Logfile of random's system information tool 1.06 (written by random/random)
Run by tibo at 2009-12-09 16:30:14
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 8 GB (64%) free of 12 GB
Total RAM: 767 MB (38% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:52:52, on 23/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\wineowexr.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\krfihn.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\winhofq.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\jkgnwo.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\winqpfty.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\winmqvbhi.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\jigvx.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\winnqxx.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\winqhsi.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\windmtxgy.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\winsuxt.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\winknnbt.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\wingxer.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\owohlo.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\winrmgj.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\wingtbjxi.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\qffdt.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\winrtem.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\oxhm.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\winaeia.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\wingxnc.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\lxrjs.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\kxynea.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\kmmxf.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\ifkvkt.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\winfploh.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\wintvdgf.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\ethro.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\bfwj.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\winsdrlo.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\winqmnyf.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\jyit.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\winpimahs.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\qqpr.exe
G:\programmes\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\hsaexc.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\inwoe.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\winqcxryl.exe
C:\DOCUME~1\tibo\LOCALS~1\Temp\tjtpp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.fr/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
http://www.crawler.com/search/ie.aspx?tb_id=60341R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
http://dnl.crawler.com/support/sa_custo ... TbId=60341R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cab--
End of file - 4979 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2009-12-09 229376]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1900032]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-12-09 4031312]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2009-12-09 5668864]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe [2009-07-17 339360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-09 133632]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\utiles\winamp5541_full_emusic-7plus_fr-fr.exe"="E:\utiles\winamp5541_full_emusic-7plus_fr-fr.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:ipsec"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:ipsec"
"E:\eMule\eMule.exe"="E:\eMule\eMule.exe:*:Enabled:ipsec"
"G:\programmes\Winamp\winamp.exe"="G:\programmes\Winamp\winamp.exe:*:Enabled:ipsec"
"E:\utiles\Nero 6.0.0.11 Full FR + Keygen + adon+ All plugin\Nero60011.exe"="E:\utiles\Nero 6.0.0.11 Full FR + Keygen + adon+ All plugin\Nero60011.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\NeroCheck.exe"="C:\WINDOWS\system32\NeroCheck.exe:*:Enabled:ipsec"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:ipsec"
"C:\Program Files\PokerStars\PokerStarsUpdate.exe"="C:\Program Files\PokerStars\PokerStarsUpdate.exe:*:Enabled:ipsec"
"C:\Program Files\Windows Live\Contacts\wlcomm.exe"="C:\Program Files\Windows Live\Contacts\wlcomm.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\netsh.exe"="C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\cmd.exe"="C:\WINDOWS\system32\cmd.exe:*:Enabled:ipsec"
"E:\utiles\eMule0.47a-Installer.exe"="E:\utiles\eMule0.47a-Installer.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winoljppt.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winoljppt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\bypw.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\bypw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\wincdsxwh.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\wincdsxwh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\hbyffs.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\hbyffs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\qywww.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\qywww.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winanto.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winanto.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winqjxj.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winqjxj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\tmjlj.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\tmjlj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winhyix.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winhyix.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\pdton.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\pdton.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\xiosy.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\xiosy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winvknbg.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winvknbg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winjofmml.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winjofmml.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winpkmn.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winpkmn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winvoqi.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winvoqi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\rjfda.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\rjfda.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\ivhmki.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\ivhmki.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winiplte.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winiplte.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\windgjsva.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\windgjsva.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\algppd.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\algppd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\hsevji.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\hsevji.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winbiiv.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winbiiv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winldiqxq.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winldiqxq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\vandyk.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\vandyk.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winxvchn.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winxvchn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winfymqb.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winfymqb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\numm.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\numm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\ontg.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\ontg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\sndb.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\sndb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\yyob.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\yyob.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winyssw.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winyssw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\windbjl.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\windbjl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winuexld.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winuexld.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winvhcy.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winvhcy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winfvjrw.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winfvjrw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\wbckc.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\wbckc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\windkcp.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\windkcp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winfskcs.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winfskcs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\kdkq.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\kdkq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\tixhy.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\tixhy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\awdwjj.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\awdwjj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\lwrups.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\lwrups.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winqvdjg.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winqvdjg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winkpixu.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winkpixu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\prdedx.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\prdedx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\ohlafl.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\ohlafl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winrsvep.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winrsvep.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winhxgc.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winhxgc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winmelkb.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winmelkb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winyidttp.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winyidttp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\hlyl.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\hlyl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winrxvmvj.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winrxvmvj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\wintbnve.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\wintbnve.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\gxlm.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\gxlm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\kyopqh.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\kyopqh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winhadii.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winhadii.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winyislh.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winyislh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\urrpe.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\urrpe.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\hnqihy.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\hnqihy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winiqlad.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winiqlad.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winpqjcp.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winpqjcp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winrkix.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winrkix.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\jnnpcn.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\jnnpcn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\swnnd.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\swnnd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\edod.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\edod.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winoyxas.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winoyxas.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\sbsu.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\sbsu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\dpfg.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\dpfg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winqobm.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winqobm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\edbv.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\edbv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\ykbkr.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\ykbkr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winxxcwl.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winxxcwl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winhautx.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winhautx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winchyps.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winchyps.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\tnoqyi.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\tnoqyi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\qfyr.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\qfyr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winbvwkuv.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winbvwkuv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winibbfw.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winibbfw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winyvhj.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winyvhj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\winqtle.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\winqtle.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\rfwbxm.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\rfwbxm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\pfnt.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\pfnt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\tibo\LOCALS~1\Temp\yedl.exe"="C:\DOCUME~1\tibo\LOCALS~1\Temp\yedl.exe:*:Enabled:ipsec"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======List of files/folders created in the last 1 months======
2009-12-09 16:30:14 ----D---- C:\rsit
2009-12-09 12:39:11 ----D---- C:\WINDOWS\LastGood
2009-11-28 15:39:22 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-24 00:50:57 ----D---- C:\WINDOWS\temp
2009-11-24 00:50:55 ----A---- C:\ComboFix.txt
2009-11-21 17:11:32 ----D---- C:\Program Files\WinRAR
2009-11-19 16:41:01 ----D---- C:\Program Files\eMule
2009-11-14 23:28:46 ----HD---- C:\WINDOWS\PIF
2009-11-13 17:35:57 ----SHD---- C:\Fichiers Internet temporaires
2009-11-11 16:30:16 ----D---- C:\Program Files\NirSoft
2009-11-10 23:25:52 ----D---- C:\Documents and Settings\tibo\Application Data\Talkback
2009-11-10 23:25:21 ----D---- C:\Documents and Settings\tibo\Application Data\Mozilla
2009-11-10 23:24:49 ----D---- C:\Program Files\Mozilla Firefox
======List of files/folders modified in the last 1 months======
2009-12-09 12:39:12 ----D---- C:\WINDOWS\system32\drivers
2009-12-09 12:39:11 ----D---- C:\WINDOWS
2009-12-09 11:38:44 ----D---- C:\WINDOWS\Network Diagnostic
2009-12-09 11:38:44 ----D---- C:\Program Files\PokerStars
2009-12-09 11:38:43 ----D---- C:\WINDOWS\system32
2009-12-09 11:38:43 ----D---- C:\Program Files\Windows Media Player
2009-12-09 11:38:43 ----D---- C:\Program Files\QuickMediaConverter
2009-12-09 11:38:43 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2009-12-09 11:38:42 ----D---- C:\Program Files\Windows NT
2009-12-09 11:38:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-09 01:58:09 ----D---- C:\WINDOWS\Prefetch
2009-12-08 03:03:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-06 02:04:08 ----D---- C:\WINDOWS\system32\Restore
2009-12-03 17:30:26 ----D---- C:\Documents and Settings\tibo\Application Data\dvdcss
2009-12-01 00:01:47 ----SD---- C:\Documents and Settings\tibo\Application Data\Microsoft
2009-11-29 21:26:48 ----HD---- C:\WINDOWS\inf
2009-11-28 16:22:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-28 16:01:12 ----SHD---- C:\System Volume Information
2009-11-28 15:39:22 ----RD---- C:\Program Files
2009-11-24 00:49:23 ----A---- C:\WINDOWS\system.ini
2009-11-24 00:48:02 ----D---- C:\WINDOWS\AppPatch
2009-11-24 00:48:00 ----D---- C:\Program Files\Fichiers communs
2009-11-24 00:45:12 ----AD---- C:\Qoobox
2009-11-21 10:25:55 ----D---- C:\WINDOWS\system32\config
2009-11-21 10:25:51 ----D---- C:\WINDOWS\ERDNT
2009-11-21 10:25:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-18 00:39:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-14 01:47:57 ----A---- C:\WINDOWS\PEV.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;ASUSTeK/Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2002-08-30 41728]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-09-06 549368]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 utm5mjg3;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\utm5mjg3.sys []
R4 13532081;13532081; C:\WINDOWS\system32\DRIVERS\13532081.sys []
S3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\fipjkj.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\tibo\LOCALS~1\Temp\catchme.sys []
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-09 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-09 82944]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-12-09 995840]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
-----------------EOF-----------------