Sujet Précédent Sujet Suivant

Win32 rustock.Q????

iCrescendo -  
 iCrescendo -
Bonjour a tous j'ai récemment reçu des messages de mon antivirus (AVG) me disant que j'ai été infecté par "Win 32/Rustock.Q".
En regardant sur différent forum j'ai lu que les antivirus ne peuvent supprimer ce genre d'infection pourriez me venir en aide s'il vous plait merci.

12 réponses

Réponse 1 / 12
neo*** Messages postés 3115 Date d'inscription   Statut Contributeur sécurité Dernière intervention   194
 
slt

Pour analyser ton pc : télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Clic droit en tant qu'admin sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 2 / 12
iCrescendo
 
voila le contenue du log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Paul-louis at 2009-09-01 16:42:00
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 64 GB (28%) free of 228 GB
Total RAM: 3062 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:42:31, on 01/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
C:\Program Files\TuneUp Utilities 2009\Integrator.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Paul-louis\Downloads\RSIT.exe
C:\Program Files\trend micro\Paul-louis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" /preinstalled
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: SDK Tray Menu.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 3 / 12
neo*** Messages postés 3115 Date d'inscription   Statut Contributeur sécurité Dernière intervention   194
 
Tu as plusieurs infections, Fais ceci stp :

Desactive l'UAC en suivant ce lien!

1 Barre d'outils nefastes :

Télécharge ToolbarSD (de Team IDN) sur ton Bureau

Lance l'installation du programme en exécutant le fichier téléchargé.

Clic droit en tant qu'admin maintenant sur le raccourci de Toolbar-S&D.

Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.

Tape sur "2" puis valide en appuyant sur "Entrée".

/!\ Ne ferme pas la fenêtre lors de la suppression /!\

Un rapport sera généré, poste son contenu ici.

* NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

2 Infections de sources amovibles :

Telecharge et installe UsbFix de C_XX & Chiquitine29

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi "Exécuter en tant qu'administrateur" .

Choisi l'option 1 ( Recherche )

Laisse travailler l'outil.

Ensuite post le rapport UsbFix.txt qui apparaîtra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

a suivre :)
0
Réponse 4 / 12
iCrescendo
 
Voila le rapport de la barre:

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz )
BIOS : Ver 1.00PARTTBL
USER : Paul-louis ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:222 Go (Free:62 Go)
D:\ (CD or DVD)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 01/09/2009|17:17 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - [Service] ASKService
Supprime! - [Service] ASKUpgrade
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskBarDis

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="http://www.plusnetwork.com"
"Default_Page_URL"="http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

--------------------\\ Recherche d'autres infections

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 01/09/2009|17:20 - Option : [2]

-----------\\ Fin du rapport a 17:20:23,55

et voici le contenue usbfix:

############################## | UsbFix V6.024 |

User : Paul-louis (Administrateurs) # PC-DE-PAULLOUIS
Update on 01/09/09 by Chiquitine29, C_XX & Chimay8
Start at: 17:25:00 | 01/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 222,88 Go (61,89 Go free) [HDD] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
H:\ -> Disque fixe local # 785,03 Go (330,34 Go free) [My Book] # NTFS
J:\ -> Disque fixe local

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

################## | Suspect ! ... | https://www.virustotal.com/gui/ |

################## | Registre # Clés Run infectieuses |

Présent ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
Présent ! HKLM\software\microsoft\security center "UacDisableNotify" ( 0x1 )

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{3f2ef9f9-6967-11de-bdbd-00030d000001}
shell\AutoRun\command =G:\
shell\explore\Command =G:\RECYCLED\INFO.exe
shell\open\Command =G:\RECYCLED\INFO.exe

HKCU\..\..\Explorer\MountPoints2\{cac4e7ee-3b19-11de-8a1a-00030d000001}
shell\AutoRun\command =H:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{cac4e7f0-3b19-11de-8a1a-00030d000001}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{d7c01b83-1078-11de-b382-00030d000001}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

################## | ! Fin du rapport # UsbFix V6.024 ! |
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
neo*** Messages postés 3115 Date d'inscription   Statut Contributeur sécurité Dernière intervention   194
 
Tres bien :

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi "Exécuter en tant qu'administrateur" .

choisi l'option 2 ( Suppression )

Ton bureau disparaîtra et le pc redémarrera .

Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

Ensuite post le rapport UsbFix.txt qui apparaîtra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

UsbFix te proposera d'uploader un dossier compressé à cette adresse : >>> ici <<<

Ce dossier a été créé par UsbFix et est enregistré sur ton bureau.

Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.

Merci d'avance pour ta contribution !!
0
Réponse 6 / 12
iCrescendo
 
voila le rapport de usbfix :

############################## | UsbFix V6.024 |

User : Paul-louis (Administrateurs) # PC-DE-PAULLOUIS
Update on 01/09/09 by Chiquitine29, C_XX & Chimay8
Start at: 17:42:18 | 01/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 222,88 Go (62 Go free) [HDD] # NTFS
D:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
H:\ -> Disque fixe local # 785,03 Go (330,34 Go free) [My Book] # NTFS
J:\ -> Disque fixe local

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\PresentationSettings.exe

################## | Fichiers # Dossiers infectieux |

################## | Autres |

################## | Suspect ! ... | https://www.virustotal.com/gui/ |

################## | Registre # Clés Run infectieuses |

Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
# HKLM\software\microsoft\security center "UacDisableNotify" # -> Reset sucessfully !

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{3f2ef9f9-6967-11de-bdbd-00030d000001}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{cac4e7ee-3b19-11de-8a1a-00030d000001}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{cac4e7f0-3b19-11de-8a1a-00030d000001}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d7c01b83-1078-11de-b382-00030d000001}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[26/04/2009 12:45|--a------|0] -> C:\AdobeDebug.txt
[18/09/2006 23:43|--a------|24] -> C:\autoexec.bat
[21/01/2008 04:24|-rahs----|333203] -> C:\bootmgr
[10/04/2008 18:09|-ra-s----|8192] -> C:\BOOTSECT.BAK
[18/09/2006 23:43|--a------|10] -> C:\config.sys
[04/03/2008 17:26|--a------|403] -> C:\files.crc
[?|?|?] -> C:\hiberfil.sys
[09/06/2009 15:46|-rahs----|0] -> C:\IO.SYS
[09/06/2009 15:46|-rahs----|0] -> C:\MSDOS.SYS
[?|?|?] -> C:\pagefile.sys
[10/04/2008 08:41|--a------|86] -> C:\setup.log
[15/04/2009 12:27|--a------|0] -> C:\snatch_log.txt
[01/09/2009 17:39|--a------|2016] -> C:\TB.txt
[01/09/2009 17:46|--a------|4102] -> C:\UsbFix.txt
[31/08/2009 13:47|--a------|3073220] -> H:\Baha Men - Holla! (Garfield Soundtrack).mp3
[31/08/2009 13:31|--a------|39869302] -> H:\video-1.mp4
[31/08/2009 13:31|--a------|39905821] -> H:\video-2.mp4

################## | ! Fin du rapport # UsbFix V6.024 ! |
0
Réponse 7 / 12
neo*** Messages postés 3115 Date d'inscription   Statut Contributeur sécurité Dernière intervention   194
 
/!\ Le logiciel qui suit n'est pas à utiliser à la légère !
Ne le faites que si un helpeur vous l'a recommandé. /!\

Ce logiciel est très puissant et une mauvaise utilisation peut faire des dégâts... Suis exactement cette procedure :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !). Pour cela, fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " et valide.

Déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES, antivirus...
(qui pourraient gêner fortement l'outil...Tu les réactiveras donc après ! )

Tuto ici pour installer la Console de récupération (important en cas de problème) : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

postes le rapport stp

(ne touche a rien pendant que l'outil travaille pour ne pas figer ton pc)

0
Réponse 8 / 12
iCrescendo
 
voila le dernier relevé mais le probleme persiste toujours:

ComboFix 09-08-31.04 - Paul-louis 01/09/2009 18:29.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3062.2246 [GMT 2:00]
Running from: c:\users\Paul-louis\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\btcore.dll
c:\program files\FlashGet Network\FlashGet universal\btwrap.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.exe
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\FGVer.dll
c:\program files\FlashGet Network\FlashGet universal\flashget.exe
c:\program files\FlashGet Network\FlashGet universal\gt.exe
c:\program files\FlashGet Network\FlashGet universal\hashgen.dll
c:\program files\FlashGet Network\FlashGet universal\Help\license.txt
c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\libupnp.dll
c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\storage.dll
c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\FlashGet Network\FlashGet universal\uninst.exe
c:\program files\FlashGet Network\FlashGet universal\zlib.dll
c:\users\Paul-louis\AppData\Roaming\BITS
c:\users\Paul-louis\AppData\Roaming\BITS\BITS.ini
c:\users\Paul-louis\AppData\Roaming\BITS\DHTTable.dat
c:\users\Paul-louis\AppData\Roaming\BITS\ProxyList.ini
c:\users\Paul-louis\AppData\Roaming\BITS\UPnP.ini
c:\windows\System32\kbiwkmewasfbqc.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.

2009-09-01 16:39 . 2009-09-01 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-01 15:23 . 2009-09-01 15:47 -------- d-----w- C:\UsbFix
2009-09-01 15:14 . 2009-09-01 15:20 -------- d-----w- C:\ToolBar SD
2009-09-01 14:42 . 2009-09-01 14:42 -------- d-----w- C:\rsit
2009-09-01 14:42 . 2009-09-01 14:42 -------- d-----w- c:\program files\trend micro
2009-09-01 13:12 . 2009-09-01 13:12 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-31 10:50 . 2009-08-31 10:43 -------- d-----w- c:\users\Paul-louis\[MFT] Toriko Chapitre 62
2009-08-31 09:09 . 2009-08-31 09:09 -------- d-----w- c:\users\Paul-louis\ISO
2009-08-30 19:07 . 2009-08-30 16:22 -------- d-----w- c:\users\Paul-louis\Naruto 448 Colo [GFC]
2009-08-30 19:07 . 2009-08-30 17:06 -------- d-----w- c:\users\Paul-louis\[MFT] Psyren Chapitre 84
2009-08-30 10:39 . 2009-08-30 10:49 -------- d-----w- c:\users\Paul-louis\ps2bios
2009-08-30 10:29 . 2009-08-30 10:29 12862 ----a-r- c:\users\Paul-louis\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2009-08-30 10:29 . 2009-08-30 10:29 -------- d-----w- c:\program files\Pcsx2
2009-08-30 01:07 . 2009-08-30 01:07 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\Ubisoft
2009-08-29 22:17 . 2009-08-29 22:17 -------- d-----w- c:\users\Paul-louis\[TnS] Defense Devil 18
2009-08-29 14:37 . 2009-08-27 02:12 -------- d-----w- c:\users\Paul-louis\[Fairy-Team]_Fairy_Tail_149
2009-08-29 14:35 . 2009-08-11 01:36 -------- d-----w- c:\users\Paul-louis\[SMK]Beelzebub 24 Fr
2009-08-29 08:09 . 2009-08-29 08:09 -------- d-----w- c:\programdata\Ubisoft
2009-08-29 01:56 . 2009-08-28 22:26 -------- d-----w- c:\users\Paul-louis\BKT_Chapitre_371
2009-08-28 22:37 . 2009-08-28 21:35 -------- d-----w- c:\users\Paul-louis\[MFT] One Piece Chapitre 555
2009-08-28 22:30 . 2009-08-28 22:30 -------- d-----w- c:\users\Paul-louis\[TnS] Defense devil 17
2009-08-28 22:29 . 2009-08-27 15:02 -------- d-----w- c:\users\Paul-louis\[MFT] Toriko Chapitre 61
2009-08-28 22:29 . 2009-08-28 20:39 -------- d-----w- c:\users\Paul-louis\[MFT] Naruto Chapitre 461
2009-08-28 22:29 . 2009-08-27 03:31 -------- d-----w- c:\users\Paul-louis\[SMK]Beelzebub 25 fr
2009-08-28 22:29 . 2009-08-28 20:38 -------- d-----w- c:\users\Paul-louis\[KT]Kateikyo Hitman Reborn! 255
2009-08-27 01:01 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 16:57 . 2009-08-26 11:46 -------- d-----w- c:\users\Paul-louis\[MFT] Akaboshi Chapitre 14
2009-08-26 16:57 . 2009-08-26 16:30 -------- d-----r- c:\users\Paul-louis\[MFT] DGM Chapitre 187
2009-08-26 16:50 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 16:50 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-25 15:12 . 2009-08-25 10:31 -------- d-----w- c:\users\Paul-louis\[SMK]To Love Ru 161 fr
2009-08-25 15:12 . 2009-08-25 12:56 -------- d-----w- c:\users\Paul-louis\[MFT] Psyren Chapitre 83
2009-08-24 09:50 . 2009-08-24 09:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-24 09:09 . 2009-09-01 13:14 -------- d-----w- c:\program files\Rockstar Games
2009-08-23 23:33 . 2009-08-21 15:41 -------- d-----w- c:\users\Paul-louis\[KT] Kateikyo Hitman Reborn! 254
2009-08-19 00:25 . 2009-08-19 00:25 -------- d-----w- c:\windows\Sun
2009-08-17 13:58 . 2009-08-07 15:56 -------- d-----w- c:\users\Paul-louis\Fairy Tail 146
2009-08-16 15:43 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-16 15:43 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-16 15:43 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-16 15:43 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-16 15:43 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-16 15:43 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-16 15:43 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-16 15:43 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-15 17:45 . 2009-08-15 17:45 684872 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-08-15 17:44 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-15 17:44 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-15 17:44 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-15 17:44 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-15 17:44 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-15 17:44 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-15 17:44 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-15 17:44 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-06 15:33 . 2009-08-06 15:33 -------- d-sh--w- c:\windows\ftpcache
2009-08-05 22:43 . 2009-08-29 07:48 -------- d-----w- c:\program files\Ubisoft
2009-08-04 18:20 . 2009-08-05 06:57 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\Image Zone Express
2009-08-04 18:20 . 2009-08-04 18:20 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\Printer Info Cache
2009-08-04 18:18 . 2009-08-04 18:18 -------- d-----w- c:\programdata\WEBREG
2009-08-04 18:17 . 2009-08-04 18:19 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\HP
2009-08-04 18:16 . 2009-08-04 18:16 -------- d-----w- c:\programdata\HPSSUPPLY
2009-08-04 18:13 . 2009-08-04 18:13 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-08-04 18:13 . 2009-08-04 18:13 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-04 18:13 . 2009-08-04 18:16 -------- d-----w- c:\program files\Common Files\HP
2009-08-04 18:11 . 2006-11-16 17:16 38912 ----a-w- c:\windows\system32\HPBPRO.DLL
2009-08-04 18:11 . 2006-11-16 17:15 25600 ----a-w- c:\windows\system32\HPBOID.DLL
2009-08-04 18:11 . 2009-08-04 18:16 -------- d-----w- c:\program files\HP
2009-08-04 18:10 . 2009-08-04 18:19 146289 ----a-w- c:\windows\hpoins18.dat
2009-08-04 18:10 . 2009-08-04 18:19 -------- d-----w- c:\programdata\HP
2009-08-04 18:10 . 2007-02-01 08:24 258048 ----a-w- c:\windows\system32\hpzids01.dll
2009-08-04 18:10 . 2007-03-01 00:11 6600 ----a-w- c:\windows\hpomdl18.dat
2009-08-04 17:58 . 2009-08-04 17:58 -------- d-----w- c:\programdata\Hewlett-Packard
2009-08-04 17:56 . 2006-12-15 20:19 675840 ----a-w- c:\windows\system32\hpowiav1.dll
2009-08-04 17:56 . 2006-12-15 20:19 303104 ----a-w- c:\windows\system32\hpovst01.dll
2009-08-04 17:56 . 2006-12-15 20:19 897024 ----a-w- c:\windows\system32\hpotiop1.dll
2009-08-04 17:55 . 2007-02-02 09:27 117760 ----a-w- c:\windows\system32\hpz3l4v2.dll
2009-08-04 17:55 . 2006-11-16 17:16 7680 ----a-w- c:\windows\system32\HPBPROPS.DLL
2009-08-04 17:55 . 2006-11-16 17:16 24576 ----a-w- c:\windows\system32\HPBMIAPI.DLL
2009-08-04 17:55 . 2006-11-16 17:16 7680 ----a-w- c:\windows\system32\HPBOIDPS.DLL
2009-08-04 17:55 . 2006-06-06 12:20 241721 ----a-w- c:\windows\system32\HPBMINI.DLL
2009-08-04 17:55 . 2005-06-20 12:33 94208 ----a-w- c:\windows\system32\HPJIPX1U.DLL
2009-08-04 17:55 . 2005-06-20 12:33 163840 ----a-w- c:\windows\system32\HPJCMN2U.DLL
2009-08-04 17:55 . 2005-06-20 12:33 49152 ----a-w- c:\windows\system32\HPBNRAC2.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 16:25 . 2009-07-05 18:11 153322 ----a-w- c:\programdata\nvModes.dat
2009-09-01 15:48 . 2009-03-24 13:40 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 3
2009-09-01 15:39 . 2009-02-26 10:37 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\uTorrent
2009-09-01 15:24 . 2008-04-10 16:15 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-01 15:24 . 2008-04-10 16:15 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-01 15:22 . 2009-03-05 17:13 -------- d-----w- c:\programdata\avg8
2009-09-01 15:11 . 2009-02-28 13:44 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-01 14:40 . 2009-07-08 17:19 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\vlc
2009-09-01 13:14 . 2008-04-10 06:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-31 14:47 . 2009-04-11 21:11 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\dvdcss
2009-08-15 20:05 . 2008-04-10 07:24 -------- d-----w- c:\programdata\Microsoft Help
2009-08-15 20:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-15 18:03 . 2009-02-28 12:00 -------- d-----w- c:\program files\Safari
2009-08-15 17:47 . 2009-06-25 14:32 -------- d-----w- c:\program files\Activision
2009-08-06 17:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-08-06 14:13 . 2009-02-26 08:03 104256 ----a-w- c:\users\Paul-louis\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-01 21:08 . 2009-08-01 21:08 -------- d-----w- c:\program files\CAPCOM
2009-08-01 18:32 . 2009-07-05 16:57 -------- d-----w- c:\program files\Codemasters
2009-08-01 17:37 . 2009-08-01 17:37 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\FUEL
2009-08-01 17:24 . 2009-08-01 17:23 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-31 09:31 . 2009-03-05 17:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-31 09:31 . 2009-03-05 17:13 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-31 09:31 . 2009-03-05 17:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-29 09:59 . 2009-07-27 23:03 -------- d-----w- c:\programdata\Electronic Arts
2009-07-28 16:04 . 2009-07-28 16:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2009-07-27 23:03 . 2009-07-27 22:49 -------- d-----w- c:\program files\Electronic Arts
2009-07-27 23:03 . 2009-07-27 23:03 1202 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-07-18 22:16 . 2009-07-18 22:16 -------- d-----w- c:\program files\iTunes
2009-07-18 22:16 . 2009-07-18 22:16 -------- d-----w- c:\program files\iPod
2009-07-18 22:16 . 2009-02-26 15:02 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 22:12 . 2009-07-18 22:12 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-18 22:02 . 2009-02-26 16:54 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-18 16:06 . 2009-07-29 10:54 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 10:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 10:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-14 15:17 . 2009-07-14 15:17 15308440 ----a-w- c:\windows\system32\xlive.dll
2009-07-14 15:17 . 2009-07-14 15:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-06 07:02 . 2009-02-27 00:55 680 ----a-w- c:\users\Paul-louis\AppData\Local\d3d9caps.dat
2009-07-06 07:02 . 2008-04-10 06:59 -------- d-----w- c:\programdata\NVIDIA
2009-07-05 18:11 . 2009-03-04 18:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-05 18:10 . 2009-03-04 18:56 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-05 17:52 . 2009-07-05 17:52 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-05 17:52 . 2009-07-05 17:52 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\SystemRequirementsLab
2009-07-05 17:52 . 2009-07-05 17:52 290816 ----a-w- c:\users\Paul-louis\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-07-05 17:52 . 2009-07-05 17:52 290816 ----a-w- c:\users\Paul-louis\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-07-05 17:52 . 2009-07-05 17:52 290816 ----a-w- c:\users\Paul-louis\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-07-05 17:52 . 2009-07-05 17:52 290816 ----a-w- c:\users\Paul-louis\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-07-05 17:50 . 2009-07-05 17:50 -------- d-----w- c:\program files\Driver Cleaner Pro
2009-07-04 08:03 . 2009-07-04 08:03 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3094.tmp.exe
2009-06-30 11:18 . 2009-06-30 11:18 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb9A81.tmp.exe
2009-06-15 15:24 . 2009-07-18 22:10 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-18 22:10 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-18 22:10 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-18 22:10 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-05 09:42 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 09:42 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2008-02-06 20:05 . 2008-04-10 07:22 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-04-10 07:14 . 2008-04-10 07:14 122368 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-02-26 270128]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-01 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"CarboniteSetupLite"="c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" [2008-02-22 262080]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-10 29744]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-15 2007832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-27 13781536]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-20 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

c:\users\Paul-louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2009-5-13 53346]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Paul-louis\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1B5BA877-8660-4FC1-8E4A-B4BB50D20810}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{BB3A1679-D85A-42AD-8B2F-A64A178F7E1B}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{05693228-4B63-4908-97E8-A00172AAFCD0}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D596FA4C-355D-4BAE-9586-F39040849690}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{15812D54-0E01-4530-9996-638DE2ACCEC3}c:\\program files\\flashget network\\flashget universal\\flashget.exe"= UDP:c:\program files\flashget network\flashget universal\flashget.exe:flashget
"UDP Query User{7B4BB99E-C496-4795-9075-41C7F4B83175}c:\\program files\\flashget network\\flashget universal\\flashget.exe"= TCP:c:\program files\flashget network\flashget universal\flashget.exe:flashget
"{2E68CE44-E2F1-4021-A03E-EC4229D7F558}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2D1E8050-0598-4A8F-A0E3-D4A180A4F5A0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4EDD8C00-5421-405A-9491-56334DAA2BAF}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{707F5877-8913-4975-90F1-45456CB3DEFE}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{1ECFCB30-E111-48DF-8498-F984917F06C4}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{FBEA7E15-837E-4C3C-B7B2-74BA52561D6F}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{BD1DCCAE-B954-49D7-AE54-FD4DDD983753}"= UDP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{F2F9B250-4135-4B6C-B4D8-1F64D590A92E}"= TCP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"TCP Query User{7E875C2F-E197-4719-BEE4-382D08579B41}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{13CADC39-4DBC-4593-A916-244960B04978}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{D61AD3D8-729F-45CA-A047-92A140B3AFA5}c:\\program files\\snatch_server\\winsnatch.exe"= UDP:c:\program files\snatch_server\winsnatch.exe:Snatch Server for Windows
"UDP Query User{853E49DA-1C81-48E4-8C47-18C46AD11CF7}c:\\program files\\snatch_server\\winsnatch.exe"= TCP:c:\program files\snatch_server\winsnatch.exe:Snatch Server for Windows
"{24D053AA-3B41-4344-BAA3-241006091827}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{93B230EF-7108-4466-9ADF-9CD77B352BDF}c:\\program files\\mozilla firefox 3.1 beta 3\\firefox.exe"= UDP:c:\program files\mozilla firefox 3.1 beta 3\firefox.exe:Firefox
"UDP Query User{063F90F1-E48C-44F0-AAEA-D515597FEEE4}c:\\program files\\mozilla firefox 3.1 beta 3\\firefox.exe"= TCP:c:\program files\mozilla firefox 3.1 beta 3\firefox.exe:Firefox
"TCP Query User{C2EDD3E9-F9D8-482E-916F-04C22CA6C328}c:\\program files\\bitblinder\\bitblinder.exe"= UDP:c:\program files\bitblinder\bitblinder.exe:Prototype anonymity application
"UDP Query User{39F02F80-0939-428A-B400-3B5546EE27F2}c:\\program files\\bitblinder\\bitblinder.exe"= TCP:c:\program files\bitblinder\bitblinder.exe:Prototype anonymity application
"{F5B1434B-BDEE-426A-A35F-14BB71208527}"= UDP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{4E4AB34D-5C78-44D7-8ED5-8E7E368915E6}"= TCP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{19FED297-8507-4723-A91E-2A6AF3F1AC3F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D99239FE-07DA-4773-8116-6CAA00D002DC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{16A90F30-B854-4437-82B9-66977451BC31}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{E7576072-F89D-41CF-AAB7-583782BDE47B}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{18D19A8E-8CF9-4FD0-B62E-D6B599088A8C}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{2D422741-F82E-46A1-83AE-B514BADB0898}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{C993277F-5E8C-4760-A554-D19204012EEE}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{F95300AF-4369-4459-B920-3D2D70AA9E67}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"TCP Query User{741A7361-3216-4FBA-A2F6-41F2F6FA61F9}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{2E35E698-C428-4774-95E4-86B10668A439}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{8E345A79-A34F-471D-BC46-C9C89149E481}"= UDP:c:\program files\Codemasters\FUEL\FUEL.exe:FUEL
"{B9DDC93E-16EC-4852-8548-6172170924D5}"= TCP:c:\program files\Codemasters\FUEL\FUEL.exe:FUEL
"{7A4E32CB-08EC-4967-96B5-E8EE4D5C5BD6}"= UDP:c:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:Prince of Persia Dx
"{D1E68F56-C5FE-4B82-AFA4-AC758284E463}"= TCP:c:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:Prince of Persia Dx
"{04F24905-3B2D-4B8F-B69F-73F1708EF371}"= UDP:c:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update
"{B45B8C3A-F292-42C9-8218-F7C0FF355F6E}"= TCP:c:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update
"TCP Query User{3E416633-B669-46E9-94C7-53B138C56F40}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"UDP Query User{01402915-BB47-433B-9CC8-76E5F7391583}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"{0833B07E-7382-4595-896B-8004ABED7BFA}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{810C1FF6-2C8B-4C4A-8374-CC50C7F9814C}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{CBE4E656-49F6-46EB-8083-A0FE74ECD028}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{FE93FE60-EA65-42C8-BACF-855255234082}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{6CCC1D3C-FD08-4181-AC59-C02A5292990E}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{EBD83877-4802-442A-A76E-5124AA45F89A}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\FlashGet.exe"= c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdate.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdateEx.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [05/03/2009 19:13 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [05/03/2009 19:13 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [05/03/2009 19:13 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [31/07/2009 11:31 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31/07/2009 11:31 297752]
R3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [10/04/2008 08:38 26496]
R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [10/04/2008 08:38 42496]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [10/04/2008 08:41 46592]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [10/04/2008 09:00 13976]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11/09/2007 00:45 124832]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\System32\drivers\libusb0.sys [28/02/2009 18:28 33792]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [27/03/2009 12:43 28224]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [26/04/2007 09:22 52080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-09-01 c:\windows\Tasks\Extension de garantie-Paul-louis.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-04-10 10:13]

2009-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2724983339-3224448157-354584020-1000Core.job
- c:\users\Paul-louis\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-22 10:49]

2009-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2724983339-3224448157-354584020-1000UA.job
- c:\users\Paul-louis\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-22 10:49]

2009-09-01 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-21 11:14]

2009-09-01 c:\windows\Tasks\Recovery DVD Creator-Paul-louis.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-04-10 10:13]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uInternet Settings,ProxyServer = socks=
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
FF - ProfilePath - c:\users\Paul-louis\AppData\Roaming\Mozilla\Firefox\Profiles\saa7t4cz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.siteduzero.com/index.html
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\np-mswmp.dll
FF - plugin: c:\users\Paul-louis\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 18:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\system32\drivers\kbiwkmrcereqcv.sys 70144 bytes executable
c:\windows\system32\kbiwkmldkyxoyh.dat 20834 bytes
c:\windows\system32\kbiwkmqxpmkyie.dll 44544 bytes executable
c:\windows\system32\kbiwkmsmpibxsy.dat 43 bytes
c:\users\PAUL-L~1\AppData\Local\Temp\kbiwkm000 0 bytes

scan completed successfully
hidden files: 5

**************************************************************************
.
Completion time: 2009-09-01 18:42
ComboFix-quarantined-files.txt 2009-09-01 16:41

Pre-Run: 84 027 453 440 octets libres
Post-Run: 83 811 540 992 octets libres

586 --- E O F --- 2009-09-01 09:55
0
Réponse 9 / 12
neo*** Messages postés 3115 Date d'inscription   Statut Contributeur sécurité Dernière intervention   194
 
slt et excuse moi pour le delai

c'est normal que tu es encore des soucis, combo n'a pas tout supprimé !

/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour ICRESCENDO, il n'est pas transposable sur un autre ordinateur !

Toujours avec toutes les protections désactivées, fais ceci :

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt

CFScript

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : comme ceci

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
0
Réponse 10 / 12
iCrescendo
 
Voila le contenue du log :

ComboFix 09-08-31.04 - Paul-louis 04/09/2009 11:47.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3062.2008 [GMT 2:00]
Running from: c:\users\Paul-louis\Desktop\ComboFix.exe
Command switches used :: c:\users\Paul-louis\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
SP: AVG Internet Security *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\kbiwkmrcereqcv.sys
c:\windows\system32\kbiwkmldkyxoyh.dat
c:\windows\system32\kbiwkmsmpibxsy.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmundinpvb
-------\Service_kbiwkmundinpvb

((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))
.

2009-09-04 09:54 . 2009-09-04 09:56 -------- d-----w- c:\users\Paul-louis\AppData\Local\temp
2009-09-04 09:54 . 2009-09-04 09:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-04 09:54 . 2009-09-04 09:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-03 18:37 . 2009-09-03 18:00 -------- d-----w- c:\users\Paul-louis\[MFT] One Piece Chapitre 556
2009-09-03 10:08 . 2009-09-02 22:20 -------- d-----w- c:\users\Paul-louis\[MFT] TLR Chapitre 162 FIN
2009-09-02 21:27 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 21:27 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 15:41 . 2009-09-04 09:06 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-02 15:41 . 2009-09-02 16:20 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-02 15:41 . 2009-09-02 16:20 -------- d-----w- c:\programdata\avg8
2009-09-02 15:25 . 2009-09-02 15:25 -------- d-----w- c:\programdata\WindowsSearch
2009-09-02 14:36 . 2009-09-01 17:43 -------- d-----w- c:\users\Paul-louis\Beelzebub_Chap_26_MQ_[VTS]
2009-09-02 14:36 . 2007-07-24 08:27 744853 ----a-w- c:\users\Paul-louis\PAVARK.exe
2009-09-02 14:36 . 2009-09-02 14:36 -------- d-----w- c:\users\Paul-louis\Pavark
2009-09-01 15:23 . 2009-09-01 15:47 -------- d-----w- C:\UsbFix
2009-09-01 15:14 . 2009-09-01 15:20 -------- d-----w- C:\ToolBar SD
2009-09-01 14:42 . 2009-09-01 14:42 -------- d-----w- C:\rsit
2009-09-01 14:42 . 2009-09-01 14:42 -------- d-----w- c:\program files\trend micro
2009-09-01 13:12 . 2009-09-01 13:12 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-31 10:50 . 2009-08-31 10:43 -------- d-----w- c:\users\Paul-louis\[MFT] Toriko Chapitre 62
2009-08-31 09:09 . 2009-08-31 09:09 -------- d-----w- c:\users\Paul-louis\ISO
2009-08-30 19:07 . 2009-08-30 16:22 -------- d-----w- c:\users\Paul-louis\Naruto 448 Colo [GFC]
2009-08-30 19:07 . 2009-08-30 17:06 -------- d-----w- c:\users\Paul-louis\[MFT] Psyren Chapitre 84
2009-08-30 10:39 . 2009-08-30 10:49 -------- d-----w- c:\users\Paul-louis\ps2bios
2009-08-30 10:29 . 2009-08-30 10:29 12862 ----a-r- c:\users\Paul-louis\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2009-08-30 10:29 . 2009-08-30 10:29 -------- d-----w- c:\program files\Pcsx2
2009-08-30 01:07 . 2009-08-30 01:07 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\Ubisoft
2009-08-29 22:17 . 2009-08-29 22:17 -------- d-----w- c:\users\Paul-louis\[TnS] Defense Devil 18
2009-08-29 14:37 . 2009-08-27 02:12 -------- d-----w- c:\users\Paul-louis\[Fairy-Team]_Fairy_Tail_149
2009-08-29 14:35 . 2009-08-11 01:36 -------- d-----w- c:\users\Paul-louis\[SMK]Beelzebub 24 Fr
2009-08-29 08:09 . 2009-08-29 08:09 -------- d-----w- c:\programdata\Ubisoft
2009-08-29 01:56 . 2009-08-28 22:26 -------- d-----w- c:\users\Paul-louis\BKT_Chapitre_371
2009-08-28 22:37 . 2009-08-28 21:35 -------- d-----w- c:\users\Paul-louis\[MFT] One Piece Chapitre 555
2009-08-28 22:30 . 2009-08-28 22:30 -------- d-----w- c:\users\Paul-louis\[TnS] Defense devil 17
2009-08-28 22:29 . 2009-08-27 15:02 -------- d-----w- c:\users\Paul-louis\[MFT] Toriko Chapitre 61
2009-08-28 22:29 . 2009-08-28 20:39 -------- d-----w- c:\users\Paul-louis\[MFT] Naruto Chapitre 461
2009-08-28 22:29 . 2009-08-27 03:31 -------- d-----w- c:\users\Paul-louis\[SMK]Beelzebub 25 fr
2009-08-28 22:29 . 2009-08-28 20:38 -------- d-----w- c:\users\Paul-louis\[KT]Kateikyo Hitman Reborn! 255
2009-08-27 01:01 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 16:57 . 2009-08-26 11:46 -------- d-----w- c:\users\Paul-louis\[MFT] Akaboshi Chapitre 14
2009-08-26 16:57 . 2009-08-26 16:30 -------- d-----r- c:\users\Paul-louis\[MFT] DGM Chapitre 187
2009-08-25 15:12 . 2009-08-25 10:31 -------- d-----w- c:\users\Paul-louis\[SMK]To Love Ru 161 fr
2009-08-25 15:12 . 2009-08-25 12:56 -------- d-----w- c:\users\Paul-louis\[MFT] Psyren Chapitre 83
2009-08-24 09:50 . 2009-08-24 09:50 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-24 09:09 . 2009-09-01 13:14 -------- d-----w- c:\program files\Rockstar Games
2009-08-23 23:33 . 2009-08-21 15:41 -------- d-----w- c:\users\Paul-louis\[KT] Kateikyo Hitman Reborn! 254
2009-08-19 00:25 . 2009-08-19 00:25 -------- d-----w- c:\windows\Sun
2009-08-17 13:58 . 2009-08-07 15:56 -------- d-----w- c:\users\Paul-louis\Fairy Tail 146
2009-08-16 15:43 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-16 15:43 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-16 15:43 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-16 15:43 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-16 15:43 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-16 15:43 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-16 15:43 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-16 15:43 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-15 17:45 . 2009-08-15 17:45 684872 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-08-15 17:44 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-15 17:44 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-15 17:44 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-15 17:44 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-15 17:44 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-15 17:44 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-15 17:44 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-15 17:44 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-06 15:33 . 2009-08-06 15:33 -------- d-sh--w- c:\windows\ftpcache
2009-08-05 22:43 . 2009-08-29 07:48 -------- d-----w- c:\program files\Ubisoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 09:56 . 2009-07-05 18:11 186946 ----a-w- c:\programdata\nvModes.dat
2009-09-04 09:12 . 2009-02-26 10:37 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\uTorrent
2009-09-03 22:09 . 2009-07-08 17:19 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\vlc
2009-09-03 14:15 . 2009-04-11 21:11 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\dvdcss
2009-09-03 12:20 . 2008-04-10 16:15 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-09-03 12:20 . 2008-04-10 16:15 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-09-02 21:23 . 2009-03-22 19:04 -------- d-----w- c:\program files\DivX
2009-09-02 21:22 . 2009-03-22 19:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-02 16:20 . 2009-09-02 16:20 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-09-02 16:20 . 2009-09-02 16:20 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-02 16:20 . 2009-09-02 15:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-02 16:20 . 2009-09-02 15:41 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-02 16:20 . 2009-09-02 15:41 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-09-02 15:41 . 2009-09-02 16:20 10520 ----a-w- c:\programdata\avg8\update\backup\avgrsstx.dll
2009-09-02 15:41 . 2009-09-02 16:20 12936 ----a-w- c:\programdata\avg8\update\backup\avgrkx86.sys
2009-09-02 15:41 . 2009-09-02 16:20 69128 ----a-w- c:\programdata\avg8\update\backup\avgwfpx.sys
2009-09-02 15:41 . 2009-09-02 16:20 97928 ----a-w- c:\programdata\avg8\update\backup\avgldx86.sys
2009-09-02 15:41 . 2009-09-02 16:20 26824 ----a-w- c:\programdata\avg8\update\backup\avgmfx86.sys
2009-09-02 15:41 . 2009-09-02 16:20 287000 ----a-w- c:\programdata\avg8\update\backup\avgrsx.exe
2009-09-02 15:41 . 2009-09-02 16:15 641304 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-09-02 15:41 . 2009-09-02 16:15 443672 ----a-w- c:\programdata\avg8\update\backup\avgiproxy.exe
2009-09-02 15:41 . 2009-09-02 16:15 1082624 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-09-02 15:41 . 2009-09-02 16:14 583960 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-09-02 15:32 . 2009-03-24 13:40 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 3
2009-09-01 15:11 . 2009-02-28 13:44 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-01 13:14 . 2008-04-10 06:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-15 20:05 . 2008-04-10 07:24 -------- d-----w- c:\programdata\Microsoft Help
2009-08-15 20:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-15 18:03 . 2009-02-28 12:00 -------- d-----w- c:\program files\Safari
2009-08-15 17:47 . 2009-06-25 14:32 -------- d-----w- c:\program files\Activision
2009-08-14 04:58 . 2009-09-02 06:53 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-06 17:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-08-06 14:13 . 2009-02-26 08:03 104256 ----a-w- c:\users\Paul-louis\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-05 06:57 . 2009-08-04 18:20 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\Image Zone Express
2009-08-04 18:20 . 2009-08-04 18:20 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\Printer Info Cache
2009-08-04 18:19 . 2009-08-04 18:10 -------- d-----w- c:\programdata\HP
2009-08-04 18:19 . 2009-08-04 18:17 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\HP
2009-08-04 18:19 . 2009-08-04 18:10 146289 ----a-w- c:\windows\hpoins18.dat
2009-08-04 18:18 . 2009-08-04 18:18 -------- d-----w- c:\programdata\WEBREG
2009-08-04 18:16 . 2009-08-04 18:16 -------- d-----w- c:\programdata\HPSSUPPLY
2009-08-04 18:16 . 2009-08-04 18:11 -------- d-----w- c:\program files\HP
2009-08-04 18:16 . 2009-08-04 18:13 -------- d-----w- c:\program files\Common Files\HP
2009-08-04 18:13 . 2009-08-04 18:13 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-08-04 18:13 . 2009-08-04 18:13 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-04 17:58 . 2009-08-04 17:58 -------- d-----w- c:\programdata\Hewlett-Packard
2009-08-01 21:08 . 2009-08-01 21:08 -------- d-----w- c:\program files\CAPCOM
2009-08-01 18:32 . 2009-07-05 16:57 -------- d-----w- c:\program files\Codemasters
2009-08-01 17:37 . 2009-08-01 17:37 -------- d-----w- c:\users\Paul-louis\AppData\Roaming\FUEL
2009-08-01 17:24 . 2009-08-01 17:23 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-07-29 09:59 . 2009-07-27 23:03 -------- d-----w- c:\programdata\Electronic Arts
2009-07-28 16:04 . 2009-07-28 16:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2009-07-27 23:03 . 2009-07-27 22:49 -------- d-----w- c:\program files\Electronic Arts
2009-07-27 23:03 . 2009-07-27 23:03 1202 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-07-18 22:16 . 2009-07-18 22:16 -------- d-----w- c:\program files\iTunes
2009-07-18 22:16 . 2009-07-18 22:16 -------- d-----w- c:\program files\iPod
2009-07-18 22:16 . 2009-02-26 15:02 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 22:12 . 2009-07-18 22:12 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-18 22:02 . 2009-02-26 16:54 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-18 16:06 . 2009-07-29 10:54 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 10:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 10:54 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-14 15:17 . 2009-07-14 15:17 15308440 ----a-w- c:\windows\system32\xlive.dll
2009-07-14 15:17 . 2009-07-14 15:17 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-07-06 07:02 . 2009-02-27 00:55 680 ----a-w- c:\users\Paul-louis\AppData\Local\d3d9caps.dat
2009-07-05 17:52 . 2009-07-05 17:52 290816 ----a-w- c:\users\Paul-louis\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-07-05 17:52 . 2009-07-05 17:52 290816 ----a-w- c:\users\Paul-louis\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-07-05 17:52 . 2009-07-05 17:52 290816 ----a-w- c:\users\Paul-louis\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-07-05 17:52 . 2009-07-05 17:52 290816 ----a-w- c:\users\Paul-louis\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-07-04 08:03 . 2009-07-04 08:03 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3094.tmp.exe
2009-06-30 11:18 . 2009-06-30 11:18 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb9A81.tmp.exe
2009-06-15 15:24 . 2009-07-18 22:10 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-18 22:10 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-18 22:10 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-18 22:10 289792 ----a-w- c:\windows\system32\atmfd.dll
2008-02-06 20:05 . 2008-04-10 07:22 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-04-10 07:14 . 2008-04-10 07:14 122368 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-02-26 270128]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-01 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"CarboniteSetupLite"="c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" [2008-02-22 262080]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-10 29744]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-27 13781536]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-20 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-02 2007832]

c:\users\Paul-louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2009-5-13 53346]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Paul-louis\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1B5BA877-8660-4FC1-8E4A-B4BB50D20810}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{BB3A1679-D85A-42AD-8B2F-A64A178F7E1B}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{05693228-4B63-4908-97E8-A00172AAFCD0}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D596FA4C-355D-4BAE-9586-F39040849690}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{15812D54-0E01-4530-9996-638DE2ACCEC3}c:\\program files\\flashget network\\flashget universal\\flashget.exe"= UDP:c:\program files\flashget network\flashget universal\flashget.exe:flashget
"UDP Query User{7B4BB99E-C496-4795-9075-41C7F4B83175}c:\\program files\\flashget network\\flashget universal\\flashget.exe"= TCP:c:\program files\flashget network\flashget universal\flashget.exe:flashget
"{2E68CE44-E2F1-4021-A03E-EC4229D7F558}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2D1E8050-0598-4A8F-A0E3-D4A180A4F5A0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BD1DCCAE-B954-49D7-AE54-FD4DDD983753}"= UDP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{F2F9B250-4135-4B6C-B4D8-1F64D590A92E}"= TCP:c:\program files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"TCP Query User{7E875C2F-E197-4719-BEE4-382D08579B41}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{13CADC39-4DBC-4593-A916-244960B04978}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{D61AD3D8-729F-45CA-A047-92A140B3AFA5}c:\\program files\\snatch_server\\winsnatch.exe"= UDP:c:\program files\snatch_server\winsnatch.exe:Snatch Server for Windows
"UDP Query User{853E49DA-1C81-48E4-8C47-18C46AD11CF7}c:\\program files\\snatch_server\\winsnatch.exe"= TCP:c:\program files\snatch_server\winsnatch.exe:Snatch Server for Windows
"{24D053AA-3B41-4344-BAA3-241006091827}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{93B230EF-7108-4466-9ADF-9CD77B352BDF}c:\\program files\\mozilla firefox 3.1 beta 3\\firefox.exe"= UDP:c:\program files\mozilla firefox 3.1 beta 3\firefox.exe:Firefox
"UDP Query User{063F90F1-E48C-44F0-AAEA-D515597FEEE4}c:\\program files\\mozilla firefox 3.1 beta 3\\firefox.exe"= TCP:c:\program files\mozilla firefox 3.1 beta 3\firefox.exe:Firefox
"TCP Query User{C2EDD3E9-F9D8-482E-916F-04C22CA6C328}c:\\program files\\bitblinder\\bitblinder.exe"= UDP:c:\program files\bitblinder\bitblinder.exe:Prototype anonymity application
"UDP Query User{39F02F80-0939-428A-B400-3B5546EE27F2}c:\\program files\\bitblinder\\bitblinder.exe"= TCP:c:\program files\bitblinder\bitblinder.exe:Prototype anonymity application
"{F5B1434B-BDEE-426A-A35F-14BB71208527}"= UDP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{4E4AB34D-5C78-44D7-8ED5-8E7E368915E6}"= TCP:c:\program files\Activision\Prototype\prototypef.exe:Prototype(TM)
"{19FED297-8507-4723-A91E-2A6AF3F1AC3F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D99239FE-07DA-4773-8116-6CAA00D002DC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{16A90F30-B854-4437-82B9-66977451BC31}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{E7576072-F89D-41CF-AAB7-583782BDE47B}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:Burnout(TM) Paradise The Ultimate Box
"{18D19A8E-8CF9-4FD0-B62E-D6B599088A8C}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{2D422741-F82E-46A1-83AE-B514BADB0898}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:Burnout(TM) Paradise The Ultimate Box
"{C993277F-5E8C-4760-A554-D19204012EEE}"= UDP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"{F95300AF-4369-4459-B920-3D2D70AA9E67}"= TCP:c:\program files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:Burnout(TM) Paradise The Ultimate Box
"TCP Query User{741A7361-3216-4FBA-A2F6-41F2F6FA61F9}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{2E35E698-C428-4774-95E4-86B10668A439}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{8E345A79-A34F-471D-BC46-C9C89149E481}"= UDP:c:\program files\Codemasters\FUEL\FUEL.exe:FUEL
"{B9DDC93E-16EC-4852-8548-6172170924D5}"= TCP:c:\program files\Codemasters\FUEL\FUEL.exe:FUEL
"{7A4E32CB-08EC-4967-96B5-E8EE4D5C5BD6}"= UDP:c:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:Prince of Persia Dx
"{D1E68F56-C5FE-4B82-AFA4-AC758284E463}"= TCP:c:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:Prince of Persia Dx
"{04F24905-3B2D-4B8F-B69F-73F1708EF371}"= UDP:c:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update
"{B45B8C3A-F292-42C9-8218-F7C0FF355F6E}"= TCP:c:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update
"TCP Query User{3E416633-B669-46E9-94C7-53B138C56F40}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= UDP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"UDP Query User{01402915-BB47-433B-9CC8-76E5F7391583}c:\\program files\\microsoft games\\age of empires ii\\empires2.exe"= TCP:c:\program files\microsoft games\age of empires ii\empires2.exe:Age of Empires II
"{0833B07E-7382-4595-896B-8004ABED7BFA}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{810C1FF6-2C8B-4C4A-8374-CC50C7F9814C}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{CBE4E656-49F6-46EB-8083-A0FE74ECD028}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{FE93FE60-EA65-42C8-BACF-855255234082}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{6CCC1D3C-FD08-4181-AC59-C02A5292990E}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{EBD83877-4802-442A-A76E-5124AA45F89A}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{E697BA91-02C0-403D-B849-C831BFF74FE0}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{E978175C-B302-4843-ACB7-DCBC1D28F10F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\FlashGet.exe"= c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdate.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"c:\\Program Files\\FlashGet Network\\FlashGet universal\\LiveUpdateEx.exe"= c:\program files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2007-10-08 28224]
R3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-26 52080]
R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [x]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-09-02 12552]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2009-09-02 23832]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-09-02 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-09-02 108552]
S2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-09-02 297752]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-09-02 1370488]
S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2007-08-19 26496]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2007-08-19 42496]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-01-08 46592]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-09-04 c:\windows\Tasks\Extension de garantie-Paul-louis.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-04-10 10:13]

2009-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2724983339-3224448157-354584020-1000Core.job
- c:\users\Paul-louis\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-22 10:49]

2009-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2724983339-3224448157-354584020-1000UA.job
- c:\users\Paul-louis\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-22 10:49]

2009-09-04 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-21 11:14]

2009-09-04 c:\windows\Tasks\Recovery DVD Creator-Paul-louis.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-04-10 10:13]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uInternet Settings,ProxyServer = socks=
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
FF - ProfilePath - c:\users\Paul-louis\AppData\Roaming\Mozilla\Firefox\Profiles\saa7t4cz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.siteduzero.com/index.html
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\np-mswmp.dll
FF - plugin: c:\users\Paul-louis\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-2724983339-3224448157-354584020-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3352)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\IoctlSvc.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\System32\nvvsvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVG\AVG8\avgscanx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
Program Files\AVG\AVG8\avgscanx.exe
.
**************************************************************************
.
Completion time: 2009-09-04 12:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-04 10:07
ComboFix2.txt 2009-09-01 16:42

Pre-Run: 80 886 476 800 octets libres
Post-Run: 80 412 966 912 octets libres

665 --- E O F --- 2009-09-04 09:10
0
Réponse 11 / 12
neo*** Messages postés 3115 Date d'inscription   Statut Contributeur sécurité Dernière intervention   194
 
Imprime ces instructions ou sauvegarde les sur ton Bureau car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

Télécharge Malwarebytes’ Anti-Malware

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX)

- Sur la page cliques sur Télécharger Malwarebyte’s Anti-Malware
- Enregistres le sur le bureau
- Clic droit en tant qu'admin sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, met à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes
- Clic droit en tant qu'admin sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Cliques sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu cliques dessus pour l’afficher une fois affiché
- Tu cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu cliques droit dans le cadre de la réponse et coller

Si tu as besoin d’aide regarde ce tutorial

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
ps: s'il te demande de redemarrer : fais le !
0
Réponse 12 / 12
iCrescendo
 
bonjour je vous remercie de toute l'aide que vous m'avez apporté et étant donné l'arriver prochaine de windows seven et le fait que le message est disparu de toute les façon je devrai reformater mon pc et par conséquent virer ce rootkit
merci beaucoup
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
Pb Windows 7, .EXE n'est pas app win32 valide
Witeric -
Lio -

15 réponses