44:15 ----A---- C:\Windows\system32\AutoPartNt.exe
    2008-11-07 18:43:34 ----D---- C:\ProgramData\Acronis
    2008-11-07 18:28:42 ----D---- C:\Program Files\Acronis
    2008-11-07 18:28:41 ----D---- C:\Program Files\Common Files\Acronis
    2008-11-07 18:26:58 ----D---- C:\Program Files\Acronis Disk Director Suite 10 build 2160
    2008-11-07 17:21:37 ----D---- C:\Program Files\OurToolbar
    2008-11-07 14:24:24 ----D---- C:\Program Files\WinImage
    2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCRTD.DLL
    2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCP60D.DLL
    2008-11-05 21:04:40 ----A---- C:\Windows\system32\WMAFile.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\TABCTFR.DLL
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\MSCMCFR.DLL
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudPlayer.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioVisu.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioRecord.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioInfos.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudFile.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDisplay.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDesign.dll
    2008-11-05 21:04:38 ----D---- C:\Program Files\Free Audio Pack
    2008-11-05 21:04:38 ----A---- C:\Windows\system32\msvcr70.dll
    2008-11-05 21:04:38 ----A---- C:\Windows\system32\lame_enc.dll
    2008-11-05 05:33:51 ----A---- C:\Windows\system32\EncDec.dll
    2008-11-05 05:33:50 ----A---- C:\Windows\system32\psisdecd.dll
    2008-11-03 15:50:54 ----D---- C:\Intel
    2008-11-03 15:50:49 ----D---- C:\Users\Shiv\AppData\Roaming\InstallShield
    2008-11-03 15:44:23 ----D---- C:\Windows\Minidump
    2008-10-29 08:35:08 ----A---- C:\Windows\system32\win32spl.dll
    2008-10-29 08:35:08 ----A---- C:\Windows\system32\wersvc.dll
    2008-10-29 08:35:08 ----A---- C:\Windows\system32\Faultrep.dll
    2008-10-27 17:45:30 ----D---- C:\Program Files\On2 Technologies
    2008-10-27 17:45:30 ----A---- C:\Windows\system32\vp7vfw.dll

    ======List of files/folders modified in the last 1 months======

    2008-11-25 13:59:56 ----D---- C:\Windows\Temp
    2008-11-25 13:59:56 ----D---- C:\Windows\Prefetch
    2008-11-25 13:55:53 ----D---- C:\Users\Shiv\AppData\Roaming\uTorrent
    2008-11-25 13:55:44 ----D---- C:\Users\Shiv\AppData\Roaming\Skype
    2008-11-25 11:44:33 ----D---- C:\Windows\System32
    2008-11-25 11:44:33 ----D---- C:\Windows\inf
    2008-11-25 11:44:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2008-11-25 08:24:07 ----SHD---- C:\System Volume Information
    2008-11-25 08:05:06 ----D---- C:\Users\Shiv\AppData\Roaming\skypePM
    2008-11-24 20:15:38 ----D---- C:\Windows\system32\drivers
    2008-11-24 20:15:35 ----HD---- C:\ProgramData
    2008-11-24 20:15:34 ----RD---- C:\Program Files
    2008-11-24 15:40:46 ----D---- C:\Windows\system32\WDI
    2008-11-24 14:05:42 ----D---- C:\Windows
    2008-11-24 13:20:02 ----D---- C:\Windows\Debug
    2008-11-24 12:43:32 ----HD---- C:\Config.Msi
    2008-11-23 23:25:31 ----D---- C:\Program Files\Mozilla Firefox
    2008-11-23 16:13:38 ----D---- C:\Users\Shiv\AppData\Roaming\FrostWire
    2008-11-23 15:57:09 ----SHD---- C:\Windows\Installer
    2008-11-23 15:56:25 ----D---- C:\ProgramData\Adobe
    2008-11-23 15:56:18 ----D---- C:\Program Files\Common Files\Adobe
    2008-11-23 15:56:17 ----D---- C:\Program Files\Adobe
    2008-11-23 15:56:09 ----D---- C:\Windows\winsxs
    2008-11-22 20:29:12 ----D---- C:\Users\Shiv\AppData\Roaming\Hamachi
    2008-11-22 20:18:52 ----D---- C:\Users\Shiv\AppData\Roaming\teamspeak2
    2008-11-22 15:10:15 ----D---- C:\Program Files\Common Files\Steam
    2008-11-21 16:29:37 ----D---- C:\Windows\system32\LogFiles
    2008-11-21 16:22:53 ----RSD---- C:\Windows\assembly
    2008-11-20 23:20:58 ----D---- C:\ProgramData\NVIDIA
    2008-11-20 23:17:02 ----D---- C:\Windows\system32\catroot
    2008-11-20 23:17:01 ----D---- C:\Windows\system32\catroot2
    2008-11-20 23:15:54 ----D---- C:\SWSETUP
    2008-11-20 22:03:18 ----D---- C:\Windows\rescache
    2008-11-20 21:42:41 ----D---- C:\Windows\Help
    2008-11-20 21:28:13 ----D---- C:\Windows\system32\fr-FR
    2008-11-20 10:09:29 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-11-19 22:14:17 ----D---- C:\Windows\Tasks
    2008-11-17 21:40:59 ----D---- C:\Program Files\Full Tilt Poker
    2008-11-12 18:16:27 ----SD---- C:\Users\Shiv\AppData\Roaming\Microsoft
    2008-11-12 14:08:34 ----N---- C:\Windows\win.ini
    2008-11-09 15:21:19 ----D---- C:\Program Files\Common Files
    2008-11-07 19:08:09 ----D---- C:\Windows\Logs
    2008-11-07 16:36:53 ----SD---- C:\ProgramData\Microsoft
    2008-11-07 16:23:27 ----D---- C:\Program Files\nLite
    2008-11-07 16:21:40 ----D---- C:\XPiso
    2008-11-06 10:59:36 ----D---- C:\Program Files\Microsoft Office
    2008-11-05 10:46:38 ----D---- C:\Windows\Microsoft.NET
    2008-11-05 10:21:12 ----D---- C:\Windows\ehome
    2008-11-04 01:10:25 ----A---- C:\Windows\system32\mrt.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
    R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
    R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
    R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-11-25 52032]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-10-11 25280]
    R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
    R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552]
    R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-02-27 7602688]
    R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 98816]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
    R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-17 983936]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
    R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
    S3 awoqp2cz;awoqp2cz; C:\Windows\system32\drivers\awoqp2cz.sys []
    S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
    S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
    S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
    S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-11-02 15360]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
    S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
    S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
    S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
    S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2005-08-02 32512]
    S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
    S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
    S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-25 68865]
    R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-25 151297]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
    R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-09-12 354840]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-02-27 49152]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-11-21 66872]
    R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760]
    R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
    R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
    R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-11-22 104944]
    S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
    S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-02 195752]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]

    -----------------EOF-----------------





    et info.txt :

    info.txt logfile of random's system information tool 1.04 2008-11-25 13:59:59

    ======Uninstall list======

    -->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
    32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
    Acronis Disk Director Suite 10 build 2160-->C:\Program Files\Acronis Disk Director Suite 10 build 2160\Uninstal.exe
    Acronis Disk Director Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
    Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
    Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
    adsl TV-->C:\Program Files\adslTV\Uninstal.exe
    AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
    Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
    Bink and Smacker-->C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
    Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
    Counter-Strike-->"D:\Jeux\Steam\steam.exe" steam://uninstall/10
    DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
    ESU for Microsoft Vista-->MsiExec.exe /I{AD3FDC40-BCF4-476D-A2D6-C4B154DD9DF5}
    EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
    FileZilla Client 3.1.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
    Fraps (remove only)-->"C:\Fraps\uninstall.exe"
    Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
    FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
    Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly
    Garry's Mod-->"D:\Jeux\Steam\steam.exe" steam://uninstall/4000
    Giants-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97370293-96EC-11D4-9DEF-00104B70C5FB}\setup.exe"
    GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
    Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
    Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
    Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
    Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
    HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
    HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
    HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
    HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
    HP Imaging Device Functions 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP Photosmart All-In-One Software 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
    HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
    HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst
    HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
    HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
    HP Solution Center 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
    HP User Guides 0088-->MsiExec.exe /I{8347A7A5-4AB8-433F-82AA-496B0D189A9B}
    HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
    HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
    ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
    Intel(R) Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
    iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
    Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
    Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
    Launchy 2.1.2-->"C:\Program Files\Launchy\unins000.exe"
    Left 4 Dead-->"D:\Jeux\Steam\steam.exe" steam://uninstall/500
    Ma-Config.com-->MsiExec.exe /X{DD987A54-122B-4CFD-A8C5-5577027A6B78}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
    Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSCU for Microsoft Vista-->MsiExec.exe /I{E87F5651-CE15-493F-AE99-3B670E25A54E}
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
    Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
    nLite 1.4.9.1-->"C:\Program Files\nLite\unins000.exe"
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    On2 VP7 Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
    Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
    Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
    PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
    PVK-->D:\Jeux\Counter-Strike 1.6 + Half-Life\pvk\uninstall.exe
    Quake III Arena Point Release 1.32-->C:\Windows\unvise32.exe d:\jeux\q3\uninstal5.log
    Quake III Arena-->C:\Windows\IsUninst.exe -fd:\jeux\q3\QIII.isu
    QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
    Rocket Arena 3 1.76 (remove only)-->"D:\Jeux\Q3\arena\uninstall.exe"
    Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Team Fortress 2-->"D:\Jeux\Steam\steam.exe" steam://uninstall/440
    TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
    UsbFix-->C:\Program Files\UsbFix\Uninstal.exe
    VistaBootPRO 3.3-->MsiExec.exe /I{6C9FA746-8759-4040-A436-42922CB3492E}
    Warkeys 1.8.1.0b-->C:\Program Files\Warkeys\uninst.exe
    WC3Banlist-->"C:\Program Files\WC3Banlist\unins000.exe"
    Windows Live Bêta (tous les programmes)-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Windows Live Bêta (tous les programmes)-->MsiExec.exe /I{9C4AB6FB-43CD-4ADF-8B59-6C52A6B74324}
    Windows Live Call-->MsiExec.exe /I{868EC13B-52DA-43B9-8C05-50CD897674DF}
    Windows Live Messenger-->MsiExec.exe /X{F72F8316-91E8-4C80-9E39-EBE933E1EDFB}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe

    ======Security center information======

    AV: Avira AntiVir PersonalEdition
    AS: Windows Defender

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;C:\Program Files\QuickTime\QTSystem\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=1706
    "NUMBER_OF_PROCESSORS"=2
    "PLATFORM"=MCD
    "PCBRAND"=Pavilion
    "OnlineServices"=Services en ligne
    "USERPART"=F:
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

    -----------------EOF-----------------

    Voila tout.. en tout cas merci du temps que tu prends pour m'aider !
    a c 275 8 Sécurité
    a b 9 Windows
    25 Novembre 2008 14:16:57

    1/

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Clique droit sur OTMoveIt3.exe et choisis Exécuter en tant qu'administrateur.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    C:\Windows\system32\winnt32.exe
    C:\a.bat
    C:\rsit

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log


    2/

  • Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar).
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    3/

  • Refais un scan RSIT et poste les deux rapports.
    25 Novembre 2008 14:40:39

    Alors j'ai lancé OTMoveIt une premiere fois, mais apres quelques secondes il a planté.. j'ai attendu, puis je l'ai fermé et j'ai relancé explorer.exe pour pouvoir le relancer.

    Cette fois ci tout s'est bien passé, voila le log :

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    File/Folder C:\Windows\system32\winnt32.exe not found.
    File/Folder C:\a.bat not found.
    C:\rsit moved successfully.
    ========== COMMANDS ==========
    File delete failed. C:\Users\Shiv\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
    File delete failed. C:\Users\Shiv\AppData\Local\Temp\etilqs_3jBBC2iw3pK1IqB scheduled to be deleted on reboot.
    File delete failed. C:\Users\Shiv\AppData\Local\Temp\etilqs_RL9aGy4O4EYR5hy scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    File delete failed. C:\Windows\temp\TMP0000005FDDC93F56F193C176 scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11252008_143221

    Files moved on Reboot...
    C:\Users\Shiv\AppData\Local\Temp\ehmsas.txt moved successfully.
    File C:\Users\Shiv\AppData\Local\Temp\etilqs_3jBBC2iw3pK1IqB not found!
    File C:\Users\Shiv\AppData\Local\Temp\etilqs_RL9aGy4O4EYR5hy not found!
    File C:\Windows\temp\TMP0000005FDDC93F56F193C176 not found!



    A savoir que suite a la 1ere execution (celle qui a planté), il m'a deplacé "winnt32.exe" dans le dossier : C:\_OTMoveIt\MovedFiles\11252008_142723\Windows\system32

    EDIT : pas d'alerte pour a.bat suite au reboot demandé par OTMoveIt
    a c 275 8 Sécurité
    a b 9 Windows
    25 Novembre 2008 14:51:06

    Bien, fais la suite ;) 
    25 Novembre 2008 16:05:17

    Ah oui j'avais oublié tiens :p 

    CCleaner done.

    Rapport RSIT :

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Shiv at 2008-11-25 16:04:36
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 16 GB (29%) free of 54 GB
    Total RAM: 3070 MB (63% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:04:40, on 25/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hp\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    D:\Jeux\Steam\Steam.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Launchy\Launchy.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Users\Shiv\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Shiv.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 10956 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\GoogleUpdateTaskUser.job
    C:\Windows\tasks\User_Feed_Synchronization-{122E98E7-B0DB-4DBC-AEBA-1C3CCD2AAC49}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-05 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-05 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
    "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208]
    "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-09-12 182808]
    "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]
    "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
    "OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
    "HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
    "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
    "WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-05 144792]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-11-25 266497]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
    "HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
    "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-02-27 13515296]
    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-02-27 92704]
    "Windows NT Service"=winnt32.exe []
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-09-08 3513344]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
    "Steam"=d:\jeux\steam\steam.exe [2008-10-11 1410296]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
    "Google Update"=C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 133104]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

    C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    My_AutoWarkey_Script.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    Warkeys Update.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableLUA"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†­uÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†­uÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$ŒÌw>†‚vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$ŒÌw>†‚vÿÿÿÿc°B:*:Enabled:Windows NT Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======List of files/folders created in the last 1 months======

    2008-11-25 16:04:36 ----D---- C:\rsit
    2008-11-25 14:27:23 ----D---- C:\_OTMoveIt
    2008-11-24 20:15:39 ----D---- C:\Users\Shiv\AppData\Roaming\Malwarebytes
    2008-11-24 20:15:35 ----D---- C:\ProgramData\Malwarebytes
    2008-11-24 20:15:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-11-24 18:37:00 ----A---- C:\Windows\system32\tmp.txt
    2008-11-24 18:36:57 ----A---- C:\rapport.txt
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\WS2Fix.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\VCCLSID.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\VACFix.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\swxcacls.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\swsc.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\swreg.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\SrchSTS.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\Process.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\o4Patch.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\IEDFix.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\IEDFix.C.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\dumphive.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\404Fix.exe
    2008-11-24 14:13:28 ----A---- C:\UsbFix.txt
    2008-11-24 14:07:57 ----D---- C:\Program Files\UsbFix
    2008-11-24 13:18:18 ----D---- C:\Program Files\CCleaner
    2008-11-24 13:12:36 ----D---- C:\Program Files\Trend Micro
    2008-11-24 12:55:30 ----D---- C:\VundoFix Backups
    2008-11-24 12:55:30 ----A---- C:\VundoFix.txt
    2008-11-21 16:33:23 ----A---- C:\Windows\system32\PnkBstrA.exe
    2008-11-21 16:33:14 ----A---- C:\Windows\system32\PnkBstrB.exe
    2008-11-21 16:31:43 ----A---- C:\Windows\system32\paul.dll
    2008-11-21 16:29:47 ----D---- C:\Users\Shiv\AppData\Roaming\Leadertech
    2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvexpbar.dll
    2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcpluir.dll
    2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcplui.exe
    2008-11-20 21:30:51 ----D---- C:\NVIDIA
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wups2.dll
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wucltux.dll
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuaueng.dll
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuauclt.exe
    2008-11-20 09:15:04 ----A---- C:\Windows\system32\wups.dll
    2008-11-20 09:15:04 ----A---- C:\Windows\system32\wudriver.dll
    2008-11-20 09:15:04 ----A---- C:\Windows\system32\wuapi.dll
    2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuwebv.dll
    2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuapp.exe
    2008-11-11 22:57:19 ----A---- C:\Windows\system32\msxml3.dll
    2008-11-11 22:57:09 ----A---- C:\Windows\system32\msxml6.dll
    2008-11-10 15:15:05 ----A---- C:\Windows\system32\XMLConfig_SYSID.ini
    2008-11-09 15:46:58 ----RHD---- C:\Users\Shiv\AppData\Roaming\SecuROM
    2008-11-09 15:46:56 ----A---- C:\Windows\system32\CmdLineExt.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAudio2_2.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAPOFX1_1.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\xactengine3_2.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\d3dx10_39.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\D3DCompiler_39.dll
    2008-11-09 15:37:26 ----A---- C:\Windows\system32\D3DX9_39.dll
    2008-11-09 15:36:51 ----A---- C:\Windows\system32\wrap_oal.dll
    2008-11-09 15:36:51 ----A---- C:\Windows\system32\OpenAL32.dll
    2008-11-09 15:21:27 ----D---- C:\Windows\system32\AGEIA
    2008-11-09 15:21:26 ----D---- C:\Program Files\AGEIA Technologies
    2008-11-09 15:21:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAudio2_3.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAPOFX1_2.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\xactengine3_3.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DX9_40.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\d3dx10_40.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DCompiler_40.dll
    2008-11-08 19:19:52 ----A---- C:\Windows\system32\X3DAudio1_5.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAudio2_1.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAPOFX1_0.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\xactengine3_1.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\X3DAudio1_4.dll
    2008-11-08 19:19:50 ----A---- C:\Windows\system32\d3dx10_38.dll
    2008-11-08 19:19:50 ----A---- C:\Windows\system32\D3DCompiler_38.dll
    2008-11-08 19:19:49 ----A---- C:\Windows\system32\XAudio2_0.dll
    2008-11-08 19:19:49 ----A---- C:\Windows\system32\xactengine3_0.dll
    2008-11-08 19:19:49 ----A---- C:\Windows\system32\D3DX9_38.dll
    2008-11-08 19:19:48 ----A---- C:\Windows\system32\X3DAudio1_3.dll
    2008-11-08 19:19:48 ----A---- C:\Windows\system32\d3dx10_37.dll
    2008-11-08 19:19:48 ----A---- C:\Windows\system32\D3DCompiler_37.dll
    2008-11-08 19:19:46 ----A---- C:\Windows\system32\xactengine2_10.dll
    2008-11-08 19:19:46 ----A---- C:\Windows\system32\D3DX9_37.dll
    2008-11-08 19:19:45 ----A---- C:\Windows\system32\d3dx10_36.dll
    2008-11-08 19:19:45 ----A---- C:\Windows\system32\D3DCompiler_36.dll
    2008-11-08 19:19:44 ----A---- C:\Windows\system32\xactengine2_9.dll
    2008-11-08 19:19:44 ----A---- C:\Windows\system32\d3dx9_36.dll
    2008-11-08 19:19:42 ----A---- C:\Windows\system32\d3dx10_35.dll
    2008-11-08 19:19:42 ----A---- C:\Windows\system32\D3DCompiler_35.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\xactengine2_8.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\X3DAudio1_2.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx9_35.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx10_34.dll
    2008-11-08 19:19:40 ----A---- C:\Windows\system32\d3dx9_34.dll
    2008-11-08 19:19:40 ----A---- C:\Windows\system32\D3DCompiler_34.dll
    2008-11-08 19:19:39 ----A---- C:\Windows\system32\xinput1_3.dll
    2008-11-08 19:19:39 ----A---- C:\Windows\system32\xactengine2_7.dll
    2008-11-08 19:19:38 ----A---- C:\Windows\system32\d3dx10_33.dll
    2008-11-08 19:19:38 ----A---- C:\Windows\system32\D3DCompiler_33.dll
    2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_6.dll
    2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_5.dll
    2008-11-08 19:19:37 ----A---- C:\Windows\system32\d3dx9_33.dll
    2008-11-08 19:19:36 ----A---- C:\Windows\system32\d3dx10.dll
    2008-11-08 19:19:35 ----A---- C:\Windows\system32\xactengine2_4.dll
    2008-11-08 19:19:35 ----A---- C:\Windows\system32\x3daudio1_1.dll
    2008-11-08 19:19:35 ----A---- C:\Windows\system32\d3dx9_32.dll
    2008-11-08 19:19:34 ----A---- C:\Windows\system32\xinput1_2.dll
    2008-11-08 19:19:34 ----A---- C:\Windows\system32\xactengine2_3.dll
    2008-11-08 19:19:34 ----A---- C:\Windows\system32\d3dx9_31.dll
    2008-11-08 19:19:33 ----A---- C:\Windows\system32\xinput1_1.dll
    2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_2.dll
    2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_1.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\xactengine2_0.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\x3daudio1_0.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_30.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_29.dll
    2008-11-08 19:19:26 ----A---- C:\Windows\system32\d3dx9_28.dll
    2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_27.dll
    2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_26.dll
    2008-11-08 19:19:24 ----A---- C:\Windows\system32\d3dx9_25.dll
    2008-11-08 19:19:22 ----A---- C:\Windows\system32\d3dx9_24.dll
    2008-11-08 11:22:40 ----D---- C:\Program Files\Lavalys
    2008-11-08 10:24:29 ----D---- C:\ProgramData\ma-config.com
    2008-11-08 10:24:29 ----D---- C:\Program Files\ma-config.com
    2008-11-07 21:31:44 ----SH---- C:\boot.ini
    2008-11-07 18:44:15 ----A---- C:\Windows\system32\AutoPartNt.exe
    2008-11-07 18:43:34 ----D---- C:\ProgramData\Acronis
    2008-11-07 18:28:42 ----D---- C:\Program Files\Acronis
    2008-11-07 18:28:41 ----D---- C:\Program Files\Common Files\Acronis
    2008-11-07 18:26:58 ----D---- C:\Program Files\Acronis Disk Director Suite 10 build 2160
    2008-11-07 17:21:37 ----D---- C:\Program Files\OurToolbar
    2008-11-07 14:24:24 ----D---- C:\Program Files\WinImage
    2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCRTD.DLL
    2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCP60D.DLL
    2008-11-05 21:04:40 ----A---- C:\Windows\system32\WMAFile.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\TABCTFR.DLL
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\MSCMCFR.DLL
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudPlayer.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioVisu.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioRecord.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioInfos.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudFile.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDisplay.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDesign.dll
    2008-11-05 21:04:38 ----D---- C:\Program Files\Free Audio Pack
    2008-11-05 21:04:38 ----A---- C:\Windows\system32\msvcr70.dll
    2008-11-05 21:04:38 ----A---- C:\Windows\system32\lame_enc.dll
    2008-11-05 05:33:51 ----A---- C:\Windows\system32\EncDec.dll
    2008-11-05 05:33:50 ----A---- C:\Windows\system32\psisdecd.dll
    2008-11-03 15:50:54 ----D---- C:\Intel
    2008-11-03 15:50:49 ----D---- C:\Users\Shiv\AppData\Roaming\InstallShield
    2008-11-03 15:44:23 ----D---- C:\Windows\Minidump
    2008-10-29 08:35:08 ----A---- C:\Windows\system32\win32spl.dll
    2008-10-29 08:35:08 ----A---- C:\Windows\system32\wersvc.dll
    2008-10-29 08:35:08 ----A---- C:\Windows\system32\Faultrep.dll
    2008-10-27 17:45:30 ----D---- C:\Program Files\On2 Technologies
    2008-10-27 17:45:30 ----A---- C:\Windows\system32\vp7vfw.dll

    ======List of files/folders modified in the last 1 months======

    2008-11-25 16:04:36 ----D---- C:\Windows\Temp
    2008-11-25 16:04:12 ----D---- C:\Users\Shiv\AppData\Roaming\uTorrent
    2008-11-25 16:02:57 ----D---- C:\Users\Shiv\AppData\Roaming\Skype
    2008-11-25 16:01:31 ----D---- C:\Windows\Prefetch
    2008-11-25 16:01:31 ----D---- C:\Windows
    2008-11-25 14:40:22 ----D---- C:\Windows\System32
    2008-11-25 14:40:22 ----D---- C:\Windows\inf
    2008-11-25 14:40:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2008-11-25 14:00:06 ----D---- C:\Users\Shiv\AppData\Roaming\skypePM
    2008-11-25 08:24:07 ----SHD---- C:\System Volume Information
    2008-11-24 20:15:38 ----D---- C:\Windows\system32\drivers
    2008-11-24 20:15:35 ----HD---- C:\ProgramData
    2008-11-24 20:15:34 ----RD---- C:\Program Files
    2008-11-24 15:40:46 ----D---- C:\Windows\system32\WDI
    2008-11-24 13:20:02 ----D---- C:\Windows\Debug
    2008-11-24 12:43:32 ----HD---- C:\Config.Msi
    2008-11-23 23:25:31 ----D---- C:\Program Files\Mozilla Firefox
    2008-11-23 16:13:38 ----D---- C:\Users\Shiv\AppData\Roaming\FrostWire
    2008-11-23 15:57:09 ----SHD---- C:\Windows\Installer
    2008-11-23 15:56:25 ----D---- C:\ProgramData\Adobe
    2008-11-23 15:56:18 ----D---- C:\Program Files\Common Files\Adobe
    2008-11-23 15:56:17 ----D---- C:\Program Files\Adobe
    2008-11-23 15:56:09 ----D---- C:\Windows\winsxs
    2008-11-22 20:29:12 ----D---- C:\Users\Shiv\AppData\Roaming\Hamachi
    2008-11-22 20:18:52 ----D---- C:\Users\Shiv\AppData\Roaming\teamspeak2
    2008-11-22 15:10:15 ----D---- C:\Program Files\Common Files\Steam
    2008-11-21 16:29:37 ----D---- C:\Windows\system32\LogFiles
    2008-11-21 16:22:53 ----RSD---- C:\Windows\assembly
    2008-11-20 23:20:58 ----D---- C:\ProgramData\NVIDIA
    2008-11-20 23:17:02 ----D---- C:\Windows\system32\catroot
    2008-11-20 23:17:01 ----D---- C:\Windows\system32\catroot2
    2008-11-20 23:15:54 ----D---- C:\SWSETUP
    2008-11-20 22:03:18 ----D---- C:\Windows\rescache
    2008-11-20 21:42:41 ----D---- C:\Windows\Help
    2008-11-20 21:28:13 ----D---- C:\Windows\system32\fr-FR
    2008-11-20 10:09:29 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-11-19 22:14:17 ----D---- C:\Windows\Tasks
    2008-11-17 21:40:59 ----D---- C:\Program Files\Full Tilt Poker
    2008-11-12 18:16:27 ----SD---- C:\Users\Shiv\AppData\Roaming\Microsoft
    2008-11-12 14:08:34 ----N---- C:\Windows\win.ini
    2008-11-09 15:21:19 ----D---- C:\Program Files\Common Files
    2008-11-07 19:08:09 ----D---- C:\Windows\Logs
    2008-11-07 16:36:53 ----SD---- C:\ProgramData\Microsoft
    2008-11-07 16:23:27 ----D---- C:\Program Files\nLite
    2008-11-07 16:21:40 ----D---- C:\XPiso
    2008-11-06 10:59:36 ----D---- C:\Program Files\Microsoft Office
    2008-11-05 10:46:38 ----D---- C:\Windows\Microsoft.NET
    2008-11-05 10:21:12 ----D---- C:\Windows\ehome
    2008-11-04 01:10:25 ----A---- C:\Windows\system32\mrt.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
    R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
    R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
    R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-11-25 52032]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-10-11 25280]
    R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
    R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552]
    R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-02-27 7602688]
    R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 98816]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
    R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-17 983936]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
    R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
    S3 asp7icqx;asp7icqx; C:\Windows\system32\drivers\asp7icqx.sys []
    S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
    S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
    S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
    S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-11-02 15360]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
    S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
    S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
    S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
    S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2005-08-02 32512]
    S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
    S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
    S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-25 68865]
    R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-25 151297]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
    R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-09-12 354840]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-02-27 49152]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-11-21 66872]
    R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760]
    R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
    R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
    R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-11-22 104944]
    S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
    S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-02 195752]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]

    -----------------EOF-----------------

    25 Novembre 2008 16:09:09

    et voila le info.txt, je l'avais oublié... décidement..

    info.txt logfile of random's system information tool 1.04 2008-11-25 16:04:43

    ======Uninstall list======

    -->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
    32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
    Acronis Disk Director Suite 10 build 2160-->C:\Program Files\Acronis Disk Director Suite 10 build 2160\Uninstal.exe
    Acronis Disk Director Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
    Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
    Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
    adsl TV-->C:\Program Files\adslTV\Uninstal.exe
    AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
    Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
    Bink and Smacker-->C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
    Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
    Counter-Strike-->"D:\Jeux\Steam\steam.exe" steam://uninstall/10
    DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
    ESU for Microsoft Vista-->MsiExec.exe /I{AD3FDC40-BCF4-476D-A2D6-C4B154DD9DF5}
    EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
    FileZilla Client 3.1.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
    Fraps (remove only)-->"C:\Fraps\uninstall.exe"
    Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
    FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
    Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly
    Garry's Mod-->"D:\Jeux\Steam\steam.exe" steam://uninstall/4000
    Giants-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97370293-96EC-11D4-9DEF-00104B70C5FB}\setup.exe"
    GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
    Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
    Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
    Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
    Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
    HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
    HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
    HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
    HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
    HP Imaging Device Functions 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP Photosmart All-In-One Software 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
    HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
    HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst
    HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
    HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
    HP Solution Center 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
    HP User Guides 0088-->MsiExec.exe /I{8347A7A5-4AB8-433F-82AA-496B0D189A9B}
    HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
    HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
    ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
    Intel(R) Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
    iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
    Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
    Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
    Launchy 2.1.2-->"C:\Program Files\Launchy\unins000.exe"
    Left 4 Dead-->"D:\Jeux\Steam\steam.exe" steam://uninstall/500
    Ma-Config.com-->MsiExec.exe /X{DD987A54-122B-4CFD-A8C5-5577027A6B78}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
    Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSCU for Microsoft Vista-->MsiExec.exe /I{E87F5651-CE15-493F-AE99-3B670E25A54E}
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
    Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
    nLite 1.4.9.1-->"C:\Program Files\nLite\unins000.exe"
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    On2 VP7 Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
    Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
    Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
    PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
    PVK-->D:\Jeux\Counter-Strike 1.6 + Half-Life\pvk\uninstall.exe
    Quake III Arena Point Release 1.32-->C:\Windows\unvise32.exe d:\jeux\q3\uninstal5.log
    Quake III Arena-->C:\Windows\IsUninst.exe -fd:\jeux\q3\QIII.isu
    QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
    Rocket Arena 3 1.76 (remove only)-->"D:\Jeux\Q3\arena\uninstall.exe"
    Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Team Fortress 2-->"D:\Jeux\Steam\steam.exe" steam://uninstall/440
    TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
    UsbFix-->C:\Program Files\UsbFix\Uninstal.exe
    VistaBootPRO 3.3-->MsiExec.exe /I{6C9FA746-8759-4040-A436-42922CB3492E}
    Warkeys 1.8.1.0b-->C:\Program Files\Warkeys\uninst.exe
    WC3Banlist-->"C:\Program Files\WC3Banlist\unins000.exe"
    Windows Live Bêta (tous les programmes)-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Windows Live Bêta (tous les programmes)-->MsiExec.exe /I{9C4AB6FB-43CD-4ADF-8B59-6C52A6B74324}
    Windows Live Call-->MsiExec.exe /I{868EC13B-52DA-43B9-8C05-50CD897674DF}
    Windows Live Messenger-->MsiExec.exe /X{F72F8316-91E8-4C80-9E39-EBE933E1EDFB}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe

    ======Security center information======

    AV: Avira AntiVir PersonalEdition
    AS: Windows Defender

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;C:\Program Files\QuickTime\QTSystem\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=1706
    "NUMBER_OF_PROCESSORS"=2
    "PLATFORM"=MCD
    "PCBRAND"=Pavilion
    "OnlineServices"=Services en ligne
    "USERPART"=F:
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

    -----------------EOF-----------------

    a c 275 8 Sécurité
    a b 9 Windows
    25 Novembre 2008 17:05:41

    J'ai remarqué quelque chose que je n'ai jamais vu avant.

    J'ai demandé conseil à un collègue ;) 
    28 Novembre 2008 17:12:02

    Pas de nouvelles? :( 
    a c 275 8 Sécurité
    a b 9 Windows
    28 Novembre 2008 17:31:38

    Toujours le même problème ?
    28 Novembre 2008 21:59:20

    Ecoute je viens de reboot mon pc, et effectivement le trojan a disparu, mais en fait c'était ton dernier message qui m'avait laissé un petit peu inquiet :p 

    En tout cas merci de ton efficacité et de ton temps ;) 
    a c 275 8 Sécurité
    a b 9 Windows
    28 Novembre 2008 22:13:15

    Oui mais ça va en fait ;) 

    - Fais un scan en ligne ici : http://webscanner.kaspersky.fr/ (Avec Internet Explorer)

    - En bas à droite, clique sur Démarrer Online-scanner.

    - Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte.

    - Accepte les Contrôles ActiveX.

    - Choisis Poste de travail pour le scan.

    - Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport.

    - Pour t'aider à utiliser le scan en ligne : Tutoriel

    Note : Si tu reçois le message La licence de Kaspersky On-line Scanner est périmée, va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.

    - Lis ceci en cas de problème d'installation du Contrôle ActiveX : Tutoriel
    29 Novembre 2008 15:34:11

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Saturday, November 29, 2008 3:25:47 PM
    Système d'exploitation : Home Edition, Service Pack 1 (Build 6001)
    Kaspersky On-line Scanner version : 5.0.84.2
    Dernière mise à jour de la base antivirus Kaspersky : 29/11/2008
    Enregistrements dans la base antivirus Kaspersky : 1277613
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\

    Statistiques de l'analyse:
    Total d'objets analysés: 582507
    Nombre de virus trouvés: 1
    Nombre d'objets infectés: 1 / 0
    Nombre d'objets suspects: 0
    Durée de l'analyse: 03:51:48

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\boot\bcd L'objet est verrouillé ignoré
    C:\boot\BCD.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\CyberLink\TinyDB\EPGSignal L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\CyberLink\TinyDB\Schedule L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ehmsas.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_dWZZGMerc9fR5zm L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_fwfdSFkvgZAa4aH L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_PxKFE5HmWih8t7k L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF14AE.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_0 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_2 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_3 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\index L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\ContactsLog.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\MsnMsgr.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG2 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ehmsas.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_dWZZGMerc9fR5zm L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_fwfdSFkvgZAa4aH L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_PxKFE5HmWih8t7k L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF14AE.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Archived History L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_0 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_2 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_3 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\index L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Current Session L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Visited Links L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112820081129\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112920081130\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\ContactsLog.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\MsnMsgr.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG2 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ehmsas.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_dWZZGMerc9fR5zm L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_fwfdSFkvgZAa4aH L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_PxKFE5HmWih8t7k L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF14AE.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Archived History L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_0 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_2 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_3 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\index L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Current Session L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Visited Links L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112820081129\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112920081130\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\ContactsLog.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\MsnMsgr.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012008112820081129\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012008112920081130\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG2 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{59f26d2d-f378-11db-be55-001e685f61ec}.TM.blf L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\FileTracker\{AC1414B2-7E65-4F95-8D40-4C8FFD8C9841} L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ehmsas.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_dWZZGMerc9fR5zm L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_fwfdSFkvgZAa4aH L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_PxKFE5HmWih8t7k L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF14AE.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Archived History L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_0 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_2 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_3 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\index L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Current Session L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Visited Links L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112820081129\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112920081130\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\ContactsLog.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\MsnMsgr.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012008112820081129\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012008112920081130\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG2 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{59f26d2d-f378-11db-be55-001e685f61ec}.TM.blf L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\FileTracker\{AC1414B2-7E65-4F95-8D40-4C8FFD8C9841} L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live Contacts\{133c0bc0-c360-455b-bfeb-9581db0c0342}\DBStore\contacts.edb L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live Contacts\{133c0bc0-c360-455b-bfeb-9581db0c0342}\DBStore\LogFiles\edb.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live Contacts\{133c0bc0-c360-455b-bfeb-9581db0c0342}\DBStore\tempedb.edb L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ehmsas.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_dWZZGMerc9fR5zm L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_fwfdSFkvgZAa4aH L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_PxKFE5HmWih8t7k L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF14AE.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Archived History L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_0 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_2 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_3 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\index L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Current Session L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History Index 2008-11-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Thumbnails-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Visited Links L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Safe Browsing-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112820081129\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Historique\History.IE5\MSHist012008112920081130\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\ContactsLog.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Messenger\MsnMsgr.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012008112820081129\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\History\History.IE5\MSHist012008112920081130\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat.LOG2 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{59f26d2d-f378-11db-be55-001e685f61ec}.TM.blf L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{59f26d2d-f378-11db-be55-001e685f61ec}.TMContainer00000000000000000001.regtrans-ms L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\UsrClass.dat{59f26d2d-f378-11db-be55-001e685f61ec}.TMContainer00000000000000000002.regtrans-ms L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\FileTracker\{AC1414B2-7E65-4F95-8D40-4C8FFD8C9841} L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live Contacts\{133c0bc0-c360-455b-bfeb-9581db0c0342}\DBStore\contacts.edb L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live Contacts\{133c0bc0-c360-455b-bfeb-9581db0c0342}\DBStore\LogFiles\edb.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live Contacts\{133c0bc0-c360-455b-bfeb-9581db0c0342}\DBStore\LogFiles\edbtmp.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Live Contacts\{133c0bc0-c360-455b-bfeb-9581db0c0342}\DBStore\tempedb.edb L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\ehmsas.txt L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_dWZZGMerc9fR5zm L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_fwfdSFkvgZAa4aH L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\etilqs_PxKFE5HmWih8t7k L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temp\~DF14AE.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Archived History L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_0 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_1 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_2 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_3 L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\index L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cookies L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Current Session L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History L'objet est verrouillé ignoré
    C:\Documents and Settings\Shiv\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Hist
    a c 275 8 Sécurité
    a b 9 Windows
    29 Novembre 2008 16:25:06

    Le rapport n'est pas complet, upload-le sur Mediafire.

    ---> Uploader un fichier sur Mediafire :
  • Rends-toi sur ce lien : http://www.mediafire.com/
  • Clique en haut sur Upload files To Media fire. Choisis ensuite I want to upload without an account.
  • Une fenêtre de ton explorateur windows va s'ouvrir. Navigue jusqu'au rapport que je te demande d'uploader, sélectionne-le puis clique sur ouvrir.
  • Clique ensuite sur Upload.
  • A droite de l'écran, choisis : upload to a new folder. Laisse le nom par défaut (= la date).
  • Valide et laisse l'upload se faire.
  • Clique sur View uploaded file et copie-moi l'url (= le lien) du nouvel onglet ou de la nouvelle fenêtre qui va s'ouvrir dans ton prochain message. Ainsi, je pourrais télécharger le rapport demandé.
    29 Novembre 2008 20:49:13

    Tiens, d'ailleurs je viens de faire un scan Antivir :

    detection de : EXP/ASF.GetCodec.Gen, j'ai mis en quarantaine.

    Besoin d'un nouveau rapport ?
    a c 275 8 Sécurité
    a b 9 Windows
    30 Novembre 2008 01:34:35

    As-tu le rapport d'Antivir ?
    30 Novembre 2008 10:09:43



    Avira AntiVir Personal
    Report file date: samedi 29 novembre 2008 20:01

    Scanning for 1059552 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (Service Pack 1) [6.0.6001]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: PC-DE-SHIV

    Version information:
    BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
    AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 12:51:39
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 25/11/2008 12:51:39
    LUKE.DLL : 8.1.4.5 164097 Bytes 25/11/2008 12:51:40
    LUKERES.DLL : 8.1.4.0 12033 Bytes 25/11/2008 12:51:40
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:03:42
    ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 11:50:53
    ANTIVIR2.VDF : 7.1.0.124 376832 Bytes 23/11/2008 11:47:05
    ANTIVIR3.VDF : 7.1.0.158 206336 Bytes 29/11/2008 18:58:36
    Engineversion : 8.2.0.36
    AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 11:01:15
    AESCRIPT.DLL : 8.1.1.15 332156 Bytes 12/11/2008 11:47:28
    AESCN.DLL : 8.1.1.5 123251 Bytes 08/11/2008 11:47:52
    AERDL.DLL : 8.1.1.3 438645 Bytes 07/11/2008 11:47:43
    AEPACK.DLL : 8.1.3.4 393591 Bytes 12/11/2008 11:47:27
    AEOFFICE.DLL : 8.1.0.30 196986 Bytes 08/11/2008 11:47:51
    AEHEUR.DLL : 8.1.0.71 1487222 Bytes 08/11/2008 11:47:50
    AEHELP.DLL : 8.1.2.0 119159 Bytes 19/11/2008 11:47:16
    AEGEN.DLL : 8.1.1.6 323955 Bytes 29/11/2008 18:58:38
    AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 11:01:07
    AECORE.DLL : 8.1.5.2 172405 Bytes 29/11/2008 18:58:37
    AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 11:01:05
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 25/11/2008 12:51:39
    AVPREF.DLL : 8.0.2.0 38657 Bytes 25/11/2008 12:51:39
    AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 15:54:28
    AVREG.DLL : 8.0.0.1 33537 Bytes 25/11/2008 12:51:39
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 25/11/2008 12:51:39
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 25/11/2008 12:51:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 25/11/2008 12:51:36
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 25/11/2008 12:51:36

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, E:, G:, H:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 29 novembre 2008 20:01

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'SteamService.exe' - '1' Module(s) have been scanned
    Scan process 'chrome.exe' - '1' Module(s) have been scanned
    Scan process 'chrome.exe' - '1' Module(s) have been scanned
    Scan process 'chrome.exe' - '1' Module(s) have been scanned
    Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'skypePM.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPHelper.exe' - '1' Module(s) have been scanned
    Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
    Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
    Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
    Scan process 'Launchy.exe' - '1' Module(s) have been scanned
    Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned
    Scan process 'Skype.exe' - '1' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
    Scan process 'daemon.exe' - '1' Module(s) have been scanned
    Scan process 'Steam.exe' - '1' Module(s) have been scanned
    Scan process 'ehtray.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned
    Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
    Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
    Scan process 'HPKBDAPP.exe' - '1' Module(s) have been scanned
    Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
    Scan process 'QPService.exe' - '1' Module(s) have been scanned
    Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
    Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
    Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPStart.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'dwm.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'QPSched.exe' - '1' Module(s) have been scanned
    Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
    Scan process 'QPCapSvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'audiodg.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    81 processes with 81 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!
    Boot sector 'G:\'
    [INFO] No virus was found!
    Boot sector 'H:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '51' files ).


    Starting the file scan:

    Begin scan in 'C:\' <OS>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Windows\System32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <DATA>
    D:\pagefile.sys
    [WARNING] The file could not be opened!
    D:\Downloads\FrostWire\DJ STEELO - Chamillionaire feat Lil Wayne - Rock Star.mp3
    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
    [NOTE] The file was moved to '49519cc3.qua'!
    D:\Downloads\Incomplete\T-3545425-too tough.mp3
    [DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
    [NOTE] The file was moved to '49649cac.qua'!
    D:\Mes Drivers\Vista\Vista_R208.exe
    [0] Archive type: CAB SFX (self extracting)
    --> \data1.cab
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    D:\Mes Drivers\XP\WDM_R208.exe
    [0] Archive type: CAB SFX (self extracting)
    --> \data1.cab
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    Begin scan in 'E:\' <HP_RECOVERY>
    Begin scan in 'G:\' <DATA2>
    Begin scan in 'H:\' <XP>


    End of the scan: samedi 29 novembre 2008 21:10
    Used time: 1:08:45 Hour(s)

    The scan has been done completely.

    24499 Scanning directories
    837964 Files were scanned
    2 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    2 files were moved to quarantine
    0 files were renamed
    4 Files cannot be scanned
    837958 Files not concerned
    11187 Archives were scanned
    6 Warnings
    2 Notes

    a c 275 8 Sécurité
    a b 9 Windows
    30 Novembre 2008 16:20:18

    1/

    - FrostWire 4.17.0

    Je te conseille de désinstaller et de supprimer tous tes logiciels de P2P : 50% de ce que tu télécharges via P2P est piégé. Le P2P est le premier vecteur d'infection de nos jours.
    Plus d'informations disponibles en cliquant sur le lien suivant : Cracks / P2P

  • Désinstalle les programmes suivants :
    - Java 6 Update 2
    - Java 6 Update 7
    - UsbFix


    2/

  • Clique droit sur HijackThis et choisis Exécuter en tant qu'administrateur.
  • Choisis Do a system scan only.
  • Coche les cases qui sont devant les lignes suivantes :

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

    O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe

    O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe

  • Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
  • Redémarre ton PC.


    3/

  • Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.
  • Double-clique sur OTMoveIt3.exe afin de le lancer.
  • Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :services
    asp7icqx

    :files
    C:\rsit
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.daT
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat

    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


  • Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
  • Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    ---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

  • Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    ---> Le nom du rapport correspond au moment de sa création : date_heure.log


    4/

  • Mets à jour Adobe Reader.
  • Refais un scan RSIT et poste les deux rapports.
    30 Novembre 2008 17:20:40

    Rapport OTmoveIt :

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    Unable to stop service asp7icqx .
    ========== FILES ==========
    C:\rsit moved successfully.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    ========== COMMANDS ==========
    File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\0ok1UVewRp5JJjUYEOO2FgRz8MkQ= scheduled to be deleted on reboot.
    File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\cFtL9FRVS5VNc3uNud4CT34uRJE= scheduled to be deleted on reboot.
    File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\G2Fj668G+UyXbjBM5eFc8On6ugI= scheduled to be deleted on reboot.
    File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\GkyIAaYy0a4mXkH6yWpWcUMGvwM= scheduled to be deleted on reboot.
    File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\GwFkDYiVRPWiG1B2FSiuPubD0hWU= scheduled to be deleted on reboot.
    File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\j1UFn8foswAgknjsdwsVfW61jPA= scheduled to be deleted on reboot.
    File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\mT8oRtcFIwLRhvMpqs7wQ2Xlm5Y= scheduled to be deleted on reboot.
    File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\op0R4pACNAP9g5e4wr4aXqZ2FZhQ= scheduled to be deleted on reboot.
    File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\pqd2g3pXDIE1nan2FfJzXafF1xdE= scheduled to be deleted on reboot.
    File delete failed. C:\Users\Shiv\AppData\Local\Temp\MessengerCache\qlqaEf7OwViJYYq7mmzW5XjLOIg= scheduled to be deleted on reboot.
    File delete failed. C:\Users\Shiv\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
    File delete failed. C:\Users\Shiv\AppData\Local\Temp\etilqs_acuXOa9QdzQRHli scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_171034

    Files moved on Reboot...
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully.
    File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!
    File C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat not found!
    File C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat not found!
    C:\Users\Shiv\AppData\Local\Temp\MessengerCache\0ok1UVewRp5JJjUYEOO2FgRz8MkQ= moved successfully.
    C:\Users\Shiv\AppData\Local\Temp\MessengerCache\cFtL9FRVS5VNc3uNud4CT34uRJE= moved successfully.
    C:\Users\Shiv\AppData\Local\Temp\MessengerCache\G2Fj668G+UyXbjBM5eFc8On6ugI= moved successfully.
    C:\Users\Shiv\AppData\Local\Temp\MessengerCache\GkyIAaYy0a4mXkH6yWpWcUMGvwM= moved successfully.
    C:\Users\Shiv\AppData\Local\Temp\MessengerCache\GwFkDYiVRPWiG1B2FSiuPubD0hWU= moved successfully.
    C:\Users\Shiv\AppData\Local\Temp\MessengerCache\j1UFn8foswAgknjsdwsVfW61jPA= moved successfully.
    C:\Users\Shiv\AppData\Local\Temp\MessengerCache\mT8oRtcFIwLRhvMpqs7wQ2Xlm5Y= moved successfully.
    C:\Users\Shiv\AppData\Local\Temp\MessengerCache\op0R4pACNAP9g5e4wr4aXqZ2FZhQ= moved successfully.
    C:\Users\Shiv\AppData\Local\Temp\MessengerCache\pqd2g3pXDIE1nan2FfJzXafF1xdE= moved successfully.
    C:\Users\Shiv\AppData\Local\Temp\MessengerCache\qlqaEf7OwViJYYq7mmzW5XjLOIg= moved successfully.
    C:\Users\Shiv\AppData\Local\Temp\ehmsas.txt moved successfully.
    File C:\Users\Shiv\AppData\Local\Temp\etilqs_acuXOa9QdzQRHli not found!




    30 Novembre 2008 17:21:47

    log.txt :


    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Shiv at 2008-11-30 17:20:30
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 17 GB (32%) free of 54 GB
    Total RAM: 3070 MB (62% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:20:47, on 30/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Hp\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    D:\Jeux\Steam\Steam.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Launchy\Launchy.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
    C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Shiv\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Shiv\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Shiv.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    O4 - Startup: Warkeys Update.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 10246 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\GoogleUpdateTaskUser.job
    C:\Windows\tasks\User_Feed_Synchronization-{122E98E7-B0DB-4DBC-AEBA-1C3CCD2AAC49}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2008-09-02 75272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-05 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-05 34816]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
    "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208]
    "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-09-12 182808]
    "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]
    "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
    "OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
    "HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
    "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
    "WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-11-25 266497]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
    "HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
    "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-02-27 13515296]
    "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-02-27 92704]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-05 144792]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-09-08 3513344]
    "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
    "Steam"=d:\jeux\steam\steam.exe [2008-10-11 1410296]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
    "Google Update"=C:\Users\Shiv\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 133104]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-23 21755688]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
    Launchy.lnk - C:\Program Files\Launchy\Launchy.exe

    C:\Users\Shiv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    My_AutoWarkey_Script.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
    Warkeys Update.lnk - C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableLUA"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œ$w>††vÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†Çuÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œgw>†vÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œäv>†Õvÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œfw>†úuÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†­uÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$Œw>†­uÿÿÿÿc°B:*:Enabled:Windows NT Service"
    "DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$ŒÌw>†‚vÿÿÿÿc°B"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹$ŒÌw>†‚vÿÿÿÿc°B:*:Enabled:Windows NT Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======List of files/folders created in the last 1 months======

    2008-11-30 17:20:30 ----D---- C:\rsit
    2008-11-29 02:48:51 ----D---- C:\Windows\system32\Kaspersky Lab
    2008-11-28 14:39:26 ----D---- C:\Users\Shiv\AppData\Roaming\Google
    2008-11-28 14:38:59 ----D---- C:\Program Files\Google
    2008-11-27 14:22:20 ----D---- C:\Program Files\iPod
    2008-11-27 14:22:17 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-27 14:22:17 ----D---- C:\Program Files\iTunes
    2008-11-27 14:21:07 ----D---- C:\Program Files\QuickTime
    2008-11-27 00:29:53 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
    2008-11-25 14:27:23 ----D---- C:\_OTMoveIt
    2008-11-24 20:15:39 ----D---- C:\Users\Shiv\AppData\Roaming\Malwarebytes
    2008-11-24 20:15:35 ----D---- C:\ProgramData\Malwarebytes
    2008-11-24 20:15:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-11-24 18:37:00 ----A---- C:\Windows\system32\tmp.txt
    2008-11-24 18:36:57 ----A---- C:\rapport.txt
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\WS2Fix.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\VCCLSID.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\VACFix.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\swxcacls.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\swsc.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\swreg.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\SrchSTS.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\Process.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\o4Patch.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\IEDFix.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\IEDFix.C.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\dumphive.exe
    2008-11-24 18:36:45 ----A---- C:\Windows\system32\404Fix.exe
    2008-11-24 14:13:28 ----A---- C:\UsbFix.txt
    2008-11-24 14:07:57 ----D---- C:\Program Files\UsbFix
    2008-11-24 13:18:18 ----D---- C:\Program Files\CCleaner
    2008-11-24 13:12:36 ----D---- C:\Program Files\Trend Micro
    2008-11-24 12:55:30 ----D---- C:\VundoFix Backups
    2008-11-24 12:55:30 ----A---- C:\VundoFix.txt
    2008-11-21 16:33:23 ----A---- C:\Windows\system32\PnkBstrA.exe
    2008-11-21 16:33:14 ----A---- C:\Windows\system32\PnkBstrB.exe
    2008-11-21 16:31:43 ----A---- C:\Windows\system32\paul.dll
    2008-11-21 16:29:47 ----D---- C:\Users\Shiv\AppData\Roaming\Leadertech
    2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvexpbar.dll
    2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcpluir.dll
    2008-11-20 21:43:09 ----A---- C:\Windows\system32\nvcplui.exe
    2008-11-20 21:30:51 ----D---- C:\NVIDIA
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wups2.dll
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wucltux.dll
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuaueng.dll
    2008-11-20 09:15:14 ----A---- C:\Windows\system32\wuauclt.exe
    2008-11-20 09:15:04 ----A---- C:\Windows\system32\wups.dll
    2008-11-20 09:15:04 ----A---- C:\Windows\system32\wudriver.dll
    2008-11-20 09:15:04 ----A---- C:\Windows\system32\wuapi.dll
    2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuwebv.dll
    2008-11-20 09:14:55 ----A---- C:\Windows\system32\wuapp.exe
    2008-11-11 22:57:19 ----A---- C:\Windows\system32\msxml3.dll
    2008-11-11 22:57:09 ----A---- C:\Windows\system32\msxml6.dll
    2008-11-10 15:15:05 ----A---- C:\Windows\system32\XMLConfig_SYSID.ini
    2008-11-09 15:46:58 ----RHD---- C:\Users\Shiv\AppData\Roaming\SecuROM
    2008-11-09 15:46:56 ----A---- C:\Windows\system32\CmdLineExt.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAudio2_2.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\XAPOFX1_1.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\xactengine3_2.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\d3dx10_39.dll
    2008-11-09 15:37:27 ----A---- C:\Windows\system32\D3DCompiler_39.dll
    2008-11-09 15:37:26 ----A---- C:\Windows\system32\D3DX9_39.dll
    2008-11-09 15:36:51 ----A---- C:\Windows\system32\wrap_oal.dll
    2008-11-09 15:36:51 ----A---- C:\Windows\system32\OpenAL32.dll
    2008-11-09 15:21:27 ----D---- C:\Windows\system32\AGEIA
    2008-11-09 15:21:26 ----D---- C:\Program Files\AGEIA Technologies
    2008-11-09 15:21:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAudio2_3.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\XAPOFX1_2.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\xactengine3_3.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DX9_40.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\d3dx10_40.dll
    2008-11-08 19:19:53 ----A---- C:\Windows\system32\D3DCompiler_40.dll
    2008-11-08 19:19:52 ----A---- C:\Windows\system32\X3DAudio1_5.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAudio2_1.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\XAPOFX1_0.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\xactengine3_1.dll
    2008-11-08 19:19:51 ----A---- C:\Windows\system32\X3DAudio1_4.dll
    2008-11-08 19:19:50 ----A---- C:\Windows\system32\d3dx10_38.dll
    2008-11-08 19:19:50 ----A---- C:\Windows\system32\D3DCompiler_38.dll
    2008-11-08 19:19:49 ----A---- C:\Windows\system32\XAudio2_0.dll
    2008-11-08 19:19:49 ----A---- C:\Windows\system32\xactengine3_0.dll
    2008-11-08 19:19:49 ----A---- C:\Windows\system32\D3DX9_38.dll
    2008-11-08 19:19:48 ----A---- C:\Windows\system32\X3DAudio1_3.dll
    2008-11-08 19:19:48 ----A---- C:\Windows\system32\d3dx10_37.dll
    2008-11-08 19:19:48 ----A---- C:\Windows\system32\D3DCompiler_37.dll
    2008-11-08 19:19:46 ----A---- C:\Windows\system32\xactengine2_10.dll
    2008-11-08 19:19:46 ----A---- C:\Windows\system32\D3DX9_37.dll
    2008-11-08 19:19:45 ----A---- C:\Windows\system32\d3dx10_36.dll
    2008-11-08 19:19:45 ----A---- C:\Windows\system32\D3DCompiler_36.dll
    2008-11-08 19:19:44 ----A---- C:\Windows\system32\xactengine2_9.dll
    2008-11-08 19:19:44 ----A---- C:\Windows\system32\d3dx9_36.dll
    2008-11-08 19:19:42 ----A---- C:\Windows\system32\d3dx10_35.dll
    2008-11-08 19:19:42 ----A---- C:\Windows\system32\D3DCompiler_35.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\xactengine2_8.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\X3DAudio1_2.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx9_35.dll
    2008-11-08 19:19:41 ----A---- C:\Windows\system32\d3dx10_34.dll
    2008-11-08 19:19:40 ----A---- C:\Windows\system32\d3dx9_34.dll
    2008-11-08 19:19:40 ----A---- C:\Windows\system32\D3DCompiler_34.dll
    2008-11-08 19:19:39 ----A---- C:\Windows\system32\xinput1_3.dll
    2008-11-08 19:19:39 ----A---- C:\Windows\system32\xactengine2_7.dll
    2008-11-08 19:19:38 ----A---- C:\Windows\system32\d3dx10_33.dll
    2008-11-08 19:19:38 ----A---- C:\Windows\system32\D3DCompiler_33.dll
    2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_6.dll
    2008-11-08 19:19:37 ----A---- C:\Windows\system32\xactengine2_5.dll
    2008-11-08 19:19:37 ----A---- C:\Windows\system32\d3dx9_33.dll
    2008-11-08 19:19:36 ----A---- C:\Windows\system32\d3dx10.dll
    2008-11-08 19:19:35 ----A---- C:\Windows\system32\xactengine2_4.dll
    2008-11-08 19:19:35 ----A---- C:\Windows\system32\x3daudio1_1.dll
    2008-11-08 19:19:35 ----A---- C:\Windows\system32\d3dx9_32.dll
    2008-11-08 19:19:34 ----A---- C:\Windows\system32\xinput1_2.dll
    2008-11-08 19:19:34 ----A---- C:\Windows\system32\xactengine2_3.dll
    2008-11-08 19:19:34 ----A---- C:\Windows\system32\d3dx9_31.dll
    2008-11-08 19:19:33 ----A---- C:\Windows\system32\xinput1_1.dll
    2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_2.dll
    2008-11-08 19:19:33 ----A---- C:\Windows\system32\xactengine2_1.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\xactengine2_0.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\x3daudio1_0.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_30.dll
    2008-11-08 19:19:27 ----A---- C:\Windows\system32\d3dx9_29.dll
    2008-11-08 19:19:26 ----A---- C:\Windows\system32\d3dx9_28.dll
    2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_27.dll
    2008-11-08 19:19:25 ----A---- C:\Windows\system32\d3dx9_26.dll
    2008-11-08 19:19:24 ----A---- C:\Windows\system32\d3dx9_25.dll
    2008-11-08 19:19:22 ----A---- C:\Windows\system32\d3dx9_24.dll
    2008-11-08 11:22:40 ----D---- C:\Program Files\Lavalys
    2008-11-08 10:24:29 ----D---- C:\ProgramData\ma-config.com
    2008-11-08 10:24:29 ----D---- C:\Program Files\ma-config.com
    2008-11-07 21:31:44 ----SH---- C:\boot.ini
    2008-11-07 18:44:15 ----A---- C:\Windows\system32\AutoPartNt.exe
    2008-11-07 18:43:34 ----D---- C:\ProgramData\Acronis
    2008-11-07 18:28:42 ----D---- C:\Program Files\Acronis
    2008-11-07 18:28:41 ----D---- C:\Program Files\Common Files\Acronis
    2008-11-07 18:26:58 ----D---- C:\Program Files\Acronis Disk Director Suite 10 build 2160
    2008-11-07 17:21:37 ----D---- C:\Program Files\OurToolbar
    2008-11-07 14:24:24 ----D---- C:\Program Files\WinImage
    2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCRTD.DLL
    2008-11-05 21:04:41 ----A---- C:\Windows\system32\MSVCP60D.DLL
    2008-11-05 21:04:40 ----A---- C:\Windows\system32\WMAFile.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\TABCTFR.DLL
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\MSCMCFR.DLL
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudPlayer.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioVisu.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioRecord.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudioInfos.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudFile.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDisplay.dll
    2008-11-05 21:04:39 ----A---- C:\Windows\system32\AudDesign.dll
    2008-11-05 21:04:38 ----D---- C:\Program Files\Free Audio Pack
    2008-11-05 21:04:38 ----A---- C:\Windows\system32\msvcr70.dll
    2008-11-05 21:04:38 ----A---- C:\Windows\system32\lame_enc.dll
    2008-11-05 05:33:51 ----A---- C:\Windows\system32\EncDec.dll
    2008-11-05 05:33:50 ----A---- C:\Windows\system32\psisdecd.dll
    2008-11-03 15:50:54 ----D---- C:\Intel
    2008-11-03 15:50:49 ----D---- C:\Users\Shiv\AppData\Roaming\InstallShield
    2008-11-03 15:44:23 ----D---- C:\Windows\Minidump

    ======List of files/folders modified in the last 1 months======

    2008-11-30 17:20:46 ----D---- C:\Windows\Temp
    2008-11-30 17:20:41 ----D---- C:\Windows\Prefetch
    2008-11-30 17:20:20 ----D---- C:\Windows\Installer
    2008-11-30 17:20:19 ----HD---- C:\Config.Msi
    2008-11-30 17:20:19 ----D---- C:\ProgramData\Adobe
    2008-11-30 17:20:12 ----D---- C:\Users\Shiv\AppData\Roaming\Skype
    2008-11-30 17:19:42 ----D---- C:\Program Files\Common Files\Adobe
    2008-11-30 17:19:27 ----D---- C:\Windows\System32
    2008-11-30 17:19:27 ----D---- C:\Windows\inf
    2008-11-30 17:19:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2008-11-30 17:19:26 ----D---- C:\Program Files\Adobe
    2008-11-30 17:19:18 ----SHD---- C:\System Volume Information
    2008-11-30 17:07:55 ----D---- C:\Users\Shiv\AppData\Roaming\skypePM
    2008-11-30 17:01:03 ----D---- C:\Windows\system32\Tasks
    2008-11-30 17:00:27 ----SD---- C:\Windows\Downloaded Program Files
    2008-11-30 17:00:11 ----D---- C:\Program Files\Java
    2008-11-30 17:00:10 ----D---- C:\Program Files\Common Files
    2008-11-30 05:00:00 ----D---- C:\Windows
    2008-11-29 19:50:03 ----D---- C:\Program Files\Common Files\Steam
    2008-11-29 13:48:25 ----D---- C:\Users\Shiv\AppData\Roaming\uTorrent
    2008-11-28 14:38:59 ----RD---- C:\Program Files
    2008-11-27 14:30:55 ----D---- C:\Program Files\Mozilla Firefox
    2008-11-27 14:22:19 ----D---- C:\Program Files\Common Files\Apple
    2008-11-27 14:22:17 ----HD---- C:\ProgramData
    2008-11-27 13:26:25 ----D---- C:\Users\Shiv\AppData\Roaming\FrostWire
    2008-11-24 20:15:38 ----D---- C:\Windows\system32\drivers
    2008-11-24 15:40:46 ----D---- C:\Windows\system32\WDI
    2008-11-24 13:20:02 ----D---- C:\Windows\Debug
    2008-11-23 15:56:09 ----D---- C:\Windows\winsxs
    2008-11-22 20:29:12 ----D---- C:\Users\Shiv\AppData\Roaming\Hamachi
    2008-11-22 20:18:52 ----D---- C:\Users\Shiv\AppData\Roaming\teamspeak2
    2008-11-21 16:29:37 ----D---- C:\Windows\system32\LogFiles
    2008-11-21 16:22:53 ----RSD---- C:\Windows\assembly
    2008-11-20 23:20:58 ----D---- C:\ProgramData\NVIDIA
    2008-11-20 23:17:02 ----D---- C:\Windows\system32\catroot
    2008-11-20 23:17:01 ----D---- C:\Windows\system32\catroot2
    2008-11-20 23:15:54 ----D---- C:\SWSETUP
    2008-11-20 22:03:18 ----D---- C:\Windows\rescache
    2008-11-20 21:42:41 ----D---- C:\Windows\Help
    2008-11-20 21:28:13 ----D---- C:\Windows\system32\fr-FR
    2008-11-20 10:09:29 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-11-19 22:14:17 ----D---- C:\Windows\Tasks
    2008-11-17 21:40:59 ----D---- C:\Program Files\Full Tilt Poker
    2008-11-12 18:16:27 ----SD---- C:\Users\Shiv\AppData\Roaming\Microsoft
    2008-11-12 14:08:34 ----N---- C:\Windows\win.ini
    2008-11-07 19:08:09 ----D---- C:\Windows\Logs
    2008-11-07 16:36:53 ----SD---- C:\ProgramData\Microsoft
    2008-11-07 16:23:27 ----D---- C:\Program Files\nLite
    2008-11-07 16:21:40 ----D---- C:\XPiso
    2008-11-06 10:59:36 ----D---- C:\Program Files\Microsoft Office
    2008-11-05 10:46:38 ----D---- C:\Windows\Microsoft.NET
    2008-11-05 10:21:12 ----D---- C:\Windows\ehome
    2008-11-04 01:10:25 ----A---- C:\Windows\system32\mrt.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
    R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
    R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
    R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
    R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-11-25 52032]
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-10-11 25280]
    R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
    R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552]
    R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-02-27 7602688]
    R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 98816]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
    R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-17 983936]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
    R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
    S3 anvrc0g7;anvrc0g7; C:\Windows\system32\drivers\anvrc0g7.sys []
    S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
    S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
    S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
    S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-11-02 15360]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
    S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
    S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
    S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
    S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2005-08-02 32512]
    S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
    S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
    S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-11-25 68865]
    R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-11-25 151297]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
    R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-09-12 354840]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-02-27 49152]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
    R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-11-21 66872]
    R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760]
    R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
    R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-11-29 104944]
    S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2007-02-22 2217416]
    S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-02 195752]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]

    -----------------EOF-----------------



    info.txt

    info.txt logfile of random's system information tool 1.04 2008-11-30 17:20:49

    ======Uninstall list======

    -->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
    32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
    Acronis Disk Director Suite 10 build 2160-->C:\Program Files\Acronis Disk Director Suite 10 build 2160\Uninstal.exe
    Acronis Disk Director Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
    Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log
    Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
    adsl TV-->C:\Program Files\adslTV\Uninstal.exe
    AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
    Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
    Bink and Smacker-->C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
    Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
    Contacts-->MsiExec.exe /I{C6BDA6E5-B391-4CE5-8D86-B53AC96FFE03}
    Counter-Strike-->"D:\Jeux\Steam\steam.exe" steam://uninstall/10
    DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
    ESU for Microsoft Vista-->MsiExec.exe /I{AD3FDC40-BCF4-476D-A2D6-C4B154DD9DF5}
    EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
    FileZilla Client 3.1.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
    Fraps (remove only)-->"C:\Fraps\uninstall.exe"
    Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
    FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
    Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x040c -removeonly
    Garry's Mod-->"D:\Jeux\Steam\steam.exe" steam://uninstall/4000
    Giants-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97370293-96EC-11D4-9DEF-00104B70C5FB}\setup.exe"
    GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
    Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
    Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
    Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
    Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
    Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
    HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
    HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
    HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
    HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
    HP Imaging Device Functions 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP Photosmart All-In-One Software 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\{B09BCBF6-87EE-4403-A336-3A9510856535}\setup\hpzscr01.exe -datfile hposcr15.dat
    HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
    HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst
    HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
    HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
    HP Solution Center 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
    HP User Guides 0088-->MsiExec.exe /I{8347A7A5-4AB8-433F-82AA-496B0D189A9B}
    HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
    HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
    ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
    Intel(R) Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
    iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
    Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
    Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Kaspersky On-line Scanner-->C:\Windows\system32\KASPER~1\KASPER~1\kavuninstall.exe
    LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
    Launchy 2.1.2-->"C:\Program Files\Launchy\unins000.exe"
    Left 4 Dead-->"D:\Jeux\Steam\steam.exe" steam://uninstall/500
    Ma-Config.com-->MsiExec.exe /X{DD987A54-122B-4CFD-A8C5-5577027A6B78}
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
    Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSCU for Microsoft Vista-->MsiExec.exe /I{E87F5651-CE15-493F-AE99-3B670E25A54E}
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
    Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
    nLite 1.4.9.1-->"C:\Program Files\nLite\unins000.exe"
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    On2 VP7 Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
    Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
    Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
    PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
    PVK-->D:\Jeux\Counter-Strike 1.6 + Half-Life\pvk\uninstall.exe
    Quake III Arena Point Release 1.32-->C:\Windows\unvise32.exe d:\jeux\q3\uninstal5.log
    Quake III Arena-->C:\Windows\IsUninst.exe -fd:\jeux\q3\QIII.isu
    QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
    Rocket Arena 3 1.76 (remove only)-->"D:\Jeux\Q3\arena\uninstall.exe"
    Sacred 2-->MsiExec.exe /I{1023383E-D9F6-478C-A965-23A4657B3C9A}
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    Team Fortress 2-->"D:\Jeux\Steam\steam.exe" steam://uninstall/440
    TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
    VistaBootPRO 3.3-->MsiExec.exe /I{6C9FA746-8759-4040-A436-42922CB3492E}
    Warkeys 1.8.1.0b-->C:\Program Files\Warkeys\uninst.exe
    WC3Banlist-->"C:\Program Files\WC3Banlist\unins000.exe"
    Windows Live Bêta (tous les programmes)-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Windows Live Bêta (tous les programmes)-->MsiExec.exe /I{9C4AB6FB-43CD-4ADF-8B59-6C52A6B74324}
    Windows Live Call-->MsiExec.exe /I{868EC13B-52DA-43B9-8C05-50CD897674DF}
    Windows Live Messenger-->MsiExec.exe /X{F72F8316-91E8-4C80-9E39-EBE933E1EDFB}
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe

    =====HijackThis Backups=====

    O4 - HKLM\..\RunServices: [Windows NT Service] winnt32.exe
    O4 - HKLM\..\Run: [Windows NT Service] winnt32.exe
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

    ======Security center information======

    AV: Avira AntiVir PersonalEdition
    AS: Windows Defender

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;C:\Program Files\QuickTime\QTSystem\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=1706
    "NUMBER_OF_PROCESSORS"=2
    "PLATFORM"=MCD
    "PCBRAND"=Pavilion
    "OnlineServices"=Services en ligne
    "USERPART"=F:
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------

    a c 275 8 Sécurité
    a b 9 Windows
    30 Novembre 2008 17:28:07

    Pour la manip' avec OTMoveIt3, refais-la en mode sans échec.

    Pour redémarrer en mode sans échec :
  • Redémarre ton PC.
  • Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
  • Dans le menu d'options avancées, choisis Mode sans échec.
  • Choisis ta session.
    30 Novembre 2008 18:02:47

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== SERVICES/DRIVERS ==========
    Unable to stop service asp7icqx .
    ========== FILES ==========
    C:\rsit moved successfully.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat scheduled to be moved on reboot.
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat moved successfully.
    C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat moved successfully.
    File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found.
    File/Folder C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found.
    File/Folder C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr0.dat not found.
    File/Folder C:\Documents and Settings\All Users\Microsoft\Network\Downloader\qmgr1.dat not found.
    ========== COMMANDS ==========
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_175825

    Files moved on Reboot...
    File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr0.dat not found!
    File C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\qmgr1.dat not found!

    a c 275 8 Sécurité
    a b 9 Windows
    30 Novembre 2008 19:03:52

    Plus de soucis ?
    30 Novembre 2008 19:15:16

    Je refait un scan ce soir et je te dis ca :) 
    1 Décembre 2008 23:05:57

    Tout va bien merci :) 
    a c 275 8 Sécurité
    a b 9 Windows
    2 Décembre 2008 21:36:06

    1/

  • Désinstalle HijackThis.

  • Réactive l'UAC de Vista.


    2/

  • Télécharge OTCleanIt sur ton Bureau.
  • Clique droit sur OTCleanIt et choisis Exécuter en tant qu'administrateur.
  • Clique sur CleanUp! puis clique sur Yes à la fenêtre Confirm.
  • Redémarre ton PC comme demandé.


    3/

  • Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar).
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    4/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

  • Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.


    5/

  • Tiens à jour Windows et tes logiciels.

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant sur Internet ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS