Xucqdncuxcp.exe quésaco?
Fermé
SanSuijin
Messages postés
4
Date d'inscription
samedi 12 septembre 2009
Statut
Membre
Dernière intervention
13 septembre 2009
-
12 sept. 2009 à 14:28
Utilisateur anonyme - 13 sept. 2009 à 13:49
Utilisateur anonyme - 13 sept. 2009 à 13:49
5 réponses
Utilisateur anonyme
12 sept. 2009 à 15:03
12 sept. 2009 à 15:03
bonjour
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
- http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
- Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
- laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
- http://images.malwareremoval.com/random/RSIT.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
- Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
- laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
SanSuijin
Messages postés
4
Date d'inscription
samedi 12 septembre 2009
Statut
Membre
Dernière intervention
13 septembre 2009
12 sept. 2009 à 17:34
12 sept. 2009 à 17:34
Logfile of random's system information tool 1.06 (written by random/random)
Run by Chabanne at 2009-09-12 15:10:58
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 563 MB (2%) free of 29 GB
Total RAM: 1023 MB (53% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-23 304736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
VMN Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - D:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2008-03-05 86016]
{A057A204-BACC-4D26-8287-79A187E26987} - []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"VMConsole.exe"=C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe [2004-06-23 557056]
"VZRemoteCommander"=C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe [2004-08-05 184320]
"BitDefender Antiphishing Helper"=D:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [2007-10-09 61440]
"BDAgent"=D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-09-16 368640]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\taskbaricon.exe [2004-10-05 61440]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-11-23 185872]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"ArcSoft Connection Service"=C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-04-17 98616]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2006-11-06 81920]
"QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"AdobeCS4ServiceManager"=C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"AlcoholAutomount"=D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-02 203928]
"autochk"=- []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\Program Files\iTunes\iTunesHelper.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-03-16 24095528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant d'Acrobat.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [2003-07-30 217195]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
D:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2007-11-15 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^État de l'enregistrement.lnk]
C:\PROGRA~1\Sony\VAIOEN~1\VZTRAY~1.EXE [2004-11-02 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chabanne^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
C:\PROGRA~1\MICROS~4\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VCI"=2
"VAIOMediaPlatform-Mobile-Gateway"=3
"VAIOMediaPlatform-IntegratedServer-UPnP"=3
"VAIOMediaPlatform-IntegratedServer-HTTP"=3
"VAIOMediaPlatform-IntegratedServer-AppServer"=3
"ose"=3
"odserv"=3
"LBTServ"=3
"JavaQuickStarterService"=2
"iPod Service"=3
"Apple Mobile Device"=2
"ACDaemon"=2
C:\Documents and Settings\Chabanne\Menu Démarrer\Programmes\Démarrage
Stardock ObjectDock.lnk - D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2007-11-15 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="D:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"D:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="D:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"D:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="D:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"D:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="D:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Program Files\Midtown Madness 2\midtown2.icd"="D:\Program Files\Midtown Madness 2\midtown2.icd:*:Enabled:Midtown Madness 2 Executable"
"D:\Program Files\Halo (lSeut)\halo.exe"="D:\Program Files\Halo (lSeut)\halo.exe:*:Disabled:Halo"
"D:\Program Files\UT2004\System\UT2004.exe"="D:\Program Files\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe"="C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe:*:Disabled:Navigateur Internet"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Program Files\Cyanide\GameCenter\GameCenter.exe"="D:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"D:\Program Files\CS_hl1\CS\hl.exe"="D:\Program Files\CS_hl1\CS\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Copie de Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Copie de Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Bureau\San\Download\racer\racer.exe"="D:\Bureau\San\Download\racer\racer.exe:*:Enabled:racer"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"G:\Nexuiz\nexuiz.exe"="G:\Nexuiz\nexuiz.exe:*:Enabled:Nexuiz"
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"D:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"D:\Program Files\Halo (lSeut)\Halo Server\haloded.exe"="D:\Program Files\Halo (lSeut)\Halo Server\haloded.exe:*:Enabled:Halo"
"D:\Program Files\TmNationsForever\TmForever.exe"="D:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"D:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="D:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\Program Files\Xfire\xfire.exe"="D:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"D:\Program Files\Cyanide\Loki\Loki.exe"="D:\Program Files\Cyanide\Loki\Loki.exe:*:Enabled:Loki"
"D:\Program Files\Cyanide\Loki\Autorun\AutoRun.exe"="D:\Program Files\Cyanide\Loki\Autorun\AutoRun.exe:*:Enabled:Loki - AutoRun"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Warhammer.exe"="D:\Warhammer.exe:*:Enabled:Warhammer®: Mark of Chaos™"
"D:\Bureau\San\Halo Zero\halozero.exe"="D:\Bureau\San\Halo Zero\halozero.exe:*:Enabled:Halo Zero "
"O:\Program Files\Microsoft Games\Midtown Madness 2\midtown2.exe"="O:\Program Files\Microsoft Games\Midtown Madness 2\midtown2.exe:*:Enabled:Midtown Madness 2 Executable"
"D:\Bureau\San\Download\cs2d_0114_win\CounterStrike2D.exe"="D:\Bureau\San\Download\cs2d_0114_win\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"D:\Program Files\Kong\Kong.exe"="D:\Program Files\Kong\Kong.exe:*:Enabled:Kong"
"D:\Program Files\RndLabs\BaboViolent 2\bv2.exe"="D:\Program Files\RndLabs\BaboViolent 2\bv2.exe:*:Disabled:bv2"
"D:\Program Files\id Software\Quake 4\quake4.exe"="D:\Program Files\id Software\Quake 4\quake4.exe:*:Enabled:Quake 4"
"D:\Program Files\id Software\Quake III Arena\quake3.exe"="D:\Program Files\id Software\Quake III Arena\quake3.exe:*:Enabled:quake3"
"D:\Program Files\CS\hl.exe"="D:\Program Files\CS\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="D:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"D:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="D:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"D:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="D:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"D:\Program Files\Flatout2\flatout2.exe"="D:\Program Files\Flatout2\flatout2.exe:*:Enabled:flatout2.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"D:\Program Files\ma-config.com\maconfservice.exe"="D:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60383ee6-77b3-11de-9185-00112faa2203}]
shell\AutoRun\command - M:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e302568-3606-11dc-8dd2-bae5e71ae305}]
shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a41d829e-6cb2-11db-8cda-806d6172696f}]
shell\AutoRun\command - E:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5f933ee-2c34-11de-90f1-00112faa2203}]
shell\AutoRun\command - O:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2ee0381-ebc8-11dd-907d-00112faa2203}]
shell\AutoRun\command - G:\AutoStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff0e1552-b1bd-11dd-902e-00112faa2203}]
shell\??\command - taipingtianguov1.1.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe
======List of files/folders created in the last 2 months======
2009-09-12 15:10:59 ----D---- C:\Program Files\trend micro
2009-09-12 15:10:58 ----D---- C:\rsit
2009-09-05 22:48:23 ----D---- C:\Documents and Settings\Chabanne\Application Data\Real Desktop
2009-09-05 18:00:02 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-05 18:00:02 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-05 18:00:02 ----A---- C:\WINDOWS\system32\java.exe
2009-09-04 17:04:07 ----N---- C:\WINDOWS\system32\autochk.dll
2009-09-01 17:48:57 ----D---- C:\Documents and Settings\Chabanne\Application Data\RadiantSettings
2009-09-01 16:25:13 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-09-01 16:25:13 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-09-01 16:25:12 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-09-01 16:25:12 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-09-01 16:25:12 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-09-01 16:25:11 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-09-01 16:25:10 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-08-28 15:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-28 11:43:54 ----D---- C:\Program Files\Fichiers communs\DESIGNER
2009-08-27 22:42:15 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-27 22:42:13 ----D---- C:\Program Files\MSBuild
2009-08-27 22:42:12 ----D---- C:\WINDOWS\system32\en-US
2009-08-27 22:42:08 ----D---- C:\Program Files\Reference Assemblies
2009-08-27 22:37:39 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-27 22:37:39 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-27 22:37:39 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-27 22:16:17 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-27 17:32:58 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared
2009-08-27 14:44:30 ----D---- C:\Documents and Settings\Chabanne\Application Data\Download Manager
2009-08-27 14:40:27 ----D---- C:\Documents and Settings\Chabanne\Application Data\.purple
2009-08-26 17:55:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-26 17:55:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-26 17:55:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-26 17:55:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-26 17:55:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-26 17:55:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-26 17:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-26 17:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-26 17:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-26 17:51:50 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-04 13:24:57 ----D---- C:\Documents and Settings\Chabanne\Application Data\Nokia
2009-08-04 13:23:47 ----D---- C:\Nokia
2009-07-29 11:38:59 ----D---- C:\Documents and Settings\Chabanne\Application Data\id Software
2009-07-29 11:38:35 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-07-26 11:03:16 ----D---- C:\Program Files\EA SPORTS
2009-07-25 19:51:13 ----D---- C:\Program Files\GameSpy Arcade
2009-07-24 19:49:01 ----D---- C:\Documents and Settings\Chabanne\Application Data\Warsow
2009-07-16 15:06:29 ----D---- C:\Documents and Settings\Chabanne\Application Data\Battle Tanks
2009-07-15 23:16:33 ----D---- C:\Documents and Settings\Chabanne\Application Data\Wormux
2009-07-15 17:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 17:22:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 17:20:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
======List of files/folders modified in the last 2 months======
2009-09-12 15:10:59 ----RD---- C:\Program Files
2009-09-12 14:17:59 ----D---- C:\WINDOWS\Temp
2009-09-12 14:17:32 ----D---- C:\WINDOWS\system32
2009-09-12 13:50:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-12 13:49:15 ----D---- C:\Program Files\Wanadoo
2009-09-06 21:36:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-06 21:36:33 ----D---- C:\Documents and Settings\Chabanne\Application Data\WTablet
2009-09-06 21:36:22 ----A---- C:\WINDOWS\bdagent.INI
2009-09-06 18:05:04 ----D---- C:\WINDOWS\Prefetch
2009-09-06 17:22:40 ----D---- C:\WINDOWS\Minidump
2009-09-06 17:22:40 ----D---- C:\WINDOWS
2009-09-05 22:27:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-05 18:51:31 ----SHD---- C:\WINDOWS\Installer
2009-09-05 17:59:41 ----D---- C:\Program Files\Java
2009-09-04 17:09:22 ----D---- C:\WINDOWS\system32\drivers
2009-09-01 16:25:14 ----D---- C:\WINDOWS\system32\DirectX
2009-09-01 16:25:13 ----HD---- C:\WINDOWS\inf
2009-09-01 14:11:29 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2009-08-31 18:41:08 ----D---- C:\Documents and Settings\Chabanne\Application Data\Adobe
2009-08-29 09:36:17 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-29 09:35:27 ----RSD---- C:\WINDOWS\assembly
2009-08-28 22:43:20 ----D---- C:\WINDOWS\WinSxS
2009-08-28 15:45:24 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-28 15:45:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-28 12:05:30 ----D---- C:\Program Files\Common Files
2009-08-28 11:51:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-28 11:45:04 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-08-28 11:44:11 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-08-28 11:43:54 ----D---- C:\Program Files\Fichiers communs
2009-08-28 11:43:48 ----RSD---- C:\WINDOWS\Fonts
2009-08-28 11:43:41 ----D---- C:\Documents and Settings\Chabanne\Application Data\U3
2009-08-28 11:40:58 ----D---- C:\Program Files\Fichiers communs\Apple
2009-08-28 11:40:53 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-28 11:39:07 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-08-28 10:10:29 ----D---- C:\Documents and Settings\Chabanne\Application Data\uTorrent
2009-08-28 09:32:33 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-27 22:37:53 ----D---- C:\WINDOWS\system32\spool
2009-08-27 18:12:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-27 17:42:04 ----D---- C:\Program Files\Adobe
2009-08-27 17:41:45 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-26 17:55:00 ----D---- C:\Program Files\Outlook Express
2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 20:45:05 ----D---- C:\WINDOWS\.jagex_cache_32
2009-08-03 16:05:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-02 19:35:55 ----D---- C:\Documents and Settings
2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-29 14:20:50 ----D---- C:\WINDOWS\system32\fr-fr
2009-07-29 14:20:50 ----D---- C:\Program Files\Internet Explorer
2009-07-29 14:20:31 ----D---- C:\WINDOWS\ie7updates
2009-07-29 11:38:37 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-20 21:32:07 ----A---- C:\WINDOWS\galaxy.ini
2009-07-20 21:23:17 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-07-20 21:23:17 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-07-19 15:29:21 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 15:29:19 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 21:03:33 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-14 13:03:14 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-07-13 23:52:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-13 13:39:46 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-05-23 1171648]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-24 86792]
R3 bdfsfltr;bdfsfltr; 730079007300740065006D00330032005C0044005200490056004500520053005C00620064006600730066006C00740072002E007300790073000000 []
R3 BDSelfPr;BDSelfPr; \??\D:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-09-17 145408]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-08 25280]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-09-21 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-09-21 63120]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-09-21 78992]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-09-21 28432]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 smrt;Sony MPEG RealTime encoder board; C:\WINDOWS\system32\DRIVERS\smrt.sys [2004-07-07 774784]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-10-01 594048]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 5632]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-02-14 6144]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S2 TICalc;TICalc; C:\WINDOWS\system32\drivers\TICalc.sys [1999-04-18 9152]
S3 a3nn8saq;a3nn8saq; C:\WINDOWS\system32\drivers\a3nn8saq.sys []
S3 akxfz81n;akxfz81n; C:\WINDOWS\system32\drivers\akxfz81n.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender9\bdfdll.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBEMPIA;Dazzle DVC Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2005-12-21 100957]
S3 driverhardwarev2;driverhardwarev2; \??\D:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 emAudio;Dazzle DVC Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2006-12-12 22528]
S3 FILESpy;FILESpy; \??\C:\Program Files\Softwin\BitDefender9\filespy.sys []
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2005-12-21 5245]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 npkcrypt;npkcrypt; \??\D:\Program Files\Lineage II\system\npkcrypt.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 pohci13F;pohci13F; \??\C:\DOCUME~1\Chabanne\LOCALS~1\Temp\pohci13F.sys []
S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 REGSpy;REGSpy; \??\C:\Program Files\Softwin\BitDefender9\regspy.sys []
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2005-12-21 4493]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smscdfu;SMSC DFU Driver; C:\WINDOWS\system32\DRIVERS\SMSCDFU.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\Chabanne\LOCALS~1\Temp\mc21.tmp []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [2008-11-27 1179648]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-29 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-06 201352]
R2 StarWindServiceAE;StarWind AE Service; D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2006-09-06 942080]
R2 VSSERV;BitDefender Virus Shield; D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-09-15 1261568]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2004-11-11 118784]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe [2007-12-22 86016]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 VAIO Entertainment Aggregation and Control Service;VAIO Entertainment Aggregation and Control Service; C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [2004-08-23 139264]
S2 ACDaemonAlerter;ArcSoft Connect Daemon ACDaemonAlerter; C:\WINDOWS\TEMP\xucqdnwxcp.exe [2009-09-06 27136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
S2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2004-11-11 131072]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-27 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; D:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 VAIO Entertainment Task Scheduler;VAIO Entertainment Task Scheduler; C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe [2004-11-02 339968]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2004-11-11 73728]
S3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2004-11-11 278528]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2007-11-15 121360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2004-07-09 1826816]
S4 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2004-06-16 57344]
S4 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2004-06-22 733184]
S4 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2004-06-16 188416]
S4 VCI;VAIO Cooporated Initialisation; C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe [2004-08-05 397824]
-----------------EOF-----------------
Run by Chabanne at 2009-09-12 15:10:58
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 563 MB (2%) free of 29 GB
Total RAM: 1023 MB (53% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-23 304736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
VMN Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - D:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2008-03-05 86016]
{A057A204-BACC-4D26-8287-79A187E26987} - []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"VMConsole.exe"=C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe [2004-06-23 557056]
"VZRemoteCommander"=C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe [2004-08-05 184320]
"BitDefender Antiphishing Helper"=D:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [2007-10-09 61440]
"BDAgent"=D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-09-16 368640]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\taskbaricon.exe [2004-10-05 61440]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-09-21 55824]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-11-23 185872]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"ArcSoft Connection Service"=C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-04-17 98616]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"USBToolTip"=C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [2007-02-20 199752]
"USB2Check"=C:\WINDOWS\system32\PCLECoInst.dll [2006-11-06 81920]
"QuickTime Task"=D:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"AdobeCS4ServiceManager"=C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"AlcoholAutomount"=D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-02 203928]
"autochk"=- []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\Program Files\iTunes\iTunesHelper.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-03-16 24095528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Assistant d'Acrobat.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [2003-07-30 217195]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
D:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2007-11-15 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^État de l'enregistrement.lnk]
C:\PROGRA~1\Sony\VAIOEN~1\VZTRAY~1.EXE [2004-11-02 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chabanne^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
C:\PROGRA~1\MICROS~4\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VCI"=2
"VAIOMediaPlatform-Mobile-Gateway"=3
"VAIOMediaPlatform-IntegratedServer-UPnP"=3
"VAIOMediaPlatform-IntegratedServer-HTTP"=3
"VAIOMediaPlatform-IntegratedServer-AppServer"=3
"ose"=3
"odserv"=3
"LBTServ"=3
"JavaQuickStarterService"=2
"iPod Service"=3
"Apple Mobile Device"=2
"ACDaemon"=2
C:\Documents and Settings\Chabanne\Menu Démarrer\Programmes\Démarrage
Stardock ObjectDock.lnk - D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll [2007-11-15 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="D:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"D:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="D:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"D:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="D:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"D:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="D:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Program Files\Midtown Madness 2\midtown2.icd"="D:\Program Files\Midtown Madness 2\midtown2.icd:*:Enabled:Midtown Madness 2 Executable"
"D:\Program Files\Halo (lSeut)\halo.exe"="D:\Program Files\Halo (lSeut)\halo.exe:*:Disabled:Halo"
"D:\Program Files\UT2004\System\UT2004.exe"="D:\Program Files\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe"="C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe:*:Disabled:Navigateur Internet"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Program Files\Cyanide\GameCenter\GameCenter.exe"="D:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"D:\Program Files\CS_hl1\CS\hl.exe"="D:\Program Files\CS_hl1\CS\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Copie de Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Copie de Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Bureau\San\Download\racer\racer.exe"="D:\Bureau\San\Download\racer\racer.exe:*:Enabled:racer"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"G:\Nexuiz\nexuiz.exe"="G:\Nexuiz\nexuiz.exe:*:Enabled:Nexuiz"
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"D:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"D:\Program Files\Halo (lSeut)\Halo Server\haloded.exe"="D:\Program Files\Halo (lSeut)\Halo Server\haloded.exe:*:Enabled:Halo"
"D:\Program Files\TmNationsForever\TmForever.exe"="D:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"D:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe"="D:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\Program Files\Xfire\xfire.exe"="D:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"D:\Program Files\Cyanide\Loki\Loki.exe"="D:\Program Files\Cyanide\Loki\Loki.exe:*:Enabled:Loki"
"D:\Program Files\Cyanide\Loki\Autorun\AutoRun.exe"="D:\Program Files\Cyanide\Loki\Autorun\AutoRun.exe:*:Enabled:Loki - AutoRun"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Warhammer.exe"="D:\Warhammer.exe:*:Enabled:Warhammer®: Mark of Chaos™"
"D:\Bureau\San\Halo Zero\halozero.exe"="D:\Bureau\San\Halo Zero\halozero.exe:*:Enabled:Halo Zero "
"O:\Program Files\Microsoft Games\Midtown Madness 2\midtown2.exe"="O:\Program Files\Microsoft Games\Midtown Madness 2\midtown2.exe:*:Enabled:Midtown Madness 2 Executable"
"D:\Bureau\San\Download\cs2d_0114_win\CounterStrike2D.exe"="D:\Bureau\San\Download\cs2d_0114_win\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"D:\Program Files\Kong\Kong.exe"="D:\Program Files\Kong\Kong.exe:*:Enabled:Kong"
"D:\Program Files\RndLabs\BaboViolent 2\bv2.exe"="D:\Program Files\RndLabs\BaboViolent 2\bv2.exe:*:Disabled:bv2"
"D:\Program Files\id Software\Quake 4\quake4.exe"="D:\Program Files\id Software\Quake 4\quake4.exe:*:Enabled:Quake 4"
"D:\Program Files\id Software\Quake III Arena\quake3.exe"="D:\Program Files\id Software\Quake III Arena\quake3.exe:*:Enabled:quake3"
"D:\Program Files\CS\hl.exe"="D:\Program Files\CS\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="D:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"D:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="D:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"D:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="D:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"D:\Program Files\Flatout2\flatout2.exe"="D:\Program Files\Flatout2\flatout2.exe:*:Enabled:flatout2.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"D:\Program Files\ma-config.com\maconfservice.exe"="D:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60383ee6-77b3-11de-9185-00112faa2203}]
shell\AutoRun\command - M:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e302568-3606-11dc-8dd2-bae5e71ae305}]
shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a41d829e-6cb2-11db-8cda-806d6172696f}]
shell\AutoRun\command - E:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5f933ee-2c34-11de-90f1-00112faa2203}]
shell\AutoRun\command - O:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2ee0381-ebc8-11dd-907d-00112faa2203}]
shell\AutoRun\command - G:\AutoStarter.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff0e1552-b1bd-11dd-902e-00112faa2203}]
shell\??\command - taipingtianguov1.1.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe
======List of files/folders created in the last 2 months======
2009-09-12 15:10:59 ----D---- C:\Program Files\trend micro
2009-09-12 15:10:58 ----D---- C:\rsit
2009-09-05 22:48:23 ----D---- C:\Documents and Settings\Chabanne\Application Data\Real Desktop
2009-09-05 18:00:02 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-05 18:00:02 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-05 18:00:02 ----A---- C:\WINDOWS\system32\java.exe
2009-09-04 17:04:07 ----N---- C:\WINDOWS\system32\autochk.dll
2009-09-01 17:48:57 ----D---- C:\Documents and Settings\Chabanne\Application Data\RadiantSettings
2009-09-01 16:25:13 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-09-01 16:25:13 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-09-01 16:25:12 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-09-01 16:25:12 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-09-01 16:25:12 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-09-01 16:25:11 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-09-01 16:25:10 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-08-28 15:45:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-28 11:43:54 ----D---- C:\Program Files\Fichiers communs\DESIGNER
2009-08-27 22:42:15 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-27 22:42:13 ----D---- C:\Program Files\MSBuild
2009-08-27 22:42:12 ----D---- C:\WINDOWS\system32\en-US
2009-08-27 22:42:08 ----D---- C:\Program Files\Reference Assemblies
2009-08-27 22:37:39 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-27 22:37:39 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-27 22:37:39 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-27 22:16:17 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-27 17:32:58 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared
2009-08-27 14:44:30 ----D---- C:\Documents and Settings\Chabanne\Application Data\Download Manager
2009-08-27 14:40:27 ----D---- C:\Documents and Settings\Chabanne\Application Data\.purple
2009-08-26 17:55:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-26 17:55:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-26 17:55:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-26 17:55:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-26 17:55:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-26 17:55:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-26 17:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-26 17:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-26 17:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-26 17:51:50 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-04 13:24:57 ----D---- C:\Documents and Settings\Chabanne\Application Data\Nokia
2009-08-04 13:23:47 ----D---- C:\Nokia
2009-07-29 11:38:59 ----D---- C:\Documents and Settings\Chabanne\Application Data\id Software
2009-07-29 11:38:35 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-07-26 11:03:16 ----D---- C:\Program Files\EA SPORTS
2009-07-25 19:51:13 ----D---- C:\Program Files\GameSpy Arcade
2009-07-24 19:49:01 ----D---- C:\Documents and Settings\Chabanne\Application Data\Warsow
2009-07-16 15:06:29 ----D---- C:\Documents and Settings\Chabanne\Application Data\Battle Tanks
2009-07-15 23:16:33 ----D---- C:\Documents and Settings\Chabanne\Application Data\Wormux
2009-07-15 17:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 17:22:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 17:20:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
======List of files/folders modified in the last 2 months======
2009-09-12 15:10:59 ----RD---- C:\Program Files
2009-09-12 14:17:59 ----D---- C:\WINDOWS\Temp
2009-09-12 14:17:32 ----D---- C:\WINDOWS\system32
2009-09-12 13:50:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-12 13:49:15 ----D---- C:\Program Files\Wanadoo
2009-09-06 21:36:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-06 21:36:33 ----D---- C:\Documents and Settings\Chabanne\Application Data\WTablet
2009-09-06 21:36:22 ----A---- C:\WINDOWS\bdagent.INI
2009-09-06 18:05:04 ----D---- C:\WINDOWS\Prefetch
2009-09-06 17:22:40 ----D---- C:\WINDOWS\Minidump
2009-09-06 17:22:40 ----D---- C:\WINDOWS
2009-09-05 22:27:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-05 18:51:31 ----SHD---- C:\WINDOWS\Installer
2009-09-05 17:59:41 ----D---- C:\Program Files\Java
2009-09-04 17:09:22 ----D---- C:\WINDOWS\system32\drivers
2009-09-01 16:25:14 ----D---- C:\WINDOWS\system32\DirectX
2009-09-01 16:25:13 ----HD---- C:\WINDOWS\inf
2009-09-01 14:11:29 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2009-08-31 18:41:08 ----D---- C:\Documents and Settings\Chabanne\Application Data\Adobe
2009-08-29 09:36:17 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-29 09:35:27 ----RSD---- C:\WINDOWS\assembly
2009-08-28 22:43:20 ----D---- C:\WINDOWS\WinSxS
2009-08-28 15:45:24 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-28 15:45:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-28 12:05:30 ----D---- C:\Program Files\Common Files
2009-08-28 11:51:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-28 11:45:04 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-08-28 11:44:11 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-08-28 11:43:54 ----D---- C:\Program Files\Fichiers communs
2009-08-28 11:43:48 ----RSD---- C:\WINDOWS\Fonts
2009-08-28 11:43:41 ----D---- C:\Documents and Settings\Chabanne\Application Data\U3
2009-08-28 11:40:58 ----D---- C:\Program Files\Fichiers communs\Apple
2009-08-28 11:40:53 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-28 11:39:07 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-08-28 10:10:29 ----D---- C:\Documents and Settings\Chabanne\Application Data\uTorrent
2009-08-28 09:32:33 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-27 22:37:53 ----D---- C:\WINDOWS\system32\spool
2009-08-27 18:12:27 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-27 17:42:04 ----D---- C:\Program Files\Adobe
2009-08-27 17:41:45 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-26 17:55:00 ----D---- C:\Program Files\Outlook Express
2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 20:45:05 ----D---- C:\WINDOWS\.jagex_cache_32
2009-08-03 16:05:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-02 19:35:55 ----D---- C:\Documents and Settings
2009-07-30 02:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-29 14:20:50 ----D---- C:\WINDOWS\system32\fr-fr
2009-07-29 14:20:50 ----D---- C:\Program Files\Internet Explorer
2009-07-29 14:20:31 ----D---- C:\WINDOWS\ie7updates
2009-07-29 11:38:37 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-07-25 05:23:00 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-20 21:32:07 ----A---- C:\WINDOWS\galaxy.ini
2009-07-20 21:23:17 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-07-20 21:23:17 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-07-19 15:29:21 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 15:29:19 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 21:03:33 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-14 13:03:14 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-07-13 23:52:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-13 13:39:46 ----D---- C:\Program Files\Mozilla Firefox
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2003-05-23 1171648]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-24 86792]
R3 bdfsfltr;bdfsfltr; 730079007300740065006D00330032005C0044005200490056004500520053005C00620064006600730066006C00740072002E007300790073000000 []
R3 BDSelfPr;BDSelfPr; \??\D:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-09-17 145408]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-10-08 25280]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-09-21 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-09-21 63120]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-09-21 78992]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-09-21 28432]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 smrt;Sony MPEG RealTime encoder board; C:\WINDOWS\system32\DRIVERS\smrt.sys [2004-07-07 774784]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-10-01 594048]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 5632]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-02-14 6144]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S2 TICalc;TICalc; C:\WINDOWS\system32\drivers\TICalc.sys [1999-04-18 9152]
S3 a3nn8saq;a3nn8saq; C:\WINDOWS\system32\drivers\a3nn8saq.sys []
S3 akxfz81n;akxfz81n; C:\WINDOWS\system32\drivers\akxfz81n.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender9\bdfdll.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBEMPIA;Dazzle DVC Video Device; C:\WINDOWS\system32\DRIVERS\emDevice.sys [2005-12-21 100957]
S3 driverhardwarev2;driverhardwarev2; \??\D:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 emAudio;Dazzle DVC Audio Device; C:\WINDOWS\system32\drivers\emAudio.sys [2006-12-12 22528]
S3 FILESpy;FILESpy; \??\C:\Program Files\Softwin\BitDefender9\filespy.sys []
S3 FiltUSBEMPIA;USB Device Lower Filter; C:\WINDOWS\system32\DRIVERS\emFilter.sys [2005-12-21 5245]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 npkcrypt;npkcrypt; \??\D:\Program Files\Lineage II\system\npkcrypt.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 pohci13F;pohci13F; \??\C:\DOCUME~1\Chabanne\LOCALS~1\Temp\pohci13F.sys []
S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 REGSpy;REGSpy; \??\C:\Program Files\Softwin\BitDefender9\regspy.sys []
S3 ScanUSBEMPIA;USB Still Image Capture Device; C:\WINDOWS\system32\DRIVERS\emScan.sys [2005-12-21 4493]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smscdfu;SMSC DFU Driver; C:\WINDOWS\system32\DRIVERS\SMSCDFU.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\Chabanne\LOCALS~1\Temp\mc21.tmp []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [2008-11-27 1179648]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-29 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-06 201352]
R2 StarWindServiceAE;StarWind AE Service; D:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TabletService;TabletService; C:\WINDOWS\system32\Tablet.exe [2006-09-06 942080]
R2 VSSERV;BitDefender Virus Shield; D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-09-15 1261568]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2004-11-11 118784]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe [2007-12-22 86016]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 VAIO Entertainment Aggregation and Control Service;VAIO Entertainment Aggregation and Control Service; C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [2004-08-23 139264]
S2 ACDaemonAlerter;ArcSoft Connect Daemon ACDaemonAlerter; C:\WINDOWS\TEMP\xucqdnwxcp.exe [2009-09-06 27136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
S2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2004-11-11 131072]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-27 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; D:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 VAIO Entertainment Task Scheduler;VAIO Entertainment Task Scheduler; C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe [2004-11-02 339968]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2004-11-11 73728]
S3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2004-11-11 278528]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe [2007-11-15 121360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2004-07-09 1826816]
S4 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2004-06-16 57344]
S4 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2004-06-22 733184]
S4 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2004-06-16 188416]
S4 VCI;VAIO Cooporated Initialisation; C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe [2004-08-05 397824]
-----------------EOF-----------------
il manque le rapport info.txt
il manque hijackthis
Télécharge hijackthis
https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
.Clique sur "télécharger hijackthis"
.enregistre le sur le bureau
.Renomme hijackthis en tutu.exe
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.installe le , il va s'installer par défaut dans C:\Program Files\Trend Micro\HijackThis
.Clique sur "Do a system scan and save the logfile"
.Cela va t'ouvrir un bloc note à la fin du scan.
.Copie son contenu et poste le dans ton prochain message. sinon le rapport est dans C:\Program Files\Trend Micro\HijackThis\ hijackthis "document texte"
si besion d'aide pour l'installation : https://www.malekal.com/tutoriel-hijackthis/
j'ai déjà vu une infection
il manque hijackthis
Télécharge hijackthis
https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
.Clique sur "télécharger hijackthis"
.enregistre le sur le bureau
.Renomme hijackthis en tutu.exe
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.installe le , il va s'installer par défaut dans C:\Program Files\Trend Micro\HijackThis
.Clique sur "Do a system scan and save the logfile"
.Cela va t'ouvrir un bloc note à la fin du scan.
.Copie son contenu et poste le dans ton prochain message. sinon le rapport est dans C:\Program Files\Trend Micro\HijackThis\ hijackthis "document texte"
si besion d'aide pour l'installation : https://www.malekal.com/tutoriel-hijackthis/
j'ai déjà vu une infection
SanSuijin
Messages postés
4
Date d'inscription
samedi 12 septembre 2009
Statut
Membre
Dernière intervention
13 septembre 2009
12 sept. 2009 à 18:25
12 sept. 2009 à 18:25
Bonsoir,
Merci de ton aide mais je crois avoir réglé le problème: j'ai trouvé où était le virus (C:\WINDOWS\Temp\
xucqdncuxcp.exe), je l'ai renommé à défaut de pouvoir le supprimer (protégé par le processus "
xucqdncuxcp.exe" je suppose). J'ai fermé le processus et enfin j'ai pu supprimer le .exe. J'vais tenter de redémarrer pour voir si j'ai encore un soucis mais ça devrait être bon.
En fait je pense que le virus se maintenait lui-même, c'est-à-dire que si je fermais le processus, il en relançait 2 autres, si je déplaçais le .exe il en téléchargeait un autre depuis un "PC distant" d'après BitDefender. En coupant internet et en l'empêchant de relancer d'autre processus et en fermant le processus lancé, j'ai pu le supprimer.
Merci,
Cordialement,
San
Merci de ton aide mais je crois avoir réglé le problème: j'ai trouvé où était le virus (C:\WINDOWS\Temp\
xucqdncuxcp.exe), je l'ai renommé à défaut de pouvoir le supprimer (protégé par le processus "
xucqdncuxcp.exe" je suppose). J'ai fermé le processus et enfin j'ai pu supprimer le .exe. J'vais tenter de redémarrer pour voir si j'ai encore un soucis mais ça devrait être bon.
En fait je pense que le virus se maintenait lui-même, c'est-à-dire que si je fermais le processus, il en relançait 2 autres, si je déplaçais le .exe il en téléchargeait un autre depuis un "PC distant" d'après BitDefender. En coupant internet et en l'empêchant de relancer d'autre processus et en fermant le processus lancé, j'ai pu le supprimer.
Merci,
Cordialement,
San
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
SanSuijin
Messages postés
4
Date d'inscription
samedi 12 septembre 2009
Statut
Membre
Dernière intervention
13 septembre 2009
13 sept. 2009 à 09:20
13 sept. 2009 à 09:20
Bonjour,
Ce virus a flingué le mode sans échec et l'arrêt système... Il se redémarre si je l'éteins et reste sur un écran noir avec le trait blanc qui clignote en mode sans échec... Que faire?
Ce virus a flingué le mode sans échec et l'arrêt système... Il se redémarre si je l'éteins et reste sur un écran noir avec le trait blanc qui clignote en mode sans échec... Que faire?