Bug bug et rebug

Section d'analyse de rapports et de désinfection : malwares en tous genre et autres indésirables. Demandes de nettoyage uniquement. Prise en charge restreinte : équipe spécialisée.

Modérateur: Modérateurs

Règles du forum :arrow: Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
:arrow: Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
:arrow: Un topic par machine, chacun crée le sien. ;)

Re: Bug bug et rebug

Messagepar jspa » 05 Déc 2009 14:14

Cela ne sert à rien de le renommer ...

On va faire un log :

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit

@+
J'ai la grippe, je peux faire un hijackthis pour me débarrasser de cette saloperie ???
Avatar de l’utilisateur
jspa
Libellulien Junior
Libellulien Junior
 
Messages: 309
Inscription: 02 Mai 2007 15:02

Re: Bug bug et rebug

Messagepar Elina » 05 Déc 2009 18:07

Hello !

Voici le rapport log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by alex at 2009-12-05 18:06:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (24%) free of 35 GB
Total RAM: 503 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:50, on 05-Dec-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\alex\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\alex\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\alex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [VMCL] C:\Program Files\vodafone\vmclite\DongleEnumerator.exe
O4 - HKCU\..\Run: [Videohost] C:\DOCUME~1\alex\LOCALS~1\Temp\c.exe
O4 - HKCU\..\Run: [bdmnl] C:/Documents and Settings/alex/Local Settings/Temporary Internet Files/Content.IE5/VZ18YTW9//vshfkbo.exe
O4 - HKCU\..\Run: [lkuty] C:/Documents and Settings/alex/Local Settings/Temporary Internet Files/Content.IE5/VZ18YTW9//rgcnzeg.exe
O4 - HKCU\..\Run: [fxzik] C:/Documents and Settings/alex/My Documents//aouyjhl.exe
O4 - HKCU\..\Run: [pginx] C:/Documents and Settings/alex/My Documents//wcoiykd.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\alex\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe

--
End of file - 11234 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\BMMTask.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"=C:\WINDOWS\system32\S3Tray2.exe [2001-10-12 69632]
"TrackPointSrv"=C:\WINDOWS\system32\tp4serv.exe [2003-05-15 94208]
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2004-08-07 94208]
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2003-07-11 20480]
"QCTRAY"=C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE [2004-08-18 708608]
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [2004-08-18 81920]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2003-07-11 884736]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2002-09-04 53248]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2003-07-18 208896]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-06-27 88363]
"UC_Start"=C:\IBMTools\Updater\ucstartup.exe [2003-03-17 32768]
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [2003-07-21 540672]
"BMMGAG"=RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-04-06 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-04-06 114688]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
""= []
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"NokiaMusic FastStart"=C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe [2009-07-02 2327840]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [2003-07-21 540672]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Philips Intelligent Agent"=C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe [2008-02-21 613792]
"VMCL"=C:\Program Files\vodafone\vmclite\DongleEnumerator.exe []
"Videohost"=C:\DOCUME~1\alex\LOCALS~1\Temp\c.exe []
"bdmnl"=C:/Documents and Settings/alex/Local Settings/Temporary Internet Files/Content.IE5/VZ18YTW9//vshfkbo.exe []
"lkuty"=C:/Documents and Settings/alex/Local Settings/Temporary Internet Files/Content.IE5/VZ18YTW9//rgcnzeg.exe []
"fxzik"=C:/Documents and Settings/alex/My Documents//aouyjhl.exe []
"pginx"=C:/Documents and Settings/alex/My Documents//wcoiykd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Lancement rapide d'Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe

C:\Documents and Settings\alex\Start Menu\Programs\Startup
Notification de cadeaux MSN.lnk - C:\Documents and Settings\alex\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-06 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
C:\WINDOWS\system32\QConGina.dll [2004-08-18 258048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\IBMTOOLS\Updater\ucsmb.exe"="C:\IBMTOOLS\Updater\ucsmb.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\java.exe"="C:\IBMTOOLS\Updater\jre\bin\java.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe"="C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:enabled:IBM Update Connector"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia"
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer"
"C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe"="C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe:*:Enabled:Philips Intelligent Agent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\IBMTOOLS\Updater\ucsmb.exe"="C:\IBMTOOLS\Updater\ucsmb.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\java.exe"="C:\IBMTOOLS\Updater\jre\bin\java.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe"="C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:enabled:IBM Update Connector"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e002170-88f3-11de-a052-00096ba0819e}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-9-1-46-100026205-100019950-100020563-6555.com e:\
shell\Open\command - RECYCLER\S-9-1-46-100026205-100019950-100020563-6555.com e:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93fbfcb0-3297-11de-9220-00096ba0819e}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boodydar.exe
shell\explore\command - boodydar.exe
shell\find\command - boodydar.exe
shell\open\command - boodydar.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b41f8c51-be8c-11de-a087-00096ba0819e}]
shell\AutoRun\command - E:\VMC_PBStarter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b41f8c52-be8c-11de-a087-00096ba0819e}]
shell\AutoRun\command - E:\VMC_PBStarter.exe


======List of files/folders created in the last 1 months======

2009-12-05 18:06:38 ----D---- C:\rsit
2009-12-04 23:10:38 ----D---- C:\_OTM
2009-12-04 08:02:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-03 06:44:34 ----A---- C:\rapport.txt
2009-12-03 06:41:12 ----SHD---- C:\WINDOWS\CSC
2009-12-03 06:40:52 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-02 00:29:20 ----D---- C:\Program Files\DivX
2009-12-02 00:29:20 ----D---- C:\Program Files\Common Files\DivX Shared
2009-12-02 00:17:21 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-12-02 00:17:21 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-12-02 00:17:21 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-12-02 00:17:21 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-12-02 00:17:19 ----A---- C:\WINDOWS\system32\unrar.dll
2009-12-02 00:17:19 ----A---- C:\WINDOWS\avisplitter.ini
2009-12-02 00:17:16 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-12-02 00:17:14 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-12-02 00:17:14 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-12-02 00:17:13 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-12-02 00:17:13 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-12-02 00:17:12 ----A---- C:\WINDOWS\system32\divx.dll
2009-12-02 00:17:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-12-02 00:17:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-12-02 00:17:05 ----D---- C:\Program Files\K-Lite Codec Pack
2009-12-01 23:39:14 ----A---- C:\WINDOWS\system32\tmp.txt
2009-12-01 23:38:55 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-12-01 23:38:55 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-12-01 23:38:55 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-12-01 23:38:55 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-12-01 23:38:55 ----A---- C:\WINDOWS\system32\swsc.exe
2009-12-01 23:38:55 ----A---- C:\WINDOWS\system32\swreg.exe
2009-12-01 23:38:55 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-12-01 23:38:55 ----A---- C:\WINDOWS\system32\Process.exe
2009-12-01 23:38:55 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-12-01 23:38:55 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-12-01 23:38:55 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-12-01 23:38:55 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-12-01 23:38:55 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-12-01 23:38:55 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-11-30 21:53:34 ----D---- C:\Program Files\Trend Micro
2009-11-30 21:40:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-30 21:40:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-29 20:00:44 ----D---- C:\Program Files\Avira
2009-11-29 20:00:44 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-11-28 17:35:52 ----A---- C:\WINDOWS\msa.exe
2009-11-26 08:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-26 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-24 21:27:35 ----A---- C:\WINDOWS\system32\devil.dll
2009-11-24 21:27:35 ----A---- C:\WINDOWS\system32\avisynth.dll
2009-11-24 21:27:34 ----A---- C:\WINDOWS\system32\i420vfw.dll
2009-11-24 21:27:34 ----A---- C:\WINDOWS\system32\AVSredirect.dll
2009-11-24 21:27:33 ----D---- C:\Program Files\AviSynth 2.5
2009-11-24 21:24:24 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2009-11-24 21:24:24 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2009-11-24 21:24:23 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2009-11-24 21:24:16 ----D---- C:\Program Files\eRightSoft
2009-11-11 16:29:45 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-08 09:40:47 ----HDC---- C:\WINDOWS\ie8
2009-11-07 17:13:18 ----D---- C:\Documents and Settings\alex\Application Data\Mozilla
2009-11-07 15:51:01 ----D---- C:\WINDOWS\pss

======List of files/folders modified in the last 1 months======

2009-12-05 18:06:49 ----D---- C:\WINDOWS\Prefetch
2009-12-05 10:54:40 ----RD---- C:\Program Files
2009-12-05 10:50:14 ----D---- C:\WINDOWS\Temp
2009-12-05 10:50:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-05 10:47:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-05 10:47:12 ----D---- C:\WINDOWS\system32\drivers
2009-12-05 09:57:38 ----D---- C:\Documents and Settings\alex\Application Data\vlc
2009-12-05 09:55:57 ----D---- C:\Documents and Settings\alex\Application Data\Azureus
2009-12-04 23:20:32 ----AD---- C:\WINDOWS\system32
2009-12-04 23:12:09 ----AD---- C:\WINDOWS
2009-12-03 06:34:38 ----SD---- C:\WINDOWS\Tasks
2009-12-02 00:29:30 ----SHD---- C:\WINDOWS\Installer
2009-12-02 00:29:20 ----D---- C:\Program Files\Common Files
2009-12-01 23:00:00 ----D---- C:\Program Files\Mozilla Firefox
2009-11-30 08:39:18 ----D---- C:\WINDOWS\WinSxS
2009-11-30 03:00:49 ----HD---- C:\WINDOWS\inf
2009-11-30 03:00:37 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-30 03:00:37 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-30 03:00:33 ----D---- C:\WINDOWS\ie8updates
2009-11-30 03:00:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-29 23:08:37 ----A---- C:\WINDOWS\imsins.BAK
2009-11-29 23:08:07 ----D---- C:\Program Files\Internet Explorer
2009-11-29 22:29:43 ----SHD---- C:\RECYCLER
2009-11-29 22:29:43 ----D---- C:\Program Files\QuickTiming
2009-11-24 22:54:45 ----D---- C:\WINDOWS\system32\Restore
2009-11-24 22:05:52 ----D---- C:\Program Files\Vuze
2009-11-24 21:26:39 ----RSD---- C:\WINDOWS\Fonts
2009-11-19 06:08:55 ----D---- C:\Program Files\Safari
2009-11-17 07:49:58 ----D---- C:\Documents and Settings\alex\Application Data\Apple Computer
2009-11-12 10:14:04 ----D---- C:\WINDOWS\system32\wbem
2009-11-12 10:14:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-11 16:32:57 ----A---- C:\WINDOWS\win.ini
2009-11-10 06:30:02 ----D---- C:\Documents and Settings\alex\Application Data\dvdcss
2009-11-08 09:48:40 ----D---- C:\WINDOWS\system32\en-US
2009-11-08 09:48:40 ----D---- C:\WINDOWS\Media
2009-11-08 09:48:40 ----D---- C:\WINDOWS\Help
2009-11-07 17:05:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-07 16:45:18 ----D---- C:\Documents and Settings\alex\Application Data\DivX
2009-11-07 16:07:27 ----RASH---- C:\BOOT.INI
2009-11-07 16:07:27 ----A---- C:\WINDOWS\system.ini
2009-11-07 16:01:32 ----D---- C:\Program Files\Common Files\Ahead
2009-11-07 07:54:01 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2004-08-18 11520]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 IBMTPCHK;IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2004-08-18 2432]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2003-07-03 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2003-07-03 8830]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2004-06-10 16340]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2003-07-11 15360]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2003-07-10 7168]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-08-02 17801]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 PMEM;PMEM; \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-07 11354]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A; C:\WINDOWS\system32\drivers\Vch.sys [2003-04-15 20533]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-07-03 100256]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-06-27 1196352]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-11-14 140800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [2004-02-26 11344]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 QCNDISIF;QCNDISIF; C:\WINDOWS\System32\drivers\qcndisif.SYS [2004-08-18 12288]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-28 578304]
R3 Tp4Track;IBM PS/2 TrackPoint Driver; C:\WINDOWS\System32\DRIVERS\tp4track.sys [2003-05-15 13904]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-01-17 3325312]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-05-21 100736]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver; C:\WINDOWS\System32\DRIVERS\PCX504.sys [2004-05-04 119296]
S3 S3SSavage;S3SSavage; C:\WINDOWS\System32\DRIVERS\s3ssavm.sys [2001-11-01 95104]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-02-06 86016]
R2 IBMPMSVC;IBM PM Service; C:\WINDOWS\System32\ibmpmsvc.exe [2004-02-26 57344]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 QCONSVC;QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [2004-08-18 73728]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-02-06 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-02-06 372809]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2003-07-12 32768]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 TwonkyMedia;TwonkyMedia; C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [2008-10-20 102400]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-04-26 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------
Elina
Libellulien
Libellulien
 
Messages: 62
Inscription: 30 Nov 2009 22:13

Re: Bug bug et rebug

Messagepar Elina » 05 Déc 2009 18:11

Et voilà le rapport info.txt :

info.txt logfile of random's system information tool 1.06 2009-12-05 18:06:54

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\SETUP.EXE"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\SETUP.EXE"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\SETUP.EXE"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access IBM Cleanup Utility-->MsiExec.exe /I{CF44C7A5-5705-41E4-BE84-A9A42977AB05}
Access IBM Message Center-->MsiExec.exe /X{710C0BB2-FE39-484E-BB23-C9B96835A14A}
Access IBM Tools-->C:\Program Files\IBM\Access IBM\IBMUINST.EXE
Access IBM-->MsiExec.exe /X{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=040c
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Agere Systems AC'97 Modem-->agrsmdel
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
IBM 32-bit SDK for Java 2, v1.4.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6C72E14A-C1F3-45E5-8810-83CE3C19ED63} /l1033
IBM Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\SETUP.EXE" -l0x9 anything
IBM Themes-->MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad Battery MaxiMiser and Power Management Features-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ThinkPad\Utilities\Unbmm.isu" -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
IBM ThinkPad Configuration-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNTPUW.ISU -c"C:\Program Files\ThinkPad\Utilities\Tpinswin.dll"
IBM ThinkPad EasyEject Utility -->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unezej.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsej.dll"
IBM ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
IBM ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
IBM ThinkPad Presentation Director-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
IBM TrackPoint Accessibility Features-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
IBM TrackPoint Support-->C:\WINDOWS\System32\tp4unins.exe
IBM Update Connector-->MsiExec.exe /X{31C2FBAC-67CF-4093-8F36-15A146613747}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3577
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
K-Lite Mega Codec Pack 5.4.4-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia Home Media Server-->MsiExec.exe /X{F5A3D2C9-22CF-489B-8B01-F7159D1A7412}
Nokia Map Loader-->MsiExec.exe /I{45D4F727-43B5-49CD-B474-B9866A8F4FB8}
Nokia Multimedia Common Components 2.4-->MsiExec.exe /I{6EB6C056-02BB-453E-8448-EC90B9794180}
Nokia Music-->MsiExec.exe /I{7035F31B-20DA-4522-B0DB-3CA18B46DD77}
Nokia Ovi Application Installer 6.85.3011-->msiexec /qn /x {42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Application Installer-->MsiExec.exe /I{42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Content Copier 6.85.3011-->msiexec /qn /x {6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi Content Copier-->MsiExec.exe /X{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi One Touch Access 6.85.3019-->msiexec /qn /x {C4B045DB-C2C0-4A05-8DA5-754B4733EE31}
Nokia Ovi One Touch Access-->MsiExec.exe /I{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}
Nokia Ovi Suite-->MsiExec.exe /I{2218B96C-ABA2-45D9-A0B4-56B71F5303DB}
Nokia Ovi System Utilities 6.85.3018-->msiexec /qn /x {F9EA1C47-64A6-45E4-9A80-8CC1575B971D}
Nokia Ovi System Utilities-->MsiExec.exe /X{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}
Nokia Photos-->MsiExec.exe /I{9292B96D-B693-4F07-B5FE-21CCDC7CB4AF}
Nokia Software Updater-->MsiExec.exe /X{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\SETUP.EXE"
Philips Intelligent Agent-->"C:\Program Files\Philips Intelligent Agent\Uninst\unins000.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
QuickTiming-->"C:\Program Files\QuickTiming\Uninstall.exe"
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shockwave-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
SmartMovie Converter-->"C:\Program Files\Lonely Cat Games\SmartMovie Converter\IIUninst.exe" C:\Program Files\Lonely Cat Games\SmartMovie Converter\install.log
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Software Installer-->_tpiu000.exe /U
TwonkyMedia-->C:\Program Files\Nokia\Nokia Home Media Server\\Media Server\UninstallTwonkyMedia.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Visual C++ 8.0 ATL (x86) WinSXS MSM-->MsiExec.exe /I{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
VLC Connection Utility 2.03-->"C:\Program Files\Hobbyist Software\VLC Connection Utility\unins000.exe"
VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files\Vuze\uninstall.exe
Wallpapers-->MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xobni Core-->MsiExec.exe /I{8DC069E7-893C-41E1-9442-DE89FEC33371}

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: IBM-CE210E698F6
Event Code: 1002
Message: The IP address lease 192.168.0.136 for the Network Card with network address 00166FB9255E has been
denied by the DHCP server 78.251.255.252 (The DHCP Server sent a DHCPNACK message).

Record Number: 4286
Source Name: Dhcp
Time Written: 20091129193024.000000+060
Event Type: error
User:

Computer Name: IBM-CE210E698F6
Event Code: 10010
Message: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Record Number: 4259
Source Name: DCOM
Time Written: 20091129184034.000000+060
Event Type: error
User: IBM-CE210E698F6\alex

Computer Name: IBM-CE210E698F6
Event Code: 10010
Message: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Record Number: 4258
Source Name: DCOM
Time Written: 20091129175304.000000+060
Event Type: error
User: IBM-CE210E698F6\alex

Computer Name: IBM-CE210E698F6
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 4255
Source Name: W32Time
Time Written: 20091129162749.000000+060
Event Type: warning
User:

Computer Name: IBM-CE210E698F6
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00166FB9255E. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 4209
Source Name: Dhcp
Time Written: 20091126013523.000000+060
Event Type: warning
User:

=====Application event log=====

Computer Name: IBM-CE210E698F6
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.

Record Number: 25
Source Name: EvntAgnt
Time Written: 20091117204234.000000+060
Event Type: warning
User:

Computer Name: IBM-CE210E698F6
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .

Record Number: 24
Source Name: EvntAgnt
Time Written: 20091117204234.000000+060
Event Type: warning
User:

Computer Name: IBM-CE210E698F6
Event Code: 2002
Message: The MOF file created for the Outlook service could not be loaded. The
error code returned by the MOF Compiler is contained in the Record Data.
Before the performance counters of this service can be collected by WMI
the MOF file will need to be loaded manually. Contact the vendor of this
service for additional information.

Record Number: 17
Source Name: LoadPerf
Time Written: 20091112101404.000000+060
Event Type: warning
User:

Computer Name: IBM-CE210E698F6
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.

Record Number: 7
Source Name: EvntAgnt
Time Written: 20091112004122.000000+060
Event Type: warning
User:

Computer Name: IBM-CE210E698F6
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .

Record Number: 6
Source Name: EvntAgnt
Time Written: 20091112004122.000000+060
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Nokia\PC Connectivity Solution\;C:\PROGRAM FILES\THINKPAD\UTILITIES;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 11 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0b04
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Quel charabia !!!
Pour info, sont installés sur ma bécane : Hijack, OTM, RSIT, SmitFraud, Avira... C'est tout.
Elina
Libellulien
Libellulien
 
Messages: 62
Inscription: 30 Nov 2009 22:13

Re: Bug bug et rebug

Messagepar jspa » 06 Déc 2009 08:08

Hello,

Il y a de nombreux restes d'infections encore présent sur ton pc.

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.
Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).
  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  • On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  • Le bureau disparaît, c'est normal, et il va revenir.
  • Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).
J'ai la grippe, je peux faire un hijackthis pour me débarrasser de cette saloperie ???
Avatar de l’utilisateur
jspa
Libellulien Junior
Libellulien Junior
 
Messages: 309
Inscription: 02 Mai 2007 15:02

Re: Bug bug et rebug

Messagepar Elina » 06 Déc 2009 21:00

Hello !

Voici le rapport ComboFix :

ComboFix 09-12-06.06 - alex 06-Dec-09 20:00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.267 [GMT 1:00]
Running from: c:\documents and settings\alex\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msa.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\AVSredirect.dll
c:\windows\system32\drivers\gxvxcakxympucbltlwabwvtchskyjbnmyxwho.sys
c:\windows\system32\drivers\gxvxcoqxylqppymlvmycpbamqjwtenvmtywak.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcslartqxbakllioayvdrjubbptkusiekd.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys
-------\Legacy_gxvxcserv.sys
-------\Legacy_SSHNAS
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-05 17:06 . 2009-12-05 17:06 -------- d-----w- C:\rsit
2009-12-04 22:10 . 2009-12-04 22:10 -------- d-----w- C:\_OTM
2009-12-04 07:02 . 2009-12-04 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-03 05:42 . 2009-12-03 05:42 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-01 23:29 . 2009-12-01 23:29 -------- d-----w- c:\program files\DivX
2009-12-01 23:29 . 2009-12-01 23:29 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-30 20:53 . 2009-11-30 20:53 -------- d-----w- c:\program files\Trend Micro
2009-11-30 20:40 . 2009-12-01 22:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-30 20:40 . 2009-12-01 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-29 19:00 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-29 19:00 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-29 19:00 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-29 19:00 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-29 19:00 . 2009-11-29 19:00 -------- d-----w- c:\program files\Avira
2009-11-29 19:00 . 2009-11-29 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-11-28 23:29 . 2009-11-28 23:29 271 ----a-w- c:\documents and settings\alex\Local Settings\Application Data\cgqh.vbs
2009-11-24 22:03 . 2009-11-24 22:03 4141117 ----a-w- c:\documents and settings\alex\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2009-11-24 22:03 . 2009-11-24 22:03 6516755 ----a-w- c:\documents and settings\alex\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
2009-11-24 22:02 . 2009-11-24 22:02 15884 ----a-w- c:\documents and settings\alex\Application Data\Azureus\plugins\azitunes\libProcessAccess.dll
2009-11-24 22:02 . 2009-11-24 22:02 102400 ----a-w- c:\documents and settings\alex\Application Data\Azureus\plugins\azitunes\jacob-1.14.3-x86.dll
2009-11-24 20:27 . 2007-05-17 16:30 318976 ----a-w- c:\windows\system32\avisynth.dll
2009-11-24 20:27 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2009-11-24 20:27 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2009-11-24 20:27 . 2009-11-24 20:27 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-24 20:24 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-11-24 20:24 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-11-24 20:24 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2009-11-24 20:24 . 2009-11-24 20:24 -------- d-----w- c:\program files\eRightSoft
2009-11-19 05:05 . 2009-11-19 05:05 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-08 08:40 . 2009-11-08 08:45 -------- dc-h--w- c:\windows\ie8
2009-11-07 16:13 . 2009-11-07 16:13 0 ----a-w- c:\windows\nsreg.dat
2009-11-07 16:13 . 2009-11-07 16:13 -------- d-----w- c:\documents and settings\alex\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 18:33 . 2009-10-31 08:20 -------- d-----w- c:\documents and settings\alex\Application Data\vlc
2009-12-05 08:55 . 2009-04-28 21:25 -------- d-----w- c:\documents and settings\alex\Application Data\Azureus
2009-12-01 23:26 . 2009-12-01 23:17 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-29 21:29 . 2009-05-02 17:19 -------- d-----w- c:\program files\QuickTiming
2009-11-24 21:05 . 2009-04-28 21:24 -------- d-----w- c:\program files\Vuze
2009-11-19 05:08 . 2009-10-31 21:09 -------- d-----w- c:\program files\Safari
2009-11-17 06:49 . 2009-10-24 19:10 -------- d-----w- c:\documents and settings\alex\Application Data\Apple Computer
2009-11-10 05:30 . 2009-10-31 08:27 -------- d-----w- c:\documents and settings\alex\Application Data\dvdcss
2009-11-09 18:00 . 2009-12-01 23:17 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-07 15:45 . 2009-10-30 09:37 -------- d-----w- c:\documents and settings\alex\Application Data\DivX
2009-11-07 15:01 . 2009-10-17 14:34 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-05 20:54 . 2009-11-05 20:54 53940 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-04 19:20 . 2009-04-28 19:14 -------- d-----w- c:\program files\Java
2009-11-04 19:19 . 2009-11-04 19:19 152576 ----a-w- c:\documents and settings\alex\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-31 21:21 . 2009-10-31 21:20 -------- d-----w- c:\program files\iTunes
2009-10-31 21:20 . 2009-10-31 21:20 -------- d-----w- c:\program files\iPod
2009-10-31 21:20 . 2009-10-24 19:06 -------- d-----w- c:\program files\Common Files\Apple
2009-10-31 21:12 . 2009-10-31 21:12 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-31 08:18 . 2009-10-31 08:18 -------- d-----w- c:\program files\VideoLAN
2009-10-31 08:12 . 2009-10-31 08:12 -------- d-----w- c:\program files\Hobbyist Software
2009-10-29 23:13 . 2009-10-12 18:36 -------- d-----w- c:\program files\Xobni
2009-10-24 19:41 . 2009-10-24 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-24 19:10 . 2009-10-24 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-24 19:09 . 2009-10-24 19:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-24 19:08 . 2009-10-24 19:08 -------- d-----w- c:\program files\Bonjour
2009-10-24 19:08 . 2009-10-24 19:07 -------- d-----w- c:\program files\QuickTime
2009-10-24 19:06 . 2009-10-24 19:06 -------- d-----w- c:\program files\Apple Software Update
2009-10-18 19:29 . 2009-10-18 19:29 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-18 19:28 . 2009-04-26 21:20 -------- d-----w- c:\program files\Windows Live
2009-10-18 19:24 . 2009-04-26 21:21 -------- d-----w- c:\program files\Microsoft
2009-10-18 14:30 . 2009-10-18 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Philips
2009-10-18 14:30 . 2009-10-18 14:28 -------- d-----w- c:\program files\Philips Intelligent Agent
2009-10-18 12:29 . 2009-10-17 14:37 -------- d-----w- c:\documents and settings\alex\Application Data\Ahead
2009-10-18 00:56 . 2009-10-18 00:56 10686001 ----a-w- c:\documents and settings\alex\Application Data\Azureus\plugins\azump\mplayer.exe
2009-10-17 14:34 . 2009-10-17 14:34 -------- d-----w- c:\program files\Nero
2009-10-17 14:02 . 2009-10-17 14:02 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-11 03:17 . 2009-04-28 19:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-25 16:42 . 2009-10-29 22:46 129784 ------w- c:\windows\system32\pxafs.dll
2009-09-25 16:42 . 2009-10-29 22:46 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-25 16:42 . 2009-10-29 22:46 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-14 02:17 . 2009-09-14 02:17 2716 -c--a-w- c:\windows\system32\d3d9caps.dat
2009-09-11 14:18 . 1980-01-01 07:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2006-05-03 09:06 . 2009-11-24 20:24 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-11-24 20:24 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-11-24 20:24 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-07-21 540672]
"Philips Intelligent Agent"="c:\program files\Philips Intelligent Agent\Philips Intelligent Agent.exe" [2008-02-21 613792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
"TrackPointSrv"="tp4serv.exe" [2003-05-15 94208]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-07 94208]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2003-07-11 20480]
"QCTRAY"="c:\program files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2004-08-18 708608]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 81920]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2003-07-11 884736]
"TP4EX"="tp4ex.exe" [2002-09-04 53248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-07-18 208896]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 88363]
"UC_Start"="c:\ibmtools\Updater\ucstartup.exe" [2003-03-17 32768]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2003-07-21 540672]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2003-07-11 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-04-06 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-04-06 114688]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-02 2327840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\alex\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - c:\documents and settings\alex\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-4-26 135680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Lancement rapide d'Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2009-4-26 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-08-18 10:30 258048 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\IBMTOOLS\\Updater\\ucsmb.exe"=
"c:\\IBMTOOLS\\Updater\\jre\\bin\\java.exe"=
"c:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Philips Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [27-Apr-09 00:13 15360]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [29-Nov-09 20:00 108289]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;c:\windows\system32\drivers\vch.sys [26-Apr-09 17:39 20533]
R3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [27-Apr-09 00:14 12288]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [01-Jan-80 08:00 13904]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [01-Jan-80 08:00 119296]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convertir en Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir en un fichier PDF existant - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\alex\Application Data\Mozilla\Firefox\Profiles\0tsios9v.default\
FF - plugin: c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-VMCL - c:\program files\vodafone\vmclite\DongleEnumerator.exe
HKCU-Run-bdmnl - C:/Documents and Settings/alex/Local Settings/Temporary Internet Files/Content.IE5/VZ18YTW9//vshfkbo.exe
HKCU-Run-lkuty - C:/Documents and Settings/alex/Local Settings/Temporary Internet Files/Content.IE5/VZ18YTW9//rgcnzeg.exe
HKCU-Run-fxzik - C:/Documents and Settings/alex/My Documents//aouyjhl.exe
HKCU-Run-pginx - C:/Documents and Settings/alex/My Documents//wcoiykd.exe
AddRemove-QuickTiming - c:\program files\QuickTiming\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 20:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3380)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\snmp.exe
c:\windows\system32\tp4serv.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\RunDll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
.
**************************************************************************
.
Completion time: 2009-12-06 20:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-06 19:43

Pre-Run: 8,839,168,000 bytes free
Post-Run: 8,727,396,352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - DC1BF6505E32D13C24C3AF136BE95289

A très vite

Elina
Elina
Libellulien
Libellulien
 
Messages: 62
Inscription: 30 Nov 2009 22:13

Re: Bug bug et rebug

Messagepar jspa » 07 Déc 2009 15:02

Hello,

D'après Falkra, le logiciel à fait le ménage ! (Je ne connais pas combofix et ai eu besoin de son aide ...)

Pourrait-tu me re-poster un rapport RSIT ? Merci

Ou en sont tes symptômes ? Arrives tu à ouvrir MBAM ?

@+
J'ai la grippe, je peux faire un hijackthis pour me débarrasser de cette saloperie ???
Avatar de l’utilisateur
jspa
Libellulien Junior
Libellulien Junior
 
Messages: 309
Inscription: 02 Mai 2007 15:02

Re: Bug bug et rebug

Messagepar Elina » 07 Déc 2009 23:11

Hello !

Voici un rapport RSIT log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by alex at 2009-12-07 23:09:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (22%) free of 35 GB
Total RAM: 503 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:43, on 07-Dec-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\alex\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\alex\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\alex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\alex\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe

--
End of file - 11141 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\BMMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"=C:\WINDOWS\system32\S3Tray2.exe [2001-10-12 69632]
"TrackPointSrv"=C:\WINDOWS\system32\tp4serv.exe [2003-05-15 94208]
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2004-08-07 94208]
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2003-07-11 20480]
"QCTRAY"=C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE [2004-08-18 708608]
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [2004-08-18 81920]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2003-07-11 884736]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2002-09-04 53248]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2003-07-18 208896]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-06-27 88363]
"UC_Start"=C:\IBMTools\Updater\ucstartup.exe [2003-03-17 32768]
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [2003-07-21 540672]
"BMMGAG"=RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-04-06 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-04-06 114688]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"NokiaMusic FastStart"=C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe [2009-07-02 2327840]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [2003-07-21 540672]
"Philips Intelligent Agent"=C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe [2008-02-21 613792]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Lancement rapide d'Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe

C:\Documents and Settings\alex\Start Menu\Programs\Startup
Notification de cadeaux MSN.lnk - C:\Documents and Settings\alex\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-06 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
C:\WINDOWS\system32\QConGina.dll [2004-08-18 258048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\IBMTOOLS\Updater\ucsmb.exe"="C:\IBMTOOLS\Updater\ucsmb.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\java.exe"="C:\IBMTOOLS\Updater\jre\bin\java.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe"="C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:enabled:IBM Update Connector"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia"
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer"
"C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe"="C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe:*:Enabled:Philips Intelligent Agent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\IBMTOOLS\Updater\ucsmb.exe"="C:\IBMTOOLS\Updater\ucsmb.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\java.exe"="C:\IBMTOOLS\Updater\jre\bin\java.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe"="C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:enabled:IBM Update Connector"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

======List of files/folders created in the last 1 months======

2009-12-07 07:54:05 ----SHD---- C:\RECYCLER
2009-12-06 23:43:02 ----D---- C:\WINDOWS\Minidump
2009-12-06 20:44:29 ----A---- C:\ComboFix.txt
2009-12-06 19:50:03 ----A---- C:\Boot.bak
2009-12-06 19:49:48 ----RASHD---- C:\cmdcons
2009-12-06 19:47:54 ----A---- C:\WINDOWS\zip.exe
2009-12-06 19:47:54 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-06 19:47:54 ----A---- C:\WINDOWS\SWSC.exe
2009-12-06 19:47:54 ----A---- C:\WINDOWS\SWREG.exe
2009-12-06 19:47:54 ----A---- C:\WINDOWS\sed.exe
2009-12-06 19:47:54 ----A---- C:\WINDOWS\PEV.exe
2009-12-06 19:47:54 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-06 19:47:54 ----A---- C:\WINDOWS\MBR.exe
2009-12-06 19:47:54 ----A---- C:\WINDOWS\grep.exe
2009-12-06 19:46:27 ----D---- C:\WINDOWS\ERDNT
2009-12-06 19:46:14 ----D---- C:\Qoobox
2009-12-05 18:06:38 ----D---- C:\rsit
2009-12-04 23:10:38 ----D---- C:\_OTM
2009-12-04 08:02:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-03 06:41:12 ----SHD---- C:\WINDOWS\CSC
2009-12-03 06:40:52 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-02 00:29:20 ----D---- C:\Program Files\DivX
2009-12-02 00:29:20 ----D---- C:\Program Files\Common Files\DivX Shared
2009-12-02 00:17:21 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-12-02 00:17:21 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-12-02 00:17:21 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-12-02 00:17:21 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-12-02 00:17:19 ----A---- C:\WINDOWS\system32\unrar.dll
2009-12-02 00:17:19 ----A---- C:\WINDOWS\avisplitter.ini
2009-12-02 00:17:16 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-12-02 00:17:14 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-12-02 00:17:14 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-12-02 00:17:13 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-12-02 00:17:13 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-12-02 00:17:12 ----A---- C:\WINDOWS\system32\divx.dll
2009-12-02 00:17:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-12-02 00:17:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-12-02 00:17:05 ----D---- C:\Program Files\K-Lite Codec Pack
2009-12-01 23:39:14 ----A---- C:\WINDOWS\system32\tmp.txt
2009-11-30 21:53:34 ----D---- C:\Program Files\Trend Micro
2009-11-30 21:40:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-30 21:40:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-29 20:00:44 ----D---- C:\Program Files\Avira
2009-11-29 20:00:44 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-11-26 08:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-26 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-24 21:27:35 ----A---- C:\WINDOWS\system32\devil.dll
2009-11-24 21:27:35 ----A---- C:\WINDOWS\system32\avisynth.dll
2009-11-24 21:27:34 ----A---- C:\WINDOWS\system32\i420vfw.dll
2009-11-24 21:27:33 ----D---- C:\Program Files\AviSynth 2.5
2009-11-24 21:24:24 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2009-11-24 21:24:24 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2009-11-24 21:24:23 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2009-11-24 21:24:16 ----D---- C:\Program Files\eRightSoft
2009-11-11 16:29:45 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-08 09:40:47 ----HDC---- C:\WINDOWS\ie8

======List of files/folders modified in the last 1 months======

2009-12-07 23:06:45 ----D---- C:\WINDOWS\Prefetch
2009-12-07 22:58:08 ----D---- C:\WINDOWS\Temp
2009-12-07 22:58:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-07 07:56:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-06 23:43:03 ----AD---- C:\WINDOWS
2009-12-06 21:19:45 ----D---- C:\Documents and Settings\alex\Application Data\Azureus
2009-12-06 20:44:35 ----D---- C:\WINDOWS\system32\drivers
2009-12-06 20:44:35 ----AD---- C:\WINDOWS\system32
2009-12-06 20:30:54 ----A---- C:\WINDOWS\system.ini
2009-12-06 20:25:43 ----D---- C:\WINDOWS\system32\config
2009-12-06 20:23:37 ----SD---- C:\WINDOWS\Tasks
2009-12-06 20:20:42 ----D---- C:\WINDOWS\AppPatch
2009-12-06 20:20:37 ----D---- C:\Program Files\Common Files
2009-12-06 19:53:45 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-12-06 19:50:03 ----RASH---- C:\BOOT.INI
2009-12-06 19:33:02 ----D---- C:\Documents and Settings\alex\Application Data\vlc
2009-12-05 10:54:40 ----RD---- C:\Program Files
2009-12-02 00:29:30 ----SHD---- C:\WINDOWS\Installer
2009-12-01 23:00:00 ----D---- C:\Program Files\Mozilla Firefox
2009-11-30 08:39:18 ----D---- C:\WINDOWS\WinSxS
2009-11-30 03:00:49 ----HD---- C:\WINDOWS\inf
2009-11-30 03:00:37 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-30 03:00:33 ----D---- C:\WINDOWS\ie8updates
2009-11-30 03:00:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-29 23:08:37 ----A---- C:\WINDOWS\imsins.BAK
2009-11-29 23:08:07 ----D---- C:\Program Files\Internet Explorer
2009-11-29 22:29:43 ----D---- C:\Program Files\QuickTiming
2009-11-24 22:54:45 ----D---- C:\WINDOWS\system32\Restore
2009-11-24 22:05:52 ----D---- C:\Program Files\Vuze
2009-11-24 21:26:39 ----RSD---- C:\WINDOWS\Fonts
2009-11-19 06:08:55 ----D---- C:\Program Files\Safari
2009-11-17 07:49:58 ----D---- C:\Documents and Settings\alex\Application Data\Apple Computer
2009-11-12 10:14:04 ----D---- C:\WINDOWS\system32\wbem
2009-11-12 10:14:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-11 16:32:57 ----A---- C:\WINDOWS\win.ini
2009-11-10 06:30:02 ----D---- C:\Documents and Settings\alex\Application Data\dvdcss
2009-11-08 09:48:40 ----D---- C:\WINDOWS\system32\en-US
2009-11-08 09:48:40 ----D---- C:\WINDOWS\Media
2009-11-08 09:48:40 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2004-08-18 11520]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 IBMTPCHK;IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2004-08-18 2432]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2003-07-03 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2003-07-03 8830]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2004-06-10 16340]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2003-07-11 15360]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2003-07-10 7168]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-08-02 17801]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 PMEM;PMEM; \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-07 11354]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A; C:\WINDOWS\system32\drivers\Vch.sys [2003-04-15 20533]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-07-03 100256]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-06-27 1196352]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-11-14 140800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [2004-02-26 11344]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 QCNDISIF;QCNDISIF; C:\WINDOWS\System32\drivers\qcndisif.SYS [2004-08-18 12288]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-28 578304]
R3 Tp4Track;IBM PS/2 TrackPoint Driver; C:\WINDOWS\System32\DRIVERS\tp4track.sys [2003-05-15 13904]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-01-17 3325312]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-05-21 100736]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver; C:\WINDOWS\System32\DRIVERS\PCX504.sys [2004-05-04 119296]
S3 S3SSavage;S3SSavage; C:\WINDOWS\System32\DRIVERS\s3ssavm.sys [2001-11-01 95104]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-02-06 86016]
R2 IBMPMSVC;IBM PM Service; C:\WINDOWS\System32\ibmpmsvc.exe [2004-02-26 57344]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 QCONSVC;QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [2004-08-18 73728]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-02-06 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-02-06 372809]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2003-07-12 32768]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 TwonkyMedia;TwonkyMedia; C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [2008-10-20 102400]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-04-26 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------
Elina
Libellulien
Libellulien
 
Messages: 62
Inscription: 30 Nov 2009 22:13

Re: Bug bug et rebug

Messagepar Elina » 07 Déc 2009 23:12

Et voilà le rapport info de RSIT :

info.txt logfile of random's system information tool 1.06 2009-12-07 23:09:45

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\SETUP.EXE"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\SETUP.EXE"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\SETUP.EXE"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access IBM Cleanup Utility-->MsiExec.exe /I{CF44C7A5-5705-41E4-BE84-A9A42977AB05}
Access IBM Message Center-->MsiExec.exe /X{710C0BB2-FE39-484E-BB23-C9B96835A14A}
Access IBM Tools-->C:\Program Files\IBM\Access IBM\IBMUINST.EXE
Access IBM-->MsiExec.exe /X{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=d:\adobe creative suite 2.0/lang=040c
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Agere Systems AC'97 Modem-->agrsmdel
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
IBM 32-bit SDK for Java 2, v1.4.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6C72E14A-C1F3-45E5-8810-83CE3C19ED63} /l1033
IBM Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\SETUP.EXE" -l0x9 anything
IBM Themes-->MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad Battery MaxiMiser and Power Management Features-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ThinkPad\Utilities\Unbmm.isu" -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
IBM ThinkPad Configuration-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNTPUW.ISU -c"C:\Program Files\ThinkPad\Utilities\Tpinswin.dll"
IBM ThinkPad EasyEject Utility -->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unezej.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsej.dll"
IBM ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
IBM ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
IBM ThinkPad Presentation Director-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
IBM TrackPoint Accessibility Features-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
IBM TrackPoint Support-->C:\WINDOWS\System32\tp4unins.exe
IBM Update Connector-->MsiExec.exe /X{31C2FBAC-67CF-4093-8F36-15A146613747}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3577
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
K-Lite Mega Codec Pack 5.4.4-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia Home Media Server-->MsiExec.exe /X{F5A3D2C9-22CF-489B-8B01-F7159D1A7412}
Nokia Map Loader-->MsiExec.exe /I{45D4F727-43B5-49CD-B474-B9866A8F4FB8}
Nokia Multimedia Common Components 2.4-->MsiExec.exe /I{6EB6C056-02BB-453E-8448-EC90B9794180}
Nokia Music-->MsiExec.exe /I{7035F31B-20DA-4522-B0DB-3CA18B46DD77}
Nokia Ovi Application Installer 6.85.3011-->msiexec /qn /x {42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Application Installer-->MsiExec.exe /I{42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Content Copier 6.85.3011-->msiexec /qn /x {6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi Content Copier-->MsiExec.exe /X{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi One Touch Access 6.85.3019-->msiexec /qn /x {C4B045DB-C2C0-4A05-8DA5-754B4733EE31}
Nokia Ovi One Touch Access-->MsiExec.exe /I{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}
Nokia Ovi Suite-->MsiExec.exe /I{2218B96C-ABA2-45D9-A0B4-56B71F5303DB}
Nokia Ovi System Utilities 6.85.3018-->msiexec /qn /x {F9EA1C47-64A6-45E4-9A80-8CC1575B971D}
Nokia Ovi System Utilities-->MsiExec.exe /X{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}
Nokia Photos-->MsiExec.exe /I{9292B96D-B693-4F07-B5FE-21CCDC7CB4AF}
Nokia Software Updater-->MsiExec.exe /X{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\SETUP.EXE"
Philips Intelligent Agent-->"C:\Program Files\Philips Intelligent Agent\Uninst\unins000.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shockwave-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
SmartMovie Converter-->"C:\Program Files\Lonely Cat Games\SmartMovie Converter\IIUninst.exe" C:\Program Files\Lonely Cat Games\SmartMovie Converter\install.log
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Software Installer-->_tpiu000.exe /U
TwonkyMedia-->C:\Program Files\Nokia\Nokia Home Media Server\\Media Server\UninstallTwonkyMedia.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Visual C++ 8.0 ATL (x86) WinSXS MSM-->MsiExec.exe /I{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
VLC Connection Utility 2.03-->"C:\Program Files\Hobbyist Software\VLC Connection Utility\unins000.exe"
VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files\Vuze\uninstall.exe
Wallpapers-->MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xobni Core-->MsiExec.exe /I{8DC069E7-893C-41E1-9442-DE89FEC33371}

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: IBM-CE210E698F6
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00166FB9255E. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 4771
Source Name: Dhcp
Time Written: 20091130164118.000000+060
Event Type: warning
User:

Computer Name: IBM-CE210E698F6
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00166FB9255E. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 4646
Source Name: Dhcp
Time Written: 20091130125630.000000+060
Event Type: warning
User:

Computer Name: IBM-CE210E698F6
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00166FB9255E. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 4599
Source Name: Dhcp
Time Written: 20091130085533.000000+060
Event Type: warning
User:

Computer Name: IBM-CE210E698F6
Event Code: 1002
Message: The IP address lease 192.168.0.136 for the Network Card with network address 00166FB9255E has been
denied by the DHCP server 78.251.255.252 (The DHCP Server sent a DHCPNACK message).

Record Number: 4449
Source Name: Dhcp
Time Written: 20091130063814.000000+060
Event Type: error
User:

Computer Name: IBM-CE210E698F6
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00166FB9255E. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 4435
Source Name: Dhcp
Time Written: 20091130023748.000000+060
Event Type: warning
User:

=====Application event log=====

Computer Name: IBM-CE210E698F6
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.

Record Number: 25
Source Name: EvntAgnt
Time Written: 20091117204234.000000+060
Event Type: warning
User:

Computer Name: IBM-CE210E698F6
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .

Record Number: 24
Source Name: EvntAgnt
Time Written: 20091117204234.000000+060
Event Type: warning
User:

Computer Name: IBM-CE210E698F6
Event Code: 2002
Message: The MOF file created for the Outlook service could not be loaded. The
error code returned by the MOF Compiler is contained in the Record Data.
Before the performance counters of this service can be collected by WMI
the MOF file will need to be loaded manually. Contact the vendor of this
service for additional information.

Record Number: 17
Source Name: LoadPerf
Time Written: 20091112101404.000000+060
Event Type: warning
User:

Computer Name: IBM-CE210E698F6
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.

Record Number: 7
Source Name: EvntAgnt
Time Written: 20091112004122.000000+060
Event Type: warning
User:

Computer Name: IBM-CE210E698F6
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .

Record Number: 6
Source Name: EvntAgnt
Time Written: 20091112004122.000000+060
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Nokia\PC Connectivity Solution;C:\PROGRAM FILES\THINKPAD\UTILITIES;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Intel\Wireless\Bin;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 11 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0b04
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Elina
Libellulien
Libellulien
 
Messages: 62
Inscription: 30 Nov 2009 22:13

Re: Bug bug et rebug

Messagepar Elina » 07 Déc 2009 23:16

Je retente MBAM et te tiens au courant.

Côté amélioration, IE8 refonctionne normalement. Lorsque je lance une recherche google, ça marche. En revanche, si je clique sur l'un des choix proposé par la recherche google, la ça rame. DVix 7 remarche même si ça continue à planter au bout de 20% de buffering, au moins il ne me coupe pas toute la connexion.
Pour le moment, mon petit ordi rame parce que toutes ces manips lui demande de faire fonctionner ses ressources à plein. Est-ce qu'on pourra nettoyer quelques fichiers inutiles ensuite ?

Je continue sur MBAM et te poste tout ça...

A très vite

Elina

PS : un grand merci à Falkra ! Et un grand bravo à toi !
Elina
Libellulien
Libellulien
 
Messages: 62
Inscription: 30 Nov 2009 22:13

Re: Bug bug et rebug

Messagepar Elina » 08 Déc 2009 04:33

Voici le fichier log de MBAM :

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3311
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

08-Dec-09 04:30:40
mbam-log-2009-12-08 (04-30-40).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 180753
Temps écoulé: 5 hour(s), 9 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QuickTiming (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\QuickTiming (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\alex\Start Menu\Programs\QuickTiming (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\alex\Start Menu\Programs\QuickTiming\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.

PS : J'ai du désactiver Avira qui me bloquait systématiquement l'analyse. Je ne sais pas si c'était une bonne idée...
Elina
Libellulien
Libellulien
 
Messages: 62
Inscription: 30 Nov 2009 22:13

Re: Bug bug et rebug

Messagepar Elina » 08 Déc 2009 07:27

Petit bilan :

Donc, si j'ai bien compris le rapport MBAM, les DNS sont "enfin" désinfectées. Il restait des trucs pas glop de ce côté là visiblement.

IE8 et Firefox refonctionnent correctement.

Seul hic, mon coucou rame énormément comme un chameau auquel on ferait porter un immeuble.
Par ailleurs, en jetant un coup d'oeil au rapport de ComboFix, j'ai lu quelque part "Spybot Search & Destroy", or j'ai désinstallé ce programme proprement, lorsque tu m'as signalé par post que c'était une version over-rated.
Je ne peux toujours pas lancer de scan-disc et défragmentation du disque. Même en ayant misà la corbeille tout un tas de fichiers inutiles me permettant de gagner de la place.

Voilu voilu... A part ça... Où est-ce que je dois envoyer la bouteille de champ' ?

A très vite

Elina
Elina
Libellulien
Libellulien
 
Messages: 62
Inscription: 30 Nov 2009 22:13

Re: Bug bug et rebug

Messagepar jspa » 08 Déc 2009 18:35

Hello,

A la vue de ton rapport RSIT, ton pc est propre !

Pour le moment, mon petit ordi rame parce que toutes ces manips lui demande de faire fonctionner ses ressources à plein. Est-ce qu'on pourra nettoyer quelques fichiers inutiles ensuite ?



Si cela t'intéresse, on peut faire un peu d'optimisation (Ton log HJT est très chargé ...) ?

Quand aux logiciels de désinfection, on va les supprimer dans un petit moment.

PS : J'ai du désactiver Avira qui me bloquait systématiquement l'analyse. Je ne sais pas si c'était une bonne idée...


Oui, très bonne initiative, celui-ci à sûrement détecté le trojan et voulait le supprimer avant MBAM ... :crazy:

Donc, si j'ai bien compris le rapport MBAM, les DNS sont "enfin" désinfectées. Il restait des trucs pas glop de ce côté là visiblement.


Oui effectivement ! C'est pour cela que j'ai "insisté" pour MBAM, il savait comment le désinfecter ...

Par ailleurs, en jetant un coup d'oeil au rapport de ComboFix, j'ai lu quelque part "Spybot Search & Destroy", or j'ai désinstallé ce programme proprement, lorsque tu m'as signalé par post que c'était une version over-rated.


C'est sûrement un reste ... !

Au niveau du remplacement de Spybot, je te conseille de garder MBAM (1 Scan/mois par exemple, ne pas oublier de mettre à jour). En ce moment, il est très performant et efficace !

Je ne peux toujours pas lancer de scan-disc et défragmentation du disque. Même en ayant misà la corbeille tout un tas de fichiers inutiles me permettant de gagner de la place.


Quel est le message d'erreur ? Quel est ton pourcentage d'espace libre ?

@+
J'ai la grippe, je peux faire un hijackthis pour me débarrasser de cette saloperie ???
Avatar de l’utilisateur
jspa
Libellulien Junior
Libellulien Junior
 
Messages: 309
Inscription: 02 Mai 2007 15:02

Re: Bug bug et rebug

Messagepar Elina » 09 Déc 2009 00:52

Coucou du soir !

Ok pour une "optimisation" du PC et ok pour réduire un peu le nombre de programmes de désinfection installés. Par où je commence ???

Pour répondre à ta question concernant le scan et la défragmentation, il y a effectivement un problème d'espace. Si j'ai bien compris, l'espace restant nécessaire doit être environ égal ou supérieur à 17%. Malheureusement, même en respectant ce quotas, ça ne fonctionne pas. Je crois qu'il y a surcharge de toute façon.

J'attends ton "go" pour nettoyer un peu ma bécane et savoir comment procéder.

A très vite

Elina
Elina
Libellulien
Libellulien
 
Messages: 62
Inscription: 30 Nov 2009 22:13

Re: Bug bug et rebug

Messagepar jspa » 09 Déc 2009 08:49

Hello,

2-3 points qui ne peuvent que faire du bien à ton pc :

1) Les points de restaurations
Pour éviter que l'infection remonte depuis tes points de restaurations, je te conseille de suivre le tuto de Pierre Pinard :
http://assiste.com.free.fr/p/comment/co ... ation.html
2) Vider les répertoires temporaires

Je te propose de vider les répertoires temporaires ce qui va te permettre de faire de la place sur ton disque et d'éviter, là aussi, les remontées d'infections :

    Il faut être enregistré comme administrateur de l'ordinateur pour pouvoir supprimer ces fichiers.
  • Télécharge ATF Cleaner.
  • Il suffit une fois téléchargé de double cliquer sur l'icône.
    Image
  • Si tu possèdes Mozilla Firefox ou Opera comme navigateur, pense à choisir ton navigateur en haut à gauche.
  • Puis répond "NON" au message qui s'affiche, si tu ne souhaites pas perdre tes mots de passe.
  • Une fenêtre apparait. Coche " select All" puis sur le bouton "Empty Selected".
  • Le nettoyage est très rapide.
  • Après le nettoyage une nouvelle fenêtre va apparaitre, clique alors sur " Ok "
  • Il suffit maintenant de refermer ATF Cleaner et le tour est joué!

3) Supprimer les outils utilisés

  • Télécharge Tools Cleaner 2
  • Ouvre le fichier téléchargé
  • Clique sur Recherche et laisse-le scanner
  • Clique sur Suppression
  • Tu peux, si tu le souhaites, te servir des Options facultatives.
  • Cliques sur Quitter
  • Le rapport TCleaner.txt se trouve à la racine de ton disque (C:\) Colle-le dans ta prochaine réponse.




Au niveau de l'optimisation, cela ne va pas te faire gagner 50% de la charge CPU mais quand même un tout petit peu ...

Si cela n'améliore pas ton PC, tu peux passer faire un post dans la partie matériel de ce forum, peut être qu'ils te trouveront une solution. (Personellement, j'ai eu un pc qui fonctionnait mal, j'ai rajouté 1GO de Ram (~20 CHF) et il fonctionne mieux) !

-------------

Pour commencer, il faut re-télécharger HJT (S'il est dans un répertoire temporaire, il n'effectue aucune sauvegarde)

http://www.trendsecure.com/portal/fr/_download/HJTInstall.exe

Ferme tous les programmes ouverts sauf ton anti-virus et ton naviguateur
  • Lance HijackThis
  • Clique sur "Do a system scan only"
  • Coche les lignes suivantes :
    [quote][/quote]
  • Clique sur "Fix Checked"
  • Ferme HijackThis

J'ai volontairement laissé les lignes vides. Celles que tu peux cocher sont là dessous :

Note : Les programmes ne sont pas supprimés de ton pc, juste le lancement au démarrage !
Note 2 :Tu n'est pas obligé de fixer toutes les lignes juste celles que tu veux !

Code: Tout sélectionner
O4 - HKCU\..\Run: [E09FXLRD_10858870] "C:\Program Files\Microsoft Encarta\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m

O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe 

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
   
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe


A la fin de ces opérations, re-poste moi un rapport HJT, merci

@+
J'ai la grippe, je peux faire un hijackthis pour me débarrasser de cette saloperie ???
Avatar de l’utilisateur
jspa
Libellulien Junior
Libellulien Junior
 
Messages: 309
Inscription: 02 Mai 2007 15:02

Re: Bug bug et rebug

Messagepar Elina » 09 Déc 2009 21:21

Coucou !

Voilà le rapport ATF-Cleaner :

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\alex\Desktop\HijackThis.lnk: trouvé !
C:\Documents and Settings\alex\Desktop\OTM.exe: trouvé !
C:\Documents and Settings\alex\Desktop\ComboFix.exe: trouvé !
C:\Documents and Settings\alex\Desktop\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\alex\Desktop\Rsit.exe: trouvé !
C:\Documents and Settings\alex\Desktop\SmitFraudfix: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\mbr.exe: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\alex\Desktop\HijackThis.lnk: supprimé !
C:\Documents and Settings\alex\Desktop\OTM.exe: supprimé !
C:\Documents and Settings\alex\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\alex\Desktop\SmitFraudFix.exe: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\alex\Desktop\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\WINDOWS\mbr.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OTM: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\alex\Desktop\SmitFraudfix: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !
Sauvegarde du registre crée !
Elina
Libellulien
Libellulien
 
Messages: 62
Inscription: 30 Nov 2009 22:13

Re: Bug bug et rebug

Messagepar Elina » 09 Déc 2009 21:32

Re-coucou !

J'ai suivi tes indications et ré-installé HJthis... Mais je n'ai trouvé aucune des lignes que tu avais mentionné. Donc, là, c'est moi qui bug. Et pas de rapport non plus.
Côté ajout d'EPO dans ma petite bécane, ça risque d'être chaud parce qu'il est déjà sacrément dopé. En tout cas, j'ai pu faire un scan disc et une défrangmentation.

Est-ce que c'est suffisant ?

A très vite

Elina
Elina
Libellulien
Libellulien
 
Messages: 62
Inscription: 30 Nov 2009 22:13

Re: Bug bug et rebug

Messagepar jspa » 10 Déc 2009 15:30

Hello,

C'est vraiment bizzare pour HJT !

Lance un scan de ta machine avec antivir et poste moi le rapport, s'il trouve quelque chose mets le en quarantaine, merci.

@+
J'ai la grippe, je peux faire un hijackthis pour me débarrasser de cette saloperie ???
Avatar de l’utilisateur
jspa
Libellulien Junior
Libellulien Junior
 
Messages: 309
Inscription: 02 Mai 2007 15:02

Re: Bug bug et rebug

Messagepar Elina » 11 Déc 2009 07:29

Hello

Voici le rapport Avira :



Avira AntiVir Personal
Date de création du fichier de rapport : Friday, December 11, 2009 00:20

La recherche porte sur 1429599 souches de virus.

Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : IBM-CE210E698F6

Informations de version :
BUILD.DAT : 9.0.0.74 21698 Bytes 12/4/2009 13:56:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 10:25:46
AVSCAN.DLL : 9.0.3.0 49409 Bytes 3/3/2009 09:21:02
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 10:35:11
LUKERES.DLL : 9.0.2.0 13569 Bytes 3/3/2009 09:21:31
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 19:05:00
VBASE002.VDF : 7.10.1.1 2048 Bytes 11/19/2009 19:05:03
VBASE003.VDF : 7.10.1.2 2048 Bytes 11/19/2009 19:05:04
VBASE004.VDF : 7.10.1.3 2048 Bytes 11/19/2009 19:05:04
VBASE005.VDF : 7.10.1.4 2048 Bytes 11/19/2009 19:05:04
VBASE006.VDF : 7.10.1.5 2048 Bytes 11/19/2009 19:05:04
VBASE007.VDF : 7.10.1.6 2048 Bytes 11/19/2009 19:05:04
VBASE008.VDF : 7.10.1.7 2048 Bytes 11/19/2009 19:05:04
VBASE009.VDF : 7.10.1.8 2048 Bytes 11/19/2009 19:05:05
VBASE010.VDF : 7.10.1.9 2048 Bytes 11/19/2009 19:05:08
VBASE011.VDF : 7.10.1.10 2048 Bytes 11/19/2009 19:05:09
VBASE012.VDF : 7.10.1.11 2048 Bytes 11/19/2009 19:05:09
VBASE013.VDF : 7.10.1.79 209920 Bytes 11/25/2009 19:05:09
VBASE014.VDF : 7.10.1.128 197632 Bytes 11/30/2009 19:04:07
VBASE015.VDF : 7.10.1.178 195584 Bytes 12/7/2009 22:02:58
VBASE016.VDF : 7.10.1.179 2048 Bytes 12/7/2009 22:02:58
VBASE017.VDF : 7.10.1.180 2048 Bytes 12/7/2009 22:02:59
VBASE018.VDF : 7.10.1.181 2048 Bytes 12/7/2009 22:02:59
VBASE019.VDF : 7.10.1.182 2048 Bytes 12/7/2009 22:02:59
VBASE020.VDF : 7.10.1.183 2048 Bytes 12/7/2009 22:02:59
VBASE021.VDF : 7.10.1.184 2048 Bytes 12/7/2009 22:03:00
VBASE022.VDF : 7.10.1.185 2048 Bytes 12/7/2009 22:03:00
VBASE023.VDF : 7.10.1.186 2048 Bytes 12/7/2009 22:03:00
VBASE024.VDF : 7.10.1.187 2048 Bytes 12/7/2009 22:03:00
VBASE025.VDF : 7.10.1.188 2048 Bytes 12/7/2009 22:03:00
VBASE026.VDF : 7.10.1.189 2048 Bytes 12/7/2009 22:03:00
VBASE027.VDF : 7.10.1.190 2048 Bytes 12/7/2009 22:03:00
VBASE028.VDF : 7.10.1.191 2048 Bytes 12/7/2009 22:03:00
VBASE029.VDF : 7.10.1.192 2048 Bytes 12/7/2009 22:03:00
VBASE030.VDF : 7.10.1.193 2048 Bytes 12/7/2009 22:03:00
VBASE031.VDF : 7.10.1.212 127488 Bytes 12/10/2009 22:51:58
Version du moteur : 8.2.1.108
AEVDF.DLL : 8.1.1.2 106867 Bytes 11/8/2009 06:38:52
AESCRIPT.DLL : 8.1.3.2 582010 Bytes 12/10/2009 22:52:00
AESCN.DLL : 8.1.3.0 127348 Bytes 12/10/2009 22:51:59
AESBX.DLL : 8.1.1.1 246132 Bytes 11/8/2009 06:38:44
AERDL.DLL : 8.1.3.4 479605 Bytes 12/1/2009 06:31:08
AEPACK.DLL : 8.2.0.3 422261 Bytes 11/8/2009 06:38:40
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 11/8/2009 06:38:38
AEHEUR.DLL : 8.1.0.186 2183544 Bytes 12/7/2009 22:03:05
AEHELP.DLL : 8.1.8.0 237942 Bytes 12/7/2009 22:03:03
AEGEN.DLL : 8.1.1.80 364917 Bytes 12/7/2009 22:03:01
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/8/2009 06:38:26
AECORE.DLL : 8.1.9.1 180598 Bytes 12/10/2009 22:51:59
AEBB.DLL : 8.1.0.3 53618 Bytes 11/8/2009 06:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 14:13:31
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 11/7/2008 14:24:42
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 14:05:22
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 09:36:37
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 07:20:57
NETNT.DLL : 9.0.0.0 11521 Bytes 11/7/2008 14:40:59
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/17/2009 12:44:26
RCTEXT.DLL : 9.0.73.0 88321 Bytes 11/2/2009 15:58:32

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Catégories de dangers divergentes.............: +JOKE,+PFS,+SPR,

Début de la recherche : Friday, December 11, 2009 00:20

La recherche d'objets cachés commence.
'45952' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SyncServer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'distnoted.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsnfier.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés
Processus de recherche 'NokiaMServer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'acrotray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hkcmd.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxtray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ibmmessages.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AGRSMMSG.exe' - '1' module(s) sont contrôlés
Processus de recherche 'EzEjMnAp.Exe' - '1' module(s) sont contrôlés
Processus de recherche 'QCWLICON.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'QCTRAY.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'TpScrex.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TPONSCR.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TPHKMGR.exe' - '1' module(s) sont contrôlés
Processus de recherche 'tp4serv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TpKmpSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'snmp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RegSrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'QCONSVC.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'MDM.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'S24EvMon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'EvtEng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ibmpmsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'53' processus ont été contrôlés avec '53' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '78' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\hiberfil.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Ce fichier est un fichier système Windows.
[REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP49\A0021865.exe
[RESULTAT] Contient le cheval de Troie TR/Agent.188928
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP53\A0022993.exe
[0] Type d'archive: RAR SFX (self extracting)
--> SmitfraudFix\Reboot.exe
[RESULTAT] Contient le modèle de détection du programme SPR/Tool.Reboot.F
--> SmitfraudFix\restart.exe
[RESULTAT] Contient le modèle de détection du programme SPR/Tool.Hardoff.A
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP53\A0023013.exe
[RESULTAT] Contient le modèle de détection du programme SPR/Tool.Reboot.F
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP53\A0023014.exe
[RESULTAT] Contient le modèle de détection du programme SPR/Tool.Hardoff.A

Début de la désinfection :
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP49\A0021865.exe
[RESULTAT] Contient le cheval de Troie TR/Agent.188928
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b51de82.qua' !
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP53\A0022993.exe
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a34a503.qua' !
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP53\A0023013.exe
[RESULTAT] Contient le modèle de détection du programme SPR/Tool.Reboot.F
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '487f558b.qua' !
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP53\A0023014.exe
[RESULTAT] Contient le modèle de détection du programme SPR/Tool.Hardoff.A
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a32b573.qua' !


Fin de la recherche : Friday, December 11, 2009 06:53
Temps nécessaire: 1:19:46 Heure(s)

La recherche a été effectuée intégralement

8869 Les répertoires ont été contrôlés
464126 Des fichiers ont été contrôlés
5 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
4 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
2 Impossible de contrôler des fichiers
464119 Fichiers non infectés
8185 Les archives ont été contrôlées
2 Avertissements
6 Consignes
45952 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

A très vite

Elina
Elina
Libellulien
Libellulien
 
Messages: 62
Inscription: 30 Nov 2009 22:13

Re: Bug bug et rebug

Messagepar jspa » 11 Déc 2009 17:00

Hello,

Rien de bien méchant pour antivir (Fichiers dans les point de restauration)

HJT ne fonctionne toujours pas ? Poste un nouveau RSIT !

@+
J'ai la grippe, je peux faire un hijackthis pour me débarrasser de cette saloperie ???
Avatar de l’utilisateur
jspa
Libellulien Junior
Libellulien Junior
 
Messages: 309
Inscription: 02 Mai 2007 15:02

Re: Bug bug et rebug

Messagepar Elina » 12 Déc 2009 14:01

Coucou !

Rapport RSIT log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by alex at 2009-12-12 14:00:08
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (20%) free of 35 GB
Total RAM: 503 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:00:22, on 12-Dec-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\alex\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\alex\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\alex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\alex\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe

--
End of file - 11107 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\BMMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"=C:\WINDOWS\system32\S3Tray2.exe [2001-10-12 69632]
"TrackPointSrv"=C:\WINDOWS\system32\tp4serv.exe [2003-05-15 94208]
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2004-08-07 94208]
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2003-07-11 20480]
"QCTRAY"=C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE [2004-08-18 708608]
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [2004-08-18 81920]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2003-07-11 884736]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2002-09-04 53248]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2003-07-18 208896]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-06-27 88363]
"UC_Start"=C:\IBMTools\Updater\ucstartup.exe [2003-03-17 32768]
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [2003-07-21 540672]
"BMMGAG"=RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2003-04-06 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2003-04-06 114688]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"NokiaMusic FastStart"=C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe [2009-07-02 2327840]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [2003-07-21 540672]
"Philips Intelligent Agent"=C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe [2008-02-21 613792]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Lancement rapide d'Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe

C:\Documents and Settings\alex\Start Menu\Programs\Startup
Notification de cadeaux MSN.lnk - C:\Documents and Settings\alex\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-06 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
C:\WINDOWS\system32\QConGina.dll [2004-08-18 258048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\IBMTOOLS\Updater\ucsmb.exe"="C:\IBMTOOLS\Updater\ucsmb.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\java.exe"="C:\IBMTOOLS\Updater\jre\bin\java.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe"="C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:enabled:IBM Update Connector"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia"
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer"
"C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe"="C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe:*:Enabled:Philips Intelligent Agent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\IBMTOOLS\Updater\ucsmb.exe"="C:\IBMTOOLS\Updater\ucsmb.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\java.exe"="C:\IBMTOOLS\Updater\jre\bin\java.exe:*:enabled:IBM Update Connector"
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe"="C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:enabled:IBM Update Connector"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

======List of files/folders created in the last 1 months======

2009-12-12 14:00:08 ----D---- C:\rsit
2009-12-10 03:08:46 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 03:07:51 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 03:05:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 03:05:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 03:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-09 21:20:09 ----A---- C:\TCleaner.txt
2009-12-07 23:18:53 ----D---- C:\Documents and Settings\alex\Application Data\Malwarebytes
2009-12-07 23:18:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-07 07:54:05 ----SHD---- C:\RECYCLER
2009-12-06 23:43:02 ----D---- C:\WINDOWS\Minidump
2009-12-06 19:50:03 ----A---- C:\Boot.bak
2009-12-06 19:49:48 ----RASHD---- C:\cmdcons
2009-12-06 19:47:54 ----A---- C:\WINDOWS\zip.exe
2009-12-06 19:47:54 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-06 19:47:54 ----A---- C:\WINDOWS\SWSC.exe
2009-12-06 19:47:54 ----A---- C:\WINDOWS\SWREG.exe
2009-12-06 19:47:54 ----A---- C:\WINDOWS\sed.exe
2009-12-06 19:47:54 ----A---- C:\WINDOWS\PEV.exe
2009-12-06 19:47:54 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-06 19:47:54 ----A---- C:\WINDOWS\grep.exe
2009-12-06 19:46:27 ----D---- C:\WINDOWS\ERDNT
2009-12-04 08:02:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-03 06:41:12 ----SHD---- C:\WINDOWS\CSC
2009-12-03 06:40:52 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-02 00:29:20 ----D---- C:\Program Files\DivX
2009-12-02 00:29:20 ----D---- C:\Program Files\Common Files\DivX Shared
2009-12-02 00:17:21 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-12-02 00:17:21 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-12-02 00:17:21 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-12-02 00:17:21 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-12-02 00:17:19 ----A---- C:\WINDOWS\system32\unrar.dll
2009-12-02 00:17:19 ----A---- C:\WINDOWS\avisplitter.ini
2009-12-02 00:17:16 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-12-02 00:17:14 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-12-02 00:17:14 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-12-02 00:17:13 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-12-02 00:17:13 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-12-02 00:17:12 ----A---- C:\WINDOWS\system32\divx.dll
2009-12-02 00:17:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-12-02 00:17:09 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-12-02 00:17:05 ----D---- C:\Program Files\K-Lite Codec Pack
2009-12-01 23:39:14 ----A---- C:\WINDOWS\system32\tmp.txt
2009-11-30 21:53:34 ----D---- C:\Program Files\Trend Micro
2009-11-30 21:40:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-30 21:40:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-29 20:00:44 ----D---- C:\Program Files\Avira
2009-11-29 20:00:44 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-11-26 08:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-26 03:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-24 21:27:35 ----A---- C:\WINDOWS\system32\devil.dll
2009-11-24 21:27:35 ----A---- C:\WINDOWS\system32\avisynth.dll
2009-11-24 21:27:34 ----A---- C:\WINDOWS\system32\i420vfw.dll
2009-11-24 21:27:33 ----D---- C:\Program Files\AviSynth 2.5
2009-11-24 21:24:24 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2009-11-24 21:24:24 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2009-11-24 21:24:23 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2009-11-24 21:24:16 ----D---- C:\Program Files\eRightSoft

======List of files/folders modified in the last 1 months======

2009-12-12 14:00:21 ----D---- C:\WINDOWS\Prefetch
2009-12-12 07:04:39 ----D---- C:\WINDOWS\Temp
2009-12-12 07:04:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-11 07:48:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-10 03:30:28 ----AD---- C:\WINDOWS\system32
2009-12-10 03:30:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-10 03:28:26 ----AD---- C:\WINDOWS
2009-12-10 03:08:52 ----HD---- C:\WINDOWS\inf
2009-12-10 03:08:49 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-12-10 03:08:49 ----D---- C:\WINDOWS\system32\drivers
2009-12-10 03:08:41 ----SHD---- C:\WINDOWS\Installer
2009-12-10 03:07:56 ----A---- C:\WINDOWS\imsins.BAK
2009-12-10 03:06:09 ----D---- C:\Program Files\Internet Explorer
2009-12-10 03:05:50 ----D---- C:\WINDOWS\ie8updates
2009-12-10 03:05:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-08 04:35:30 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-12-08 04:30:40 ----RD---- C:\Program Files
2009-12-06 21:19:45 ----D---- C:\Documents and Settings\alex\Application Data\Azureus
2009-12-06 20:30:54 ----A---- C:\WINDOWS\system.ini
2009-12-06 20:25:43 ----D---- C:\WINDOWS\system32\config
2009-12-06 20:23:37 ----SD---- C:\WINDOWS\Tasks
2009-12-06 20:20:42 ----D---- C:\WINDOWS\AppPatch
2009-12-06 20:20:37 ----D---- C:\Program Files\Common Files
2009-12-06 19:50:03 ----RASH---- C:\BOOT.INI
2009-12-06 19:33:02 ----D---- C:\Documents and Settings\alex\Application Data\vlc
2009-12-01 23:00:00 ----D---- C:\Program Files\Mozilla Firefox
2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-30 08:39:18 ----D---- C:\WINDOWS\WinSxS
2009-11-30 03:00:37 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-24 22:54:45 ----D---- C:\WINDOWS\system32\Restore
2009-11-24 22:05:52 ----D---- C:\Program Files\Vuze
2009-11-24 21:26:39 ----RSD---- C:\WINDOWS\Fonts
2009-11-19 06:08:55 ----D---- C:\Program Files\Safari
2009-11-17 07:49:58 ----D---- C:\Documents and Settings\alex\Application Data\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2004-08-18 11520]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 IBMTPCHK;IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2004-08-18 2432]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2003-07-03 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2003-07-03 8830]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2004-06-10 16340]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2003-07-11 15360]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2003-07-10 7168]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-08-02 17801]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 PMEM;PMEM; \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-07 11354]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A; C:\WINDOWS\system32\drivers\Vch.sys [2003-04-15 20533]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-07-03 100256]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-06-27 1196352]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-11-14 140800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [2004-02-26 11344]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 QCNDISIF;QCNDISIF; C:\WINDOWS\System32\drivers\qcndisif.SYS [2004-08-18 12288]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-28 578304]
R3 Tp4Track;IBM PS/2 TrackPoint Driver; C:\WINDOWS\System32\DRIVERS\tp4track.sys [2003-05-15 13904]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-01-17 3325312]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2007-05-21 100736]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver; C:\WINDOWS\System32\DRIVERS\PCX504.sys [2004-05-04 119296]
S3 S3SSavage;S3SSavage; C:\WINDOWS\System32\DRIVERS\s3ssavm.sys [2001-11-01 95104]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-02-06 86016]
R2 IBMPMSVC;IBM PM Service; C:\WINDOWS\System32\ibmpmsvc.exe [2004-02-26 57344]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 QCONSVC;QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [2004-08-18 73728]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-02-06 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-02-06 372809]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2003-07-12 32768]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 TwonkyMedia;TwonkyMedia; C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [2008-10-20 102400]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-04-26 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------
Elina
Libellulien
Libellulien
 
Messages: 62
Inscription: 30 Nov 2009 22:13

PrécédenteSuivante

Retourner vers Désinfections et demandes d'analyse

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités