Mon Pc est infecté de virus

Question

Bonjour,

Comme indiqué sur cette page : https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc

j'ai téléchargé Random's System Information Tool (RSIT) et suivie les instruction je vous poste donc les deux fichier qui ont été généré, en espérant que vous pourrez m'aider ;)

Ah oui je pense être infecté car j'ai 50 mille pop-up qui s'ouvre toutes les 30 secondes quand je navigue sur internet.

voici le fichier log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by beatrice at 2010-01-15 17:50:42
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 2
System drive C: has 7 GB (3%) free of 229 GB
Total RAM: 3069 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:58, on 15/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Adobe\Reader 9.0\Readereader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Users\beatrice\AppData\Local\qknhkehc.exe
C:\Windows\system32	askeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Search Guard PlusU\sgpupdaters.exe
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\beatrice\Desktop\desinfection\RSIT.exe
C:\Program Files	rend micro\beatrice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [oozeaxis] "C:\ProgramData\Move Byte Byte.aivhmn4"
O4 - HKCU\..\Run: [Google Update] "C:\Users\beatrice\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [qknhkehc] "c:\users\beatrice\appdata\local\qknhkehc.exe" qknhkehc
O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 11927 bytes

======Scheduled tasks folder======

C:\Windows	asks\Ad-Aware Update (Weekly).job
C:\Windows	asks\GoogleUpdateTaskUserS-1-5-21-987366186-1126316390-497482987-1000Core.job
C:\Windows	asks\GoogleUpdateTaskUserS-1-5-21-987366186-1126316390-497482987-1000UA.job
C:\Windows	asks\HPCeeScheduleForbeatrice.job
C:\Windows	asks\RegCure Program Check.job
C:\Windows	asks\RegCure.job
C:\Windows	asks\User_Feed_Synchronization-{E6443B5F-FC79-4622-9000-749D11B0DB42}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}]
BrowserHelper Class - C:\Program Files\SGPSA\SearchAssistant.dll [2009-10-15 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}]
GamesBarBHO Class - C:\Program Files\GamesBar\oberontb.dll [2008-01-06 540672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-13 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
Fast Browser Search Toolbar Helper - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-08-13 2602368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - GamesBar - C:\Program Files\GamesBar\oberontb.dll [2008-01-06 540672]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Fast Browser Search Toolbar - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-08-13 2602368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"= []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-04-15 442433]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"FBSSA"=C:\Program Files\SGPSA\ie3sh.exe [2009-08-27 765824]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"oozeaxis"=C:\ProgramData\Move Byte Byte.aivhmn4 [2009-12-21 28688]
"Google Update"=C:\Users\beatrice\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-01 135664]
"qknhkehc"=c:\users\beatrice\appdata\local\qknhkehc.exe [2010-01-15 364544]
"AdobeUpdater6"=C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe [2009-01-08 2521464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-09-23 520024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-08-05 647520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-08-22 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Long Internet Team Stupid]
C:\ProgramData\Settings Bait Bird.vdfer1 [2009-02-09 315408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oozeaxis]
C:\ProgramData\Move Byte Byte.k48u1qf []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-13 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
C:\Program Files\IDT\WDM\sttray.exe [2008-04-15 442433]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uqmokgm]
c:\users\beatrice\appdata\local\uqmokgm.exe uqmokgm []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-12-05 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^beatrice^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Notification de cadeaux MSN.lnk]
C:\Users\beatrice\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-04-13 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^beatrice^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
etwork\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogoff"=0
"NoClose"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e413f9b-d3fa-11dd-a17d-001eec84c788}]
shell\AutoRun\command - F:\AutoRunCardDetector.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f546ffb-81ae-11dd-8201-806e6f6e6963}]
shell\AutoRun\command - E:\setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2010-01-15 17:35:24 ----D---- C:sit
2010-01-15 17:35:24 ----D---- C:\Program Files	rend micro
2010-01-13 08:35:56 ----A---- C:\Windows\system32	2embed.dll
2010-01-13 08:35:56 ----A---- C:\Windows\system32\fontsub.dll
2010-01-12 09:54:19 ----D---- C:\ProgramData\HideAndSecret3
2010-01-08 07:01:18 ----D---- C:\Users\beatrice\AppData\Roaming\iMaxGen
2010-01-06 14:28:03 ----D---- C:\ProgramData\PlayfulAge
2010-01-05 20:17:14 ----D---- C:\Users\beatrice\AppData\Roaming\casanova
2010-01-04 20:35:53 ----D---- C:\ProgramData\SOS
2009-12-30 15:10:53 ----D---- C:\Users\beatrice\AppData\Roaming\ElementalsTheMagicKey
2009-12-30 14:33:14 ----D---- C:\Windows\system32\AGEIA
2009-12-30 14:33:14 ----D---- C:\Program Files\AGEIA Technologies
2009-12-30 14:32:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-26 17:25:14 ----D---- C:\Users\beatrice\AppData\Roaming\Big Fish Games
2009-12-23 16:51:03 ----D---- C:\Users\beatrice\AppData\Roaming\EscapeTheMuseum2
2009-12-22 01:24:00 ----A---- C:\Windows
tbtlog.txt
2009-12-18 19:24:29 ----D---- C:\Users\beatrice\AppData\Roaming\Gamers Digital
2009-12-18 19:24:29 ----D---- C:\ProgramData\Gamers Digital
2009-12-18 15:52:22 ----D---- C:\Users\beatrice\AppData\Roaming\GTM_Bodie
2009-12-18 08:15:15 ----D---- C:\Users\beatrice\AppData\Roaming\GOA
2009-12-18 08:15:15 ----D---- C:\ProgramData\GOA
2009-12-17 19:02:06 ----D---- C:\Users\beatrice\AppData\Roaming\MastersOfMystery2
2009-12-16 15:19:20 ----D---- C:\Users\beatrice\AppData\Roaming\Awem
2009-12-11 09:58:27 ----D---- C:\Users\beatrice\AppData\Roaming\V-Games
2009-12-10 13:01:17 ----D---- C:\ProgramData\Windows Genuine Advantage
2009-12-10 08:02:04 ----A---- C:\Windows\system32
shhttp.dll
2009-12-10 08:01:58 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 17:09:08 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 17:08:56 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 17:08:55 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 17:08:54 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 17:08:53 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 17:08:53 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 17:08:52 ----A---- C:\Windows\system32\occache.dll
2009-12-09 17:08:52 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 17:08:52 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 17:08:51 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 17:08:50 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 17:08:50 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 17:08:50 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 17:08:50 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 17:08:50 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 17:08:50 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 17:08:49 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 17:08:49 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 17:08:49 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 17:07:17 ----A---- C:\Windows\system32astls.dll
2009-11-29 11:17:43 ----D---- C:\Users\beatrice\AppData\Roaming\SaveThePuppy
2009-11-26 07:40:28 ----D---- C:\ProgramData\FarmFrenzy3
2009-11-26 03:03:30 ----A---- C:\Windows\system32	zres.dll
2009-11-25 19:53:56 ----D---- C:\Users\beatrice\AppData\Roamingunic games
2009-11-25 15:45:10 ----D---- C:\Users\beatrice\AppData\Roaming\World-LooM
2009-11-25 07:28:25 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 07:28:24 ----A---- C:\Windows\system32\msxml3.dll
2009-11-18 06:14:02 ----D---- C:\Program Files\Windows Portable Devices
2009-11-18 05:46:20 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-18 05:46:19 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-18 05:46:19 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-18 05:45:29 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-18 05:45:24 ----A---- C:\Windows\system32\cdd.dll
2009-11-18 05:45:21 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-18 05:45:21 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-18 05:45:21 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-18 05:45:21 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-18 05:45:21 ----A---- C:\Windows\system32\d2d1.dll
2009-11-18 05:45:20 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-18 05:45:20 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-18 05:45:20 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-18 05:45:20 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-18 05:45:20 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-18 05:45:20 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-18 05:45:20 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-18 05:45:19 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\FntCache.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\dxgi.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\DWrite.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\d3d11.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-18 05:45:18 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-18 05:45:18 ----A---- C:\Windows\system32\d3d10.dll
2009-11-18 05:44:46 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-18 05:44:46 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-18 05:44:46 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-18 05:44:40 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-18 05:44:35 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-11-18 05:44:35 ----A---- C:\Windows\system32\WpdConns.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\WpdMtp.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-18 05:42:10 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-18 05:42:09 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-18 05:42:09 ----A---- C:\Windows\system32\oleacc.dll
2009-11-15 11:44:41 ----D---- C:\Users\beatrice\AppData\Roaming\Thunderbird
2009-11-11 19:31:34 ----D---- C:\ProgramData\IM
2009-11-11 19:31:30 ----D---- C:\ProgramData\IncrediMail
2009-11-11 12:08:49 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-09 07:50:15 ----D---- C:\Program Files\Securitoo
2009-11-07 22:43:14 ----D---- C:\Users\beatrice\AppData\Roaming\GTek
2009-11-07 08:18:59 ----D---- C:\Users\beatrice\AppData\Roaming\Hoyle FaceCreator
2009-11-07 08:18:57 ----D---- C:\Users\beatrice\AppData\Roaming\Hoyle Casino
2009-11-07 08:17:30 ----D---- C:\ProgramData\Sony Online Entertainment
2009-11-06 19:34:40 ----D---- C:\ProgramData\Fugazo
2009-11-03 09:59:05 ----D---- C:\Program Files\iPod
2009-11-03 09:58:55 ----D---- C:\Program Files\iTunes
2009-11-01 10:07:51 ----D---- C:\ProgramData\SugarGames
2009-10-31 16:50:08 ----D---- C:\Users\beatrice\AppData\Roaming\Go Go Gourmet
2009-10-31 09:13:52 ----D---- C:\Program Files\Search Guard PlusU
2009-10-31 09:13:52 ----D---- C:\Program Files\Search Guard Plus
2009-10-31 09:13:50 ----D---- C:\Program Files\SGPSA
2009-10-31 09:13:39 ----D---- C:\Program Files\Fast Browser Search
2009-10-30 07:53:45 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-10-30 07:53:45 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-10-30 07:53:44 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-10-30 07:53:44 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-10-30 07:53:44 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-10-30 07:53:44 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-10-30 07:53:44 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-10-30 07:53:43 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-10-30 07:53:43 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-10-30 07:53:43 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-10-30 07:53:43 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-10-30 07:53:43 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-10-30 07:53:42 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-10-30 07:53:42 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-10-30 07:53:42 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-10-30 07:53:42 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-10-30 07:53:41 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-10-30 07:53:41 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-10-30 07:53:41 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-10-30 07:53:40 ----A---- C:\Windows\system32\XAudio2_1.dll
2009-10-30 07:53:40 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2009-10-30 07:53:40 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-10-30 07:53:37 ----A---- C:\Windows\system32\xactengine3_1.dll
2009-10-30 07:53:37 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2009-10-30 07:53:37 ----A---- C:\Windows\system32\d3dx10_38.dll
2009-10-30 07:53:37 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2009-10-30 07:53:34 ----A---- C:\Windows\system32\D3DX9_38.dll
2009-10-30 07:53:33 ----A---- C:\Windows\system32\XAudio2_0.dll
2009-10-30 07:53:33 ----A---- C:\Windows\system32\xactengine3_0.dll
2009-10-30 07:53:33 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2009-10-30 07:53:33 ----A---- C:\Windows\system32\d3dx10_37.dll
2009-10-30 07:53:33 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2009-10-30 07:53:32 ----A---- C:\Windows\system32\xactengine2_10.dll
2009-10-30 07:53:32 ----A---- C:\Windows\system32\D3DX9_37.dll
2009-10-30 07:53:32 ----A---- C:\Windows\system32\d3dx10_36.dll
2009-10-30 07:53:31 ----A---- C:\Windows\system32\d3dx9_36.dll
2009-10-30 07:53:31 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2009-10-30 07:53:30 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-10-30 07:53:30 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-10-30 07:53:29 ----A---- C:\Windows\system32\xactengine2_8.dll
2009-10-30 07:53:29 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2009-10-30 07:53:29 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-10-30 07:53:29 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-10-30 07:53:28 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-10-30 07:53:27 ----A---- C:\Windows\system32\xinput1_3.dll
2009-10-30 07:53:27 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-10-30 07:53:26 ----A---- C:\Windows\system32\xactengine2_7.dll
2009-10-30 07:53:26 ----A---- C:\Windows\system32\d3dx10_33.dll
2009-10-30 07:53:26 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2009-10-30 07:53:25 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-10-30 07:53:24 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-10-30 07:53:24 ----A---- C:\Windows\system32\d3dx10.dll
2009-10-30 07:53:23 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-10-30 07:53:23 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-10-30 07:53:22 ----A---- C:\Windows\system32\xinput1_2.dll
2009-10-30 07:53:22 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-10-30 07:53:22 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-10-30 07:53:21 ----A---- C:\Windows\system32\xinput1_1.dll
2009-10-30 07:53:21 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-10-30 07:53:21 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-10-30 07:52:55 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-10-30 07:52:54 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-10-30 07:52:54 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-10-30 07:52:54 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-10-30 07:52:51 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-10-30 07:52:49 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-10-30 07:52:48 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-10-30 07:52:48 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-10-30 07:52:47 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-10-28 10:51:56 ----A---- C:\Windows\system32\wmp.dll
2009-10-28 10:51:52 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-28 10:51:49 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-27 17:35:25 ----D---- C:\ProgramData\Rumbic Studio
2009-10-26 20:00:39 ----A---- C:\Windows\system32\wups2.dll
2009-10-26 20:00:39 ----A---- C:\Windows\system32\wucltux.dll
2009-10-26 20:00:39 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-26 20:00:38 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-26 19:59:51 ----A---- C:\Windows\system32\wups.dll
2009-10-26 19:59:51 ----A---- C:\Windows\system32\wudriver.dll
2009-10-26 19:59:50 ----A---- C:\Windows\system32\wuapi.dll
2009-10-26 19:59:42 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-26 19:59:42 ----A---- C:\Windows\system32\wuapp.exe
2009-10-20 12:16:05 ----D---- C:\Users\beatrice\AppData\Roaming\Home Sweet Home Christmas
2009-10-20 11:54:50 ----D---- C:\ProgramData\Beanbag Studios
2009-10-19 19:47:56 ----D---- C:\Windows Sidebar
2009-10-18 10:38:58 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-10-18 09:30:55 ----D---- C:\Users\beatrice\AppData\Roaming\Fabulous Finds
2009-10-17 07:54:08 ----D---- C:\ProgramData\GameXzone
2009-10-16 09:31:47 ----D---- C:\ProgramData\Becky Brogan
2009-10-16 07:52:43 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-16 07:52:28 ----A---- C:\Windows\system32
toskrnl.exe
2009-10-16 07:52:27 ----A---- C:\Windows\system32
tkrnlpa.exe
2009-10-16 07:50:19 ----A---- C:\Windows\system32\msasn1.dll
2009-10-16 07:50:05 ----A---- C:\Windows\system32\WMSPDMOD.DLL

======List of files/folders modified in the last 3 months======

2010-01-15 17:51:33 ----D---- C:\Windows\Temp
2010-01-15 17:51:15 ----D---- C:\Windows\Prefetch
2010-01-15 17:35:24 ----D---- C:\Program Files
2010-01-15 17:10:22 ----D---- C:\Program Files\Mozilla Firefox
2010-01-15 17:06:01 ----D---- C:\Windows
2010-01-15 07:28:28 ----SHD---- C:\System Volume Information
2010-01-15 07:23:55 ----D---- C:\Windows	racing
2010-01-14 08:12:42 ----D---- C:\Windows\winsxs
2010-01-13 20:11:19 ----D---- C:\Windows\System32
2010-01-13 20:11:12 ----SHD---- C:\Windows\Installer
2010-01-13 20:11:11 ----D---- C:\ProgramData\Microsoft Help
2010-01-13 20:10:32 ----D---- C:\Windows\system32\catroot
2010-01-13 20:10:25 ----D---- C:\Program Files\Windows Mail
2010-01-13 20:03:49 ----D---- C:\Windows\Debug
2010-01-13 08:33:18 ----D---- C:\Windows\system32\catroot2
2010-01-12 15:57:13 ----D---- C:\Windows\Tasks
2010-01-12 15:57:13 ----D---- C:\Windows\system32\Tasks
2010-01-12 15:41:13 ----D---- C:\Users\beatrice\AppData\Roaming\MysteryStudio
2010-01-12 15:37:53 ----AD---- C:\ProgramData\TEMP
2010-01-12 13:33:21 ----D---- C:\ProgramData\WildTangent
2010-01-12 09:54:19 ----HD---- C:\ProgramData
2010-01-07 11:48:15 ----D---- C:\Users\beatrice\AppData\Roaming\PoBros
2010-01-07 11:48:15 ----D---- C:\ProgramData\PoBros
2010-01-07 10:24:21 ----D---- C:\Program Files\HP Games
2010-01-06 07:47:42 ----D---- C:\Users\beatrice\AppData\Roaming\Zylom
2010-01-06 07:47:42 ----D---- C:\Users\beatrice\AppData\Roaming\Identities
2010-01-05 07:45:45 ----D---- C:\Users\beatrice\AppData\Roaming\Friday's games
2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe
2010-01-01 12:29:10 ----D---- C:\ProgramData\MumboJumbo
2009-12-31 10:20:23 ----D---- C:\Users\beatrice\AppData\Roaming\Playrix Entertainment
2009-12-30 14:36:00 ----RSD---- C:\Windows\assembly
2009-12-30 14:32:56 ----D---- C:\Program Files\Common Files
2009-12-30 11:33:29 ----D---- C:\ProgramData\JollyBear
2009-12-27 19:09:53 ----D---- C:\Windows\inf
2009-12-27 19:09:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-21 20:39:14 ----D---- C:\ProgramData\ObjPlay
2009-12-21 20:37:30 ----D---- C:\Program Files\Circle Developement
2009-12-21 20:37:29 ----D---- C:\Program Files\Messenger Plus! Live
2009-12-19 14:03:56 ----D---- C:\Users\beatrice\AppData\Roaming\PlayFirst
2009-12-19 14:03:56 ----D---- C:\ProgramData\PlayFirst
2009-12-19 10:22:31 ----D---- C:\Users\beatrice\AppData\Roaming\Merscom
2009-12-19 10:22:31 ----D---- C:\ProgramData\Merscom
2009-12-18 17:40:10 ----D---- C:\ProgramData\Alawar Stargaze
2009-12-15 10:43:05 ----D---- C:\Program Files\Oberon Media
2009-12-14 15:22:10 ----D---- C:\Users\beatrice\AppData\Roaming\Princess Isabella
2009-12-13 14:39:37 ----D---- C:\ProgramData\MythPeople
2009-12-11 16:58:20 ----D---- C:\Windows\system32\drivers
2009-12-11 14:46:37 ----SD---- C:\Windows\Downloaded Program Files
2009-12-10 08:38:55 ----D---- C:\Windowsescache
2009-12-10 08:20:12 ----D---- C:\Windows\system32\migration
2009-12-10 08:20:12 ----D---- C:\Program Files\Internet Explorer
2009-12-10 08:20:11 ----D---- C:\Windows\system32\fr-FR
2009-12-07 19:43:31 ----D---- C:\Users\beatrice\AppData\Roaming\LimeWire
2009-11-29 14:28:34 ----D---- C:\Users\beatrice\AppData\Roaming\WildTangentv1002
2009-11-25 19:30:55 ----D---- C:\ProgramData\PopCap Games
2009-11-25 00:54:29 ----A---- C:\Windows\system32\aswBoot.exe
2009-11-18 06:14:01 ----D---- C:\Windows\system32\wbem
2009-11-18 06:13:55 ----D---- C:\Windows\system32\zh-HK
2009-11-18 06:13:55 ----D---- C:\Windows\system32\uk-UA
2009-11-18 06:13:55 ----D---- C:\Windows\system32\sl-SI
2009-11-18 06:13:55 ----D---- C:\Windows\system32\pt-PT
2009-11-18 06:13:55 ----D---- C:\Windows\system32\pt-BR
2009-11-18 06:13:55 ----D---- C:\Windows\system32\pl-PL
2009-11-18 06:13:55 ----D---- C:\Windows\system32
l-NL
2009-11-18 06:13:55 ----D---- C:\Windows\system32\ko-KR
2009-11-18 06:13:55 ----D---- C:\Windows\system32\it-IT
2009-11-18 06:13:55 ----D---- C:\Windows\system32\hu-HU
2009-11-18 06:13:55 ----D---- C:\Windows\system32\hr-HR
2009-11-18 06:13:55 ----D---- C:\Windows\system32\he-IL
2009-11-18 06:13:55 ----D---- C:\Windows\system32\el-GR
2009-11-18 06:13:55 ----D---- C:\Windows\system32\bg-BG
2009-11-18 06:13:54 ----D---- C:\Windows\system32\zh-TW
2009-11-18 06:13:54 ----D---- C:\Windows\system32\zh-CN
2009-11-18 06:13:54 ----D---- C:\Windows\system32	r-TR
2009-11-18 06:13:54 ----D---- C:\Windows\system32	h-TH
2009-11-18 06:13:54 ----D---- C:\Windows\system32\sv-SE
2009-11-18 06:13:54 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-18 06:13:54 ----D---- C:\Windows\system32\sk-SK
2009-11-18 06:13:54 ----D---- C:\Windows\system32u-RU
2009-11-18 06:13:54 ----D---- C:\Windows\system32o-RO
2009-11-18 06:13:54 ----D---- C:\Windows\system32
b-NO
2009-11-18 06:13:54 ----D---- C:\Windows\system32\lv-LV
2009-11-18 06:13:54 ----D---- C:\Windows\system32\lt-LT
2009-11-18 06:13:54 ----D---- C:\Windows\system32\ja-JP
2009-11-18 06:13:54 ----D---- C:\Windows\system32\fi-FI
2009-11-18 06:13:54 ----D---- C:\Windows\system32\et-EE
2009-11-18 06:13:54 ----D---- C:\Windows\system32\es-ES
2009-11-18 06:13:54 ----D---- C:\Windows\system32\en-US
2009-11-18 06:13:54 ----D---- C:\Windows\system32\de-DE
2009-11-18 06:13:54 ----D---- C:\Windows\system32\da-DK
2009-11-18 06:13:54 ----D---- C:\Windows\system32\cs-CZ
2009-11-18 06:13:54 ----D---- C:\Windows\system32\ar-SA
2009-11-17 09:31:14 ----D---- C:\Program Files\Safari
2009-11-15 11:44:42 ----D---- C:\Users\beatrice\AppData\Roaming\Mozilla
2009-11-15 11:10:18 ----RSD---- C:\Windows\Fonts
2009-11-14 12:46:27 ----D---- C:\ProgramData\Meridian93
2009-11-14 12:46:00 ----D---- C:\Users\beatrice\AppData\Roaming\Meridian93
2009-11-10 13:45:36 ----D---- C:\Users\beatrice\AppData\Roaming\dvdcss
2009-11-03 09:59:04 ----D---- C:\Program Files\Common Files\Apple
2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-30 07:52:57 ----D---- C:\Windows\Microsoft.NET
2009-10-29 07:45:36 ----D---- C:\Program Files\Windows Media Player
2009-10-26 12:56:09 ----D---- C:\ProgramData\Google
2009-10-26 12:56:09 ----D---- C:\Program Files\Google
2009-10-26 07:34:56 ----D---- C:\ProgramData\GamesBar
2009-10-25 15:43:09 ----D---- C:\Program Files\GamesBar
2009-10-24 17:27:53 ----D---- C:\ProgramData\NOS
2009-10-22 09:12:29 ----D---- C:\Users\beatrice\AppData\Roaming\Flood Light Games
2009-10-22 09:12:29 ----D---- C:\ProgramData\Flood Light Games
2009-10-21 08:47:04 ----D---- C:\ProgramData\Adobe
2009-10-21 08:44:58 ----D---- C:\Program Files\Common Files\Adobe
2009-10-19 19:46:50 ----D---- C:\SWSETUP
2009-10-18 10:35:48 ----DC---- C:\Windows\system32\DRVSTORE
2009-10-18 10:33:00 ----D---- C:\Program Files\Windows Live
2009-10-17 02:29:27 ----D---- C:\Windows\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers	osrfcom.sys [2007-05-24 64000]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 CdaC15BA;CdaC15BA; \??\C:\Windows\system32\drivers\CdaC15BA.SYS [2009-07-11 12464]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-03-27 34664]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-09 3552256]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-04-15 378368]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS	osporte.sys [2006-10-10 41600]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-06-13 23040]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-06-13 507904]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-06-13 30208]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-09-02 15352]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 GT72NDISIPXP;GT 72 IP NDIS; C:\Windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744]
S3 GT72UBUS;GT 72 U BUS; C:\Windows\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968]
S3 GTPTSER;GT PT SER; C:\Windows\system32\DRIVERS\gtptser.sys [2007-11-13 8064]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS
vm60x32.sys [2006-11-02 429056]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2009-02-03 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2009-02-03 27072]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERSfcomm.sys [2008-06-13 149504]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS	osrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers	osrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS	osrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers	osrfsnd.sys [2007-01-22 53376]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS	osrfusb.sys [2007-06-11 41856]
S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe [2008-02-12 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-05-08 671744]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\Windows\system32\drivers\CDAC11BA.EXE [2009-07-11 54784]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-03-18 19456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-23 1028432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-08-22 73728]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-05-14 292248]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-05-14 116112]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-08-22 361808]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\STacSV.exe [2008-04-15 221239]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-09-19 69120]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-08-26 242424]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-25 148832]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-04-29 322032]

-----------------EOF-----------------



et le fichier info.txt

<code>
info.txt logfile of random's system information tool 1.06 2010-01-15 17:52:03

======Uninstall list======

-->"C:\Program Files\HP Games\18 Wheels of Steel - American Long Haul\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders - Treasures of Seven\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders II\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
-->"C:\Program Files\HP Games\Adventure Chronicles\Uninstall.exe"
-->"C:\Program Files\HP Games\Adventures of Robinson Crusoe\Uninstall.exe"
-->"C:\Program Files\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe"
-->"C:\Program Files\HP Games\Agatha Christie - Peril at End House\Uninstall.exe"
-->"C:\Program Files\HP Games\Age of Castles\Uninstall.exe"
-->"C:\Program Files\HP Games\Alabama Smith in Escape from Pompeii\Uninstall.exe"
-->"C:\Program Files\HP Games\Alchemist's Apprentice\Uninstall.exe"
-->"C:\Program Files\HP Games\Alice Greenfingers 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Amazing Adventures Around the World\Uninstall.exe"
-->"C:\Program Files\HP Games\Amazing Adventures Special Edition Bundle\Uninstall.exe"
-->"C:\Program Files\HP Games\Amazing Adventures The Lost Tomb\Uninstall.exe"
-->"C:\Program Files\HP Games\Amazing Finds\Uninstall.exe"
-->"C:\Program Files\HP Games\Amelie's Cafe\Uninstall.exe"
-->"C:\Program Files\HP Games\American Girl - Mia Goes For Great\Uninstall.exe"
-->"C:\Program Files\HP Games\Annabel\Uninstall.exe"
-->"C:\Program Files\HP Games\Annie's Millions\Uninstall.exe"
-->"C:\Program Files\HP Games\Are You Smarter than a 5th Grader - Make the Grade\Uninstall.exe"
-->"C:\Program Files\HP Games\Around the World in 80 Days\Uninstall.exe"
-->"C:\Program Files\HP Games\Artist Colony\Uninstall.exe"
-->"C:\Program Files\HP Games\Ashley Jones and The Heart of Egypt\Uninstall.exe"
-->"C:\Program Files\HP Games\Ashton's Family Resort\Uninstall.exe"
-->"C:\Program Files\HP Games\Astro Avenger\Uninstall.exe"
-->"C:\Program Files\HP Games\AstroPop Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Atlantis Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Azteca\Uninstall.exe"
-->"C:\Program Files\HP Games\Babysitting Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Beach Party Craze\Uninstall.exe"
-->"C:\Program Files\HP Games\Beebo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled Twist\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled\Uninstall.exe"
-->"C:\Program Files\HP Games\Big City Adventure - San Francisco\Uninstall.exe"
-->"C:\Program Files\HP Games\Big City Adventure - Sydney\Uninstall.exe"
-->"C:\Program Files\HP Games\Big Island Blends\Uninstall.exe"
-->"C:\Program Files\HP Games\BloodTies\Uninstall.exe"
-->"C:\Program Files\HP Games\Bob the Builder - Can-Do Carnival\Uninstall.exe"
-->"C:\Program Files\HP Games\Bob the Builder Can-Do-Zoo\Uninstall.exe"
-->"C:\Program Files\HP Games\Bone Out from Boneville\Uninstall.exe"
-->"C:\Program Files\HP Games\Book of Legends\Uninstall.exe"
-->"C:\Program Files\HP Games\Boonka\Uninstall.exe"
-->"C:\Program Files\HP Games\Brain Challenge\Uninstall.exe"
-->"C:\Program Files\HP Games\Brain Training for Dummies\Uninstall.exe"
-->"C:\Program Files\HP Games\Bratz Super Babyz\Uninstall.exe"
-->"C:\Program Files\HP Games\Bubble Town\Uninstall.exe"
-->"C:\Program Files\HP Games\Build in Time\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Burger Island 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Bus Driver\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Call of Atlantis\Uninstall.exe"
-->"C:\Program Files\HP Games\Can You See What I See - Curfuffle's Collectibles\Uninstall.exe"
-->"C:\Program Files\HP Games\Candace Kane's Candy Factory\Uninstall.exe"
-->"C:\Program Files\HP Games\Cannon Blast\Uninstall.exe"
-->"C:\Program Files\HP Games\Carnival Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Carrie the Caregiver 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Carrie the Caregiver 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Carrie the Caregiver\Uninstall.exe"
-->"C:\Program Files\HP Games\Cate West - The Vanishing Files\Uninstall.exe"
-->"C:\Program Files\HP Games\Cate West - The Velvet Keys\Uninstall.exe"
-->"C:\Program Files\HP Games\Chocolatier - Decadence by Design\Uninstall.exe"
-->"C:\Program Files\HP Games\Christmasville\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Ciao Bella\Uninstall.exe"
-->"C:\Program Files\HP Games\CLUE Accusations and Alibis\Uninstall.exe"
-->"C:\Program Files\HP Games\Clueless\Uninstall.exe"
-->"C:\Program Files\HP Games\Color Up!\Uninstall.exe"
-->"C:\Program Files\HP Games\Continental Cafe\Uninstall.exe"
-->"C:\Program Files\HP Games\Cooking Academy 2 - World Cuisine\Uninstall.exe"
-->"C:\Program Files\HP Games\Cooking Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Cooking Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\County Fair\Uninstall.ex

who? · Answer

rien d'autre? :s

moment de grace · Answer

bonjour

plusieurs infections

dans cet ordre (tu peux poster les rapports en suivant)

1)


Téléchargez USBFIX de El Desaparecido, C_xx

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
ou
https://www.ionos.fr/?affiliate_id=77097

/!\ Utilisateur de vista et windows 7 :
ne pas oublier de désactiver Le contrôle des comptes utilisateurs 
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac 

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir 

• Double clic sur le raccourci UsbFix présent sur le bureau . 

• Choisir l'option2
(d’autres options disponibles, voir le tutoriel). 
• Laissez travailler l'outil.
Le menu démarrer et les icônes vont disparaître.. c'est normal. 

Si un message te demande de redémarrer l'ordinateur fais le ... 

&#9679; Au redémarrage, le fix se relance... laisses l'opération s'effectuer. 

&#9679; Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse

 
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt ) 

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. 


• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html


UsbFix peut te demander d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097 

 Il est enregistré sur ton bureau. 

Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches. 

Merci 

................

2)
Note importante : 
Pour les ordinateurs équipés de Windows Vista et Windows 7, la désactivation du Contrôle des comptes utilisateurs est obligatoire 
sous peine de ne pas pouvoir faire fonctionner correctement l'outil. 
 Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac 

Téléchargez et enregistrez le fichier d installation sur le bureau
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe


Double cliquez sur le fichier d'installation de AD-Remover, le programme s'installera automatiquement. 
Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
Au menu principal choisir
Option L Lancer le nettoyage
et tapez sur [entrée] .
Laissez travailler l'outil et ne touchez à rien ... 
Postez le rapport  qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

........................

3)
Infection Navipromo….Pour info :

Il s'installe via certains programmes, dont ceux-ci qu'il faut éviter à tout prix: 
* Funky Emoticons 
* go-astro 
* Games Attack 
* GoRecord 
* HotTVPlayer / HotTVPlayer & Paris Hilton 
* Live-Player 
* MailSkinner 
* Messenger Skinner 
* Instant Access 
* InternetGameBox 
* Officiale Emule (Version d'Emule modifiée) 
* Original Solitaire 
* SuperSexPlayer 
* Speed Downloading 
* Sudoplanet 
* Webmediaplayer

il faudrait télécharge navilog1 sur le bureau : 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

 Certaines infections bloquent les téléchargements d' outils de désinfection utilisez ce lien alternatif:
 http://ww38.toofiles.com/fr/oip/documents/exe/yop3.html 

/!\ Utilisateur de VISTA: il faudrait désactiver l’UAC juste le temps de désinfection de votre pc, Vous le réactiverez plus tard : 

Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac 



1°Double-clique sur navilog1.exe présent sur ton bureau 
2°Sélectionnez la langue désirée dans le menu puis valide le choix par la touche « entrer » 
3°Petit message d’avertissement, appuyez sur une touche pour passe à la suite 
4°un nouveau avertissement, appuie sur une touche pour suivre 
5°Vérification de l’installation de Navilog1 : si tout est bon, appuyez sur une touche pour continuer 
6°Choisir option 1 : recherche/désinfection automatique 
7°La recherche va se lancer automatiquement et peut durée quelques minutes, patientez 
8°Une fois l’analyse terminé, fermez et enregistrez votre travail en cours, puis appuiez sur une touche pour que votre pc puisse démarrer 
9°Au redémarrage du pc, Navilog va supprimer ce qu’il a trouvé, patientez quelques instants. 

Un rapport est gèneré par l'outil. Il se trouve à cette emplacement : 
XP : demarrer/poste de travail/c:/cleannavi.txt 
Vista : logo « demarrer »/ordinateur/c:/ cleannavi.txt 

...................

4)
 Téléchargez MalwareByte's Anti-Malware

http://www.malwarebytes.org/mbam/program/mbam-setup.exe
 
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation. 
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre. 
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés. 
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur  Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. 
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. 
. Rends toi dans l'onglet rapport/log 
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous 
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller 


Si tu as besoin d'aide regarde ces tutoriels : 
 Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
 http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

knostra · Answer

excuser moi j'avais pas lu jusqu'à la fin le tuto, je vais attendre de finir toutes les opérations et je mettrais les fichier en lien sa prendras moins de place sur le forum et ce seras plus complet.

merci beaucoup, je reviens dans une voir  deux heures je pense.

d'accord je vais finir le premier tuto et je suivrais par vos instructions petit moment de grâce.

merci pour votre réponses

moment de grace · Answer

posts croisés

voir post 2

knostra · Answer

ok donc je vais plutôt continuer avec vos instructions merci moment de grace  et pas petit moment de grace je me suis tromper désolé :)

je reviens une fois fini

knostra · Answer

ok bon il me reste encore l'analyse de MalwareByte's Anti-Malware  qui est en train de ce faire je vous met déjà les fichier log des première analyse 

Pour USBFIX: http://www.cijoint.fr/cj201001/cijiOQ5Lon.txt

Pour AD-Remover: http://www.cijoint.fr/cj201001/cijfcj0kGw.txt

Pour navilog1: http://www.cijoint.fr/cj201001/cijTyxfsXD.txt

voilà je reviens dès que MalwareByte's Anti-Malware  a fini l'analyse pour poster le rapport.

merci

moment de grace · Answer

vu les rapport

apres MBAM qui est assez long

tu pourras faire ceci

/!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs(uac)

https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac 
Téléchargez Lop S&D.exe sur le Bueau 
 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 
Certaines infections bloquent les telechargements d' outils de desinfection utilisez ce lien alternatif:
http://ww38.toofiles.com/fr/oip/documents/exe/yop4.html   

Lop S&D est détecté par certains antivirus : il ne s'agit pas d'un virus (faux positif), mais d'un utilitaire destiné à mettre fin à des processus. Dans le cas d'une alerte de la part de votre antivirus, veuillez désactiver votre antivirus pendant la procédure

* Double-cliquez dessus pour lancer l'installation 
* Puis double-cliquez sur le raccourci Lop S&D présent sur le Bureau 
* Séléctionnez la langue souhaitée, puis choisir l'option 1 (Recherche) 
* Patientez jusqu'à la fin du scan 
* Postez le rapport généré sur un forum(C:\lopR.txt)

knostra · Answer

Voilà enfin fini punaise c'était rude :)

pour MalwareByte's Anti-Malware : http://www.cijoint.fr/cj201001/cijdvq3Orw.txt

pour Lop S&D: http://www.cijoint.fr/cj201001/cijCc9Guyj.txt

merci beaucoup et bonne nuit à demain.

moment de grace · Answer

bon

tu as vraiment fait le plein de virus...

MalwareByte'...no action taken = tu ne les as pas supprimer

refais un scan rapide (complet a dure 5h) et supprimes ce qu'il trouve +rapport

.............

lop : relancer Lop S&D option 2 suppression +hosts, poster le rapport

...............

présence de rookits:

/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\ 


&#9654; Télécharge : Gmer (by Przemyslaw Gmerek) 

http://www.gmer.net/



&#9654; Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre. 

&#9654; Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le) 

Ensuite 

&#9654; sur les lignes rouge: 

&#9654; Services:cliques droit delete service 
&#9654; Process:cliques droit kill process 
&#9654; Adl ,file:cliques droit delete files

knostra · Answer

Bonjour moment de grace,

Oui effectivement l'ordinateur est blindé de virus, en faite c'est le pc de ma mère qui adore les jeux bidon et qui télécharge et installe tout et n'importe quoi , alors je suis obligé de lui reformater tout les 6 mois !

mais là j'avais envie de voir si on pouvait faire quelque chose sans reformatage :)

j'ai refais l'analyse MalwareByte's Anti-Malware en rapide mais il n'a rien trouvé alors je la refais complète il en ai à 2h30 donc encore 3 bonne heures et je reposterais le rapport à ce moment avec tout le reste.

merci beaucoup pour votre aide.

knostra · Answer

voilà c'est fini mais MalwareByte n'a rien trouvé même en faisant le scan complet
voici le rapport:

MalwareByte: http://www.cijoint.fr/cj201001/cij1HuU78Y.txt

Pour Lop S&D: http://www.cijoint.fr/cj201001/cijViKWV12.txt

par contre gmer sa ne fonctionne pas, j'arrive à l'ouvrir et lancer le scan, sa scan pendant 5 minutes et vista me met un message pour me dire que:

gmer.exe a cessé de fonctionner 
un problème a fait que gmer.exe a cessé de fonctionner ..........

Pourtant j'ai bien désactivé avast enfin c'est tout ce que j'ai désactivé

merci

moment de grace · Answer

peut tu poster ici le contenu du rapport Lop S&D (je ne peux pour l'heure le consulter que sur le forum)

pour gmer, on va voir autrement

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection) 

&#9654; Télécharge et installe List&Kill'em et enregistre le sur ton bureau 
 http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/Seven ) sur le raccourci sur ton bureau pour lancer l'installation 

coche la case "creer une icone sur le bureau" 

une fois terminée , clic sur "terminer" et le programme se lancer seul 

choisis la langue puis choisis l'option 1 = Mode Recherche 

&#9654; laisse travailler l'outil 

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué. 

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini. 

&#9654; Poste sur le forum le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED" 

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

knostra · Answer

Rapport Lop S&D   

--------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6002 ) Service Pack 2
   X86-based PC ( Multiprocessor Free : AMD Turion(tm) X2 Dual-Core Mobile RM-70 )
   BIOS : Default System BIOS
   USER : beatrice ( Administrator )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:223 Go (Free:10 Go)
   D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
   E:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [2] ( 16/01/2010|17:25 )

   [ UAC => 1 ]


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\ProgramData\comp two long internet\1 Option.dat
   Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
   Supprime! - C:\ProgramData\Move Byte Byte.47ah5
   Supprime! - C:\ProgramData\Move Byte Byte.d7d4ra
   Supprime! - C:\ProgramData\Settings Bait Bird.vdfer1
   Supprime! - C:\ProgramData\Move Byte Byte.aivhmn4
   Supprime! - C:\ProgramData\Move Byte Byte.pgdhudd
   Supprime! - C:\ProgramData\Move Byte Byte.uve7cjt
   Supprime! - C:\ProgramData\comp two long internet
   Supprime! - C:\Program Files\Circle Developement
   -
   [ Fichier Hosts ] .. Restaure!
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans Local

   [15/01/2010|17:47] C:\Users\beatrice\AppData\Local\Adobe
   [15/01/2010|17:47] C:\Users\beatrice\AppData\Local\Apple Computer
   [13/09/2008|19:01] C:\Users\beatrice\AppData\Local\Application Data 
   [11/10/2008|12:01] C:\Users\beatrice\AppData\Local\Apps
   [19/07/2009|12:35] C:\Users\beatrice\AppData\Local\Artist Colony
   [28/05/2009|11:42] C:\Users\beatrice\AppData\Local\Astar Games
   [13/09/2008|19:03] C:\Users\beatrice\AppData\Local\ATI
   [13/09/2008|19:02] C:\Users\beatrice\AppData\Local\AtStart.txt
   [15/01/2010|17:08] C:\Users\beatrice\AppData\Local\d3d9caps.dat
   [28/12/2009|10:34] C:\Users\beatrice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [01/01/2010|20:28] C:\Users\beatrice\AppData\Local\Deployment
   [23/10/2008|16:50] C:\Users\beatrice\AppData\Local\Downloaded Installations
   [28/02/2009|08:31] C:\Users\beatrice\AppData\Local\DownloadLog.txt
   [13/09/2008|19:02] C:\Users\beatrice\AppData\Local\DSwitch.txt
   [13/09/2008|21:45] C:\Users\beatrice\AppData\Local\eMule
   [01/09/2009|16:50] C:\Users\beatrice\AppData\Local\FlyOrDie
   [28/10/2008|07:07] C:\Users\beatrice\AppData\Local\gaabbbe.bat
   [10/12/2008|21:08] C:\Users\beatrice\AppData\Local\Game Mill Files
   [13/06/2009|12:17] C:\Users\beatrice\AppData\Local\Gamenauts
   [26/08/2009|15:13] C:\Users\beatrice\AppData\Local\GDIPFONTCACHEV1.DAT
   [26/10/2009|12:11] C:\Users\beatrice\AppData\Local\Google
   [20/10/2009|12:11] C:\Users\beatrice\AppData\Local\Grubby Games
   [16/09/2008|06:08] C:\Users\beatrice\AppData\Local\Hewlett-Packard
   [13/09/2008|19:01] C:\Users\beatrice\AppData\Local\Historique 
   [28/09/2009|18:27] C:\Users\beatrice\AppData\Local\HP Guide
   [16/01/2010|02:42] C:\Users\beatrice\AppData\Local\IconCache.db
   [11/11/2009|19:36] C:\Users\beatrice\AppData\Local\IM
   [09/10/2008|06:59] C:\Users\beatrice\AppData\Local\IsolatedStorage
   [30/12/2009|11:33] C:\Users\beatrice\AppData\Local\JollyBear
   [19/08/2009|14:29] C:\Users\beatrice\AppData\Local\Microsoft
   [14/02/2009|18:16] C:\Users\beatrice\AppData\Local\Microsoft Games
   [24/02/2009|07:38] C:\Users\beatrice\AppData\Local\Microsoft Help
   [05/11/2008|17:41] C:\Users\beatrice\AppData\Local\Mozilla
   [27/10/2009|13:13] C:\Users\beatrice\AppData\Local\Oberon Games
   [13/05/2009|12:47] C:\Users\beatrice\AppData\Local\Plan It Green Files
   [07/10/2009|21:20] C:\Users\beatrice\AppData\Local\PUTTY.RND
   [13/09/2008|19:02] C:\Users\beatrice\AppData\Local\QSwitch.txt
   [16/05/2009|10:06] C:\Users\beatrice\AppData\Local\QuickPlay
   [26/10/2008|20:04] C:\Users\beatrice\AppData\Local\Seven Zip
   [25/10/2009|13:39] C:\Users\beatrice\AppData\Local\slot1.mm1
   [06/11/2008|11:12] C:\Users\beatrice\AppData\Local\SpookyManor
   [18/02/2009|07:15] C:\Users\beatrice\AppData\Local\STARGAZE_IMAGE_CACHE
   [16/01/2010|17:25] C:\Users\beatrice\AppData\Local\Temp
   [13/09/2008|19:01] C:\Users\beatrice\AppData\Local\Temporary Internet Files 
   [01/09/2009|19:21] C:\Users\beatrice\AppData\Local\The Wonderful End of the World
   [15/11/2009|11:44] C:\Users\beatrice\AppData\Local\Thunderbird
   [08/01/2009|17:57] C:\Users\beatrice\AppData\Local\TimeParadox
   [23/10/2008|11:38] C:\Users\beatrice\AppData\Local\Toshiba
   [02/10/2008|17:57] C:\Users\beatrice\AppData\Local\VirtualStore
   [08/12/2008|08:43] C:\Users\beatrice\AppData\Local\Xenocode
   [12/01/2010|15:39] C:\Users\beatrice\AppData\Local\Zylom Games
 
   --------------------\  Tâches planifiées dans C:\Windows	asks

   [16/01/2010 16:33][--a------] C:\Windows	asks\GoogleUpdateTaskUserS-1-5-21-987366186-1126316390-497482987-1000UA.job
   [15/01/2010 20:33][--a------] C:\Windows	asks\GoogleUpdateTaskUserS-1-5-21-987366186-1126316390-497482987-1000Core.job
   [13/01/2010 08:27][--a------] C:\Windows	asks\HPCeeScheduleForbeatrice.job
   [13/01/2010 19:31][--a------] C:\Windows	asks\Ad-Aware Update (Weekly).job
   [16/01/2010 17:00][--a------] C:\Windows	asks\RegCure Program Check.job
   [26/11/2009 03:17][--a------] C:\Windows	asks\RegCure.job
   [16/01/2010 17:25][--ah-----] C:\Windows	asks\User_Feed_Synchronization-{E6443B5F-FC79-4622-9000-749D11B0DB42}.job
   [16/01/2010 10:59][--ah-----] C:\Windows	asks\SA.DAT
   [16/01/2010 02:42][--a------] C:\Windows	asks\SCHEDLGU.TXT

   --------------------\  Listing des dossiers dans C:\ProgramData
   
   [31/03/2009|08:19] C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
   [22/09/2009|08:28] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
   [22/04/2009|18:27] C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
   [28/04/2009|08:24] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
   [26/10/2008|18:44] C:\ProgramData\118300.34
   [15/01/2010|18:36] C:\ProgramData\Adobe
   [07/07/2009|19:24] C:\ProgramData\AdventureChronicles1
   [18/12/2009|17:40] C:\ProgramData\Alawar Stargaze
   [24/10/2008|17:47] C:\ProgramData\AOL
   [13/09/2008|19:50] C:\ProgramData\AOL OCP
   [11/12/2008|16:30] C:\ProgramData\Apple
   [31/03/2009|08:19] C:\ProgramData\Apple Computer
   [02/11/2006|14:02] C:\ProgramData\Application Data 
   [19/07/2009|12:53] C:\ProgramData\Artist Colony
   [06/11/2008|09:18] C:\ProgramData\Artogon
   [08/03/2009|19:11] C:\ProgramData\Astar Games
   [31/07/2008|00:29] C:\ProgramData\Atheros
   [31/07/2008|01:24] C:\ProgramData\ATI
   [29/09/2008|08:38] C:\ProgramData\AVS4YOU
   [19/09/2008|02:54] C:\ProgramData\Azureus
   [01/12/2008|10:51] C:\ProgramData\BC Soft Games
   [20/10/2009|11:54] C:\ProgramData\Beanbag Studios
   [16/10/2009|09:32] C:\ProgramData\Becky Brogan
   [31/03/2009|18:43] C:\ProgramData\blg
   [29/04/2009|23:24] C:\ProgramData\Blizzard
   [23/07/2009|20:15] C:\ProgramData\BOONTY
   [04/12/2008|20:26] C:\ProgramData\Boontyv1005fr
   [13/09/2008|19:00] C:\ProgramData\Bureau 
   [15/10/2008|10:09] C:\ProgramData\CanonBJ
   [24/10/2008|11:46] C:\ProgramData\CheckPoint
   [28/07/2009|17:06] C:\ProgramData\Christmasville
   [19/10/2008|18:09] C:\ProgramData\CyberLink
   [10/02/2009|08:03] C:\ProgramData\Dekovir
   [02/11/2006|14:02] C:\ProgramData\Desktop 
   [02/11/2006|14:02] C:\ProgramData\Documents 
   [05/01/2009|20:46] C:\ProgramData\Droppix
   [13/09/2008|22:05] C:\ProgramData\eMule
   [28/04/2009|10:46] C:\ProgramData\Enkord
   [03/08/2009|16:30] C:\ProgramData\Escape From Paradise
   [22/07/2009|12:19] C:\ProgramData\EscapeTheMuseum
   [29/09/2008|12:55] C:\ProgramData\ezsid.dat
   [26/11/2009|08:04] C:\ProgramData\FarmFrenzy3
   [13/09/2008|19:00] C:\ProgramData\Favoris 
   [02/11/2006|14:02] C:\ProgramData\Favorites 
   [09/10/2008|14:40] C:\ProgramData\Fighters
   [22/10/2009|09:12] C:\ProgramData\Flood Light Games
   [21/02/2009|09:06] C:\ProgramData\FloodLightGames
   [07/06/2009|14:50] C:\ProgramData\Fuel Industries
   [06/11/2009|19:34] C:\ProgramData\Fugazo
   [11/12/2008|07:59] C:\ProgramData\GameHouse
   [18/12/2009|19:24] C:\ProgramData\Gamers Digital
   [17/10/2009|07:54] C:\ProgramData\GameXzone
   [18/12/2009|08:15] C:\ProgramData\GOA
   [15/09/2009|06:06] C:\ProgramData\GoBit Games
   [23/05/2009|06:41] C:\ProgramData\Gogii
   [10/03/2009|19:56] C:\ProgramData\Gogii Games
   [09/12/2008|20:22] C:\ProgramData\Gold Casual Games
   [26/10/2009|12:56] C:\ProgramData\Google
   [25/11/2008|06:21] C:\ProgramData\Hewlett-Packard
   [23/03/2009|12:04] C:\ProgramData\HiddenSecretsNightmare
   [12/01/2010|09:54] C:\ProgramData\HideAndSecret3
   [28/09/2009|08:53] C:\ProgramData\HipSoft
   [08/07/2009|10:30] C:\ProgramData\hitpointstudios
   [19/02/2009|13:12] C:\ProgramData\HoverBee Studios
   [15/10/2008|12:38] C:\ProgramData\HP
   [11/11/2009|19:33] C:\ProgramData\IM
   [11/11/2009|19:31] C:\ProgramData\IncrediMail
   [25/05/2009|18:14] C:\ProgramData\Intenium
   [08/06/2009|14:52] C:\ProgramData\InterAction studios
   [24/09/2009|09:53] C:\ProgramData\IronCode
   [30/12/2009|11:33] C:\ProgramData\JollyBear
   [22/04/2009|18:27] C:\ProgramData\Lavasoft
   [06/01/2009|13:40] C:\ProgramData\LightScribe
   [14/10/2008|14:58] C:\ProgramData\ma-config.com
   [11/07/2009|09:48] C:\ProgramData\Macrovision
   [28/10/2008|08:52] C:\ProgramData\Malwarebytes
   [13/10/2009|17:46] C:\ProgramData\McAfee
   [13/10/2009|08:04] C:\ProgramData\McAfee Security Scan
   [13/09/2008|19:00] C:\ProgramData\Menu D‚marrer 
   [14/11/2009|12:46] C:\ProgramData\Meridian93
   [19/12/2009|10:22] C:\ProgramData\Merscom
   [23/02/2009|20:58] C:\ProgramData\Messenger Plus!
   [19/02/2009|13:03] C:\ProgramData\Microsoft
   [13/01/2010|20:11] C:\ProgramData\Microsoft Help
   [16/05/2009|06:47] C:\ProgramData\MissTeriTale2
   [13/09/2008|19:00] C:\ProgramData\ModŠles 
   [01/01/2010|12:29] C:\ProgramData\MumboJumbo
   [13/06/2008|04:29] C:\ProgramData\muvee Technologies
   [10/12/2008|21:55] C:\ProgramData\MysteryChronicles
   [13/12/2009|14:39] C:\ProgramData\MythPeople
   [29/01/2009|11:08] C:\ProgramData\NCH Swift Sound
   [01/03/2009|12:56] C:\ProgramData\NeptunesAdve
   [08/10/2008|11:41] C:\ProgramData\NortonInstaller
   [24/10/2009|17:27] C:\ProgramData\NOS
   [21/12/2009|20:39] C:\ProgramData\ObjPlay
   [09/06/2009|12:51] C:\ProgramData\PBGsavesDirectory
   [12/01/2009|17:14] C:\ProgramData\Player Metaboli
   [19/12/2009|14:03] C:\ProgramData\PlayFirst
   [06/01/2010|14:28] C:\ProgramData\PlayfulAge
   [11/10/2009|11:28] C:\ProgramData\PlayPond
   [26/03/2009|10:32] C:\ProgramData\Playrix Entertainment
   [04/07/2009|09:39] C:\ProgramData\Playtonium Games
   [07/01/2010|11:48] C:\ProgramData\PoBros
   [25/11/2009|19:30] C:\ProgramData\PopCap Games
   [21/07/2009|15:04] C:\ProgramData\Product
   [21/07/2009|15:04] C:\ProgramData\QuickClick
   [23/01/2009|07:11] C:\ProgramData\RFA_Backups
   [27/10/2009|17:35] C:\ProgramData\Rumbic Studio
   [17/06/2009|17:21] C:\ProgramData\Sandlot Games
   [15/09/2008|08:12] C:\ProgramData\ScanSoft
   [29/09/2008|12:53] C:\ProgramData\Skype
   [07/11/2009|08:17] C:\ProgramData\Sony Online Entertainment
   [04/01/2010|20:35] C:\ProgramData\SOS
   [01/12/2008|13:06] C:\ProgramData\SpecialBit Games
   [27/03/2009|18:29] C:\ProgramData\SpinTop Games
   [14/03/2009|07:45] C:\ProgramData\Spybot - Search & Destroy
   [02/11/2006|14:02] C:\ProgramData\Start Menu 
   [01/11/2009|10:07] C:\ProgramData\SugarGames
   [22/09/2009|19:57] C:\ProgramData\Symantec
   [12/01/2010|15:37] C:\ProgramData\TEMP
   [02/11/2006|14:02] C:\ProgramData\Templates 
   [26/06/2009|16:21] C:\ProgramData\UClick
   [12/10/2009|15:16] C:\ProgramData\ValuSoft
   [25/05/2009|15:09] C:\ProgramData\Wild Tangent
   [12/01/2010|13:33] C:\ProgramData\WildTangent
   [08/06/2009|12:53] C:\ProgramData\WildTangentv1005
   [22/03/2009|15:13] C:\ProgramData\WildWestQuest2
   [10/12/2009|13:01] C:\ProgramData\Windows Genuine Advantage
   [11/12/2008|13:50] C:\ProgramData\WindowsSearch
   [28/09/2008|13:00] C:\ProgramData\WinZip
   [15/09/2008|19:47] C:\ProgramData\WLInstaller
   [28/01/2009|17:25] C:\ProgramData\wmp
   [03/06/2009|09:37] C:\ProgramData\Word Whomp Underground
   [23/10/2008|16:52] C:\ProgramData\ywasvxup.hvs
   [02/02/2009|15:04] C:\ProgramData\Zeal Deluxe
   [13/10/2009|13:34] C:\ProgramData\ZEMNOTT
   [06/11/2008|17:20] C:\ProgramData\Zylom

   --------------------\  Listing des dossiers dans C:\Program Files

   [01/04/2009|15:52] C:\Program Files\Adobe
   [30/12/2009|14:33] C:\Program Files\AGEIA Technologies
   [26/08/2009|09:21] C:\Program Files\AIM6
   [06/01/2009|20:09] C:\Program Files\Alex Feinman
   [15/09/2008|16:13] C:\Program Files\Alwil Software
   [05/01/2009|08:37] C:\Program Files\AML Products
   [11/12/2008|16:32] C:\Program Files\Apple Software Update
   [15/09/2008|08:09] C:\Program Files\ArcSoft
   [31/07/2008|00:31] C:\Program Files\Atheros
   [31/07/2008|00:32] C:\Program Files\ATI
   [31/07/2008|00:35] C:\Program Files\ATI Technologies
   [05/01/2009|08:38] C:\Program Files\AviSynth 2.5
   [26/01/2009|07:04] C:\Program Files\AVS4YOU
   [06/01/2009|09:38] C:\Program Files\Bonjour
   [11/10/2009|20:50] C:\Program Files\BoontyGames
   [06/01/2009|19:48] C:\Program Files\Canon
   [14/10/2008|15:28] C:\Program Files\CanonBJ
   [06/01/2009|19:09] C:\Program Files\CCleaner
   [31/07/2008|00:29] C:\Program Files\Cisco
   [30/12/2009|14:32] C:\Program Files\Common Files
   [31/07/2008|01:20] C:\Program Files\CyberLink
   [26/04/2009|14:45] C:\Program Files\DivX
   [18/10/2008|19:00] C:\Program Files\eMule
   [13/09/2008|19:00] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [11/10/2008|17:03] C:\Program Files\Fighters
   [07/06/2009|18:34] C:\Program Files\FileZilla FTP Client
   [14/11/2008|20:18] C:\Program Files\Full Tilt Poker
   [26/10/2009|12:56] C:\Program Files\Google
   [16/03/2009|21:16] C:\Program Files\Hewlett-Packard
   [13/06/2008|05:09] C:\Program Files\HP
   [07/01/2010|10:24] C:\Program Files\HP Games
   [31/07/2008|00:40] C:\Program Files\IDT
   [16/03/2009|21:16] C:\Program Files\InstallShield Installation Information
   [10/12/2009|08:20] C:\Program Files\Internet Explorer
   [03/11/2009|09:59] C:\Program Files\iPod
   [03/11/2009|09:59] C:\Program Files\iTunes
   [11/01/2009|22:52] C:\Program Files\Java
   [21/10/2008|15:06] C:\Program Files\JRE
   [22/04/2009|18:27] C:\Program Files\Lavasoft
   [26/01/2009|12:54] C:\Program Files\Le Mystere de la Momie Demo
   [22/10/2008|11:10] C:\Program Files\LG Electronics
   [22/10/2008|11:08] C:\Program Files\LG PC Suite 2
   [17/06/2009|18:33] C:\Program Files\LimeWire
   [14/10/2008|14:58] C:\Program Files\ma-config.com
   [15/01/2010|18:14] C:\Program Files\Malwarebytes' Anti-Malware
   [21/12/2009|20:37] C:\Program Files\Messenger Plus! Live
   [04/01/2009|20:28] C:\Program Files\Microsoft
   [02/11/2006|13:37] C:\Program Files\Microsoft Games
   [11/01/2009|19:01] C:\Program Files\Microsoft Office
   [18/10/2009|10:38] C:\Program Files\Microsoft Office Outlook Connector
   [23/09/2009|06:21] C:\Program Files\Microsoft Silverlight
   [13/09/2008|21:06] C:\Program Files\Microsoft SQL Server Compact Edition
   [04/01/2009|20:27] C:\Program Files\Microsoft Sync Framework
   [11/01/2009|19:01] C:\Program Files\Microsoft Visual Studio
   [11/01/2009|18:57] C:\Program Files\Microsoft Visual Studio 8
   [11/06/2009|08:48] C:\Program Files\Microsoft Works
   [11/01/2009|19:00] C:\Program Files\Microsoft.NET
   [23/09/2009|06:56] C:\Program Files\Movie Maker
   [16/01/2010|02:30] C:\Program Files\Mozilla Firefox
   [11/01/2009|19:02] C:\Program Files\MSBuild
   [11/01/2009|18:54] C:\Program Files\MSECache
   [13/09/2008|19:19] C:\Program Files\MSXML 4.0
   [13/06/2008|04:29] C:\Program Files\muvee Technologies
   [08/01/2009|20:07] C:\Program Files\MySoft
   [15/01/2010|20:21] C:\Program Files\Navilog1
   [29/01/2009|11:08] C:\Program Files\NCH Software
   [27/02/2009|06:51] C:\Program Files\NCH Swift Sound
   [17/09/2008|19:08] C:\Program Files\NOS
   [07/10/2009|20:47] C:\Program Files\Notepad++
   [15/12/2009|10:43] C:\Program Files\Oberon Media
   [06/05/2009|06:45] C:\Program Files\Objective Tarot
   [05/01/2009|19:45] C:\Program Files\ONES (F)
   [15/09/2008|18:39] C:\Program Files\Online Services
   [21/10/2008|15:06] C:\Program Files\OpenOffice.org 3
   [30/09/2009|08:12] C:\Program Files\orange
   [24/10/2008|17:58] C:\Program Files\Panda Security
   [24/10/2008|18:09] C:\Program Files\POPUPKILLER
   [05/10/2008|10:19] C:\Program Files\Portrait Professional 6
   [22/09/2009|08:24] C:\Program Files\QuickTime
   [31/07/2008|00:37] C:\Program Files\Realtek
   [02/11/2006|13:37] C:\Program Files\Reference Assemblies
   [26/02/2009|06:13] C:\Program Files\RegCure
   [17/11/2009|09:31] C:\Program Files\Safari
   [13/09/2008|21:07] C:\Program Files\Satsuki Decoder Pack
   [15/09/2008|08:11] C:\Program Files\ScanSoft
   [15/01/2010|19:59] C:\Program Files\Search Guard Plus
   [15/01/2010|19:59] C:\Program Files\Search Guard PlusU
   [09/11/2009|07:50] C:\Program Files\Securitoo
   [06/05/2009|06:46] C:\Program Files\Skype
   [05/03/2009|13:14] C:\Program Files\Spybot - Search & Destroy
   [11/05/2009|07:45] C:\Program Files\Steam
   [31/07/2008|00:36] C:\Program Files\Synaptics
   [23/04/2009|23:19] C:\Program Files\Teamspeak2_RC2
   [23/10/2008|11:07] C:\Program Files\Toshiba
   [15/01/2010|17:50] C:\Program Files	rend micro
   [02/11/2006|14:01] C:\Program Files\Uninstall Information
   [22/09/2009|08:32] C:\Program Files\Utilitaire de configuration iPhone
   [16/09/2008|06:00] C:\Program Files\uTorrent
   [24/09/2008|18:59] C:\Program Files\VideoLAN
   [08/06/2009|08:59] C:\Program Files\WildGames
   [23/09/2009|06:56] C:\Program Files\Windows Calendar
   [23/09/2009|06:56] C:\Program Files\Windows Collaboration
   [23/09/2009|06:56] C:\Program Files\Windows Defender
   [23/09/2009|06:56] C:\Program Files\Windows Journal
   [18/10/2009|10:33] C:\Program Files\Windows Live
   [04/01/2009|20:22] C:\Program Files\Windows Live SkyDrive
   [13/01/2010|20:10] C:\Program Files\Windows Mail
   [29/10/2009|07:45] C:\Program Files\Windows Media Player
   [13/09/2008|19:00] C:\Program Files\Windows NT
   [23/09/2009|06:56] C:\Program Files\Windows Photo Gallery
   [18/11/2009|06:14] C:\Program Files\Windows Portable Devices
   [23/09/2009|06:56] C:\Program Files\Windows Sidebar
   [29/09/2008|07:06] C:\Program Files\WinRAR
   [07/10/2009|20:20] C:\Program Files\WinSCP
   [30/04/2009|01:44] C:\Program Files\World of Warcraft
   [24/10/2008|17:52] C:\Program Files\Yahoo!
   [03/08/2009|16:26] C:\Program Files\Zylom Games

   --------------------\  Listing des dossiers dans C:\Program Files\Common Files

   [15/01/2010|18:36] C:\Program Files\Common Files\Adobe
   [05/01/2009|10:56] C:\Program Files\Common Files\Ahead
   [15/09/2008|18:02] C:\Program Files\Common Files\AOL
   [03/11/2009|09:59] C:\Program Files\Common Files\Apple
   [30/10/2008|18:05] C:\Program Files\Common Files\AVSMedia
   [28/10/2008|15:00] C:\Program Files\Common Files\BitDefender
   [29/04/2009|22:26] C:\Program Files\Common Files\Blizzard Entertainment
   [19/09/2008|15:45] C:\Program Files\Common Files\BOONTY Shared
   [14/09/2008|06:40] C:\Program Files\Common Files\CANON
   [11/01/2009|19:01] C:\Program Files\Common Files\DESIGNER
   [26/04/2009|14:45] C:\Program Files\Common Files\DivX Shared
   [05/01/2009|20:47] C:\Program Files\Common Files\Droppix
   [15/09/2008|08:11] C:\Program Files\Common Files\InstallShield
   [13/06/2008|05:09] C:\Program Files\Common Files\Java
   [30/11/2008|15:09] C:\Program Files\Common Files\LightScribe
   [11/07/2009|09:48] C:\Program Files\Common Files\Macrovision Shared
   [26/08/2009|14:36] C:\Program Files\Common Files\microsoft shared
   [28/10/2008|14:24] C:\Program Files\Common Files\MSSoap
   [13/06/2008|04:29] C:\Program Files\Common Files\muvee Technologies
   [30/09/2009|08:12] C:\Program Files\Common Files\Oberon Media
   [22/10/2008|11:13] C:\Program Files\Common Files\PX Storage Engine
   [02/03/2009|08:47] C:\Program Files\Common Files\Real
   [02/11/2006|12:18] C:\Program Files\Common Files\Services
   [02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
   [29/04/2009|20:21] C:\Program Files\Common Files\Steam
   [22/09/2009|19:59] C:\Program Files\Common Files\Symantec Shared
   [23/09/2009|06:56] C:\Program Files\Common Files\System
   [04/01/2009|20:05] C:\Program Files\Common Files\Windows Live
   [15/09/2008|19:50] C:\Program Files\Common Files\WindowsLiveInstaller
   [30/12/2009|14:33] C:\Program Files\Common Files\Wise Installation Wizard

   --------------------\  Process

   ( 77 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2010-01-16 17:26:45
   Windows 6.0.6002 Service Pack 2 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 3
 
   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\PROGRA~2\Fugazo\World Mosaics\cached\sounds\Tilecrack.wav


   [F:10][D:6]-> C:\Users\beatrice\AppData\Local\Temp
   [F:32][D:1]-> C:\Users\beatrice\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:284][D:6]-> C:\Users\beatrice\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:3][D:1]-> C:\$Recycle.Bin

   1 - "C:\Lop SD\LopR_1.txt" - 16/01/2010| 2:37 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 16/01/2010|17:29 - Option : [2]

   --------------------\  Fin du rapport a 17:29:53
   [ UAC => 1 ]

moment de grace · Answer

vu

killem donc

knostra · Answer

voilà Kill c bon :

List'em by g3n-h@ckm@n 1.1.8.3 

Thx to El Desaparecido.....& CCM team 

User : beatrice (Administrateurs) 
Update on 14/01/2010 by g3n-h@ckm@n ::::: 18:30 
Start at: 18:14:56 | 16/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Turion(tm) X2 Dual-Core Mobile RM-70
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 223,73 Go (10,96 Go free) | NTFS
D:\ -> Disque fixe local | 9,15 Go (1,66 Go free) [HP_RECOVERY] | NTFS
E:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
C:\Windows\system32\conime.exe
C:\Windows\system32undll32.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32	askeng.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\beatrice\AppData\Local\Temp\4F11.tmp\pv.exe

======================
Keys "Run" 
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr	REG_SZ         	"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ehTray.exe	REG_SZ         	C:\Windows\ehome\ehTray.exe
Google Update	REG_SZ         	"C:\Users\beatrice\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
NWEReboot	REG_SZ         	 
AppleSyncNotifier	REG_SZ         	C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe 
avast!	REG_SZ         	C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
QuickTime Task	REG_SZ         	"C:\Program Files\QuickTime\QTTask.exe" -atboottime 
SysTrayApp	REG_EXPAND_SZ  	%ProgramFiles%\IDT\WDM\sttray.exe 
iTunesHelper	REG_SZ         	"C:\Program Files\iTunes\iTunesHelper.exe" 
Adobe Reader Speed Launcher	REG_SZ         	"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
Adobe ARM	REG_SZ         	"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
ConsentPromptBehaviorAdmin	REG_DWORD      	2 (0x2) 
ConsentPromptBehaviorUser	REG_DWORD      	1 (0x1) 
EnableInstallerDetection	REG_DWORD      	1 (0x1) 
EnableLUA	REG_DWORD      	1 (0x1) 
EnableSecureUIAPaths	REG_DWORD      	1 (0x1) 
EnableVirtualization	REG_DWORD      	1 (0x1) 
PromptOnSecureDesktop	REG_DWORD      	1 (0x1) 
ValidateAdminCodeSignatures	REG_DWORD      	0 (0x0) 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
scforceoption	REG_DWORD      	0 (0x0) 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 
FilterAdministratorToken	REG_DWORD      	1 (0x1) 
EnableUIADesktopToggle	REG_DWORD      	0 (0x0) 
HideFastUserSwitching	REG_DWORD      	0 (0x0) 

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoLogoff	REG_DWORD      	0 (0x0) 
NoDriveAutoRun	REG_DWORD      	128 (0x80) 
NoDriveTypeAutoRun	REG_DWORD      	128 (0x80) 
HonorAutoRunSetting	REG_DWORD      	0 (0x0) 

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
BindDirectlyToPropertySetStorage	REG_DWORD      	0 (0x0) 
NoDriveAutoRun	REG_DWORD      	128 (0x80) 
NoDriveTypeAutoRun	REG_DWORD      	128 (0x80) 
HonorAutoRunSetting	REG_DWORD      	0 (0x0) 

=============== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS	REG_SZ         	

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{06E7240D-D7D5-B646-D631-B48F9C9ED978}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{07AD0FD2-116A-8A48-C7E3-83159CE22237}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10B6F6AB-EAFC-E7DE-A6D8-89A9E4E14906}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C939776-9ABA-EE6E-3B22-03671B86A17B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F291CF2-8D08-37B0-55CF-410163C744D1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3A2C6A7C-C12C-571E-E6F4-D90BDD286CF2}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4218CC4E-3E55-5040-F083-4F4979584A1A}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4569F293-D73A-18E7-0D38-854A6EB2CF97}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4947691F-0601-9720-889F-835ACD9E9FCF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FD3B88E-34B7-090A-0587-053951AF475E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E6E6D0-4E46-5D34-465B-4FE9C2268516}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6429643D-09DB-3A08-73FE-4F1E689AB594}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6DF4AC9E-E1D5-DA41-E34A-C557CD6F1FB8}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6F9BCEED-B7D2-AD58-5446-6E5840B844BD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{722FDAEE-FA91-3B75-95E4-3A5617572924}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{74EE36D8-2165-A00B-BC7F-36AFF696D1FE}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{75EA5DA3-8111-F34C-1C95-7C8485585A24}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{77EE854A-B0FA-3E6B-C43C-1C66E36B63D8}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{82C75D0C-10E1-C0A4-D581-6055038CDCA7}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{83A8ED03-6B2B-7ED9-ED9D-2C07F71255BF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8CF37354-9068-A061-CF6C-B12C35679473}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D8C98E4-6753-C424-3182-7C4B6747B4FE}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{909D6C90-1D84-D845-8E99-3259397182F5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{91708F02-2C69-78CD-ABDA-FB8C3C3B378E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{93E30C13-FA9E-8588-25CC-CABB6324DC97}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{93F52ADA-EAAA-D768-43A4-722C6D30B22C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9ACFBD8C-754D-0A46-1C47-481611DF7C83}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B6687EF-4674-C6FB-98A9-B6692CD7B701}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9F52E356-B80C-7D26-211B-69609AA4E7BE}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A1CF7563-466E-CA92-9539-35EECCE6864F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A9B12AE9-1397-2DF6-465D-4B1611487755}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B0E089D4-02F5-69D5-0220-16D60F268B49}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B6266A8C-5606-8774-EBA9-567F8568ACBE}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B70C83B4-B535-760C-5D80-D5D1FA2E2A70}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BB9F909D-6C64-F2D4-79B4-F8E8C7E04B7F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BC3E3095-0EF2-0DC2-0035-54E5A86B4FDB}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D132CACF-7104-31F9-BA33-CE6FEA875F21}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DE156264-EA3B-627B-51FD-C9AAE4BC3B9D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E0511F5D-B47C-7906-FCAA-CDCB7B664B7B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E18DCB60-1B50-B999-69F3-4442AC8D3270}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EC16E32C-72B7-465F-F3A4-505B8CD925CD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F94C2F6F-B66D-EE6C-F140-AF9667801D22}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F96E0748-B019-4A81-45A5-A7307217C831}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FE1F6ACB-F73A-F26E-3BD4-D2D734902FB6}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 
EapHost : 0x3 
Wlansvc : 0x2 
SharedAccess : 0x2 
windefend : 0x2 
wuauserv : 0x2 
wscsvc : 0x2 

=========
 
=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C: 

    Taille du volume                	= 224 Go
    Espace libre                    	= 10.97 Go
    tendue d'espace libre la plus grande 	= 53 Mo
    Pourcentage de fragmentation des fichiers 	= 1 %

    Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

    Il n'est pas n‚cessaire de d‚fragmenter ce volume. 	 

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\install.exe  
C:\ProgramData\Valusoft  
C:\Program Files\Search Guard PlusU  
C:\Windows\System32\EZUPBH~1.DLL  
C:\Windows\System32\logs  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoLogOff"  
"HKCU\software\microsoft\internet explorer\searchscopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}"  
HKCR\ezUPBHook.ShellObj  
HKCR\ezUPBHook.ShellObj.1  
HKCR\ImageOle.GifAnimator  
HKCR\ImageOle.GifAnimator.1  
HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}  
HKCR\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f}  
HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}  
HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}  
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5}  
HKLM\SOFTWARE\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}  

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 18:33:36
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b5b6f4]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37b5b6f4]

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E94CB806-CB04-366E-FF42-2549A02EB6A5}]
"oabanofdmajecmlleandpidkmhmigp"=hex:6a,61,68,6d,6c,65,6b,61,69,64,6f,6d,6b,65,61,63,62,6c,66,6e,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK 

==========
Programs
==========

Adobe
AGEIA Technologies
AIM6
Alex Feinman
Alwil Software
AML Products
Apple Software Update
ArcSoft
Atheros
ATI
ATI Technologies
AviSynth 2.5
AVS4YOU
Bonjour
BoontyGames
Canon
CanonBJ
CCleaner
Cisco
Common Files
CyberLink
desktop.ini
DivX
eMule
Fichiers communs
Fighters
FileZilla FTP Client
Full Tilt Poker
Google
Hewlett-Packard
HP
HP Games
IDT
InstallShield Installation Information
Internet Explorer
iPod
iTunes
Java
JRE
Lavasoft
Le Mystere de la Momie Demo
LG Electronics
LG PC Suite 2
LimeWire
List_Kill'em
ma-config.com
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft
Microsoft Games
Microsoft Office
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio
Microsoft Visual Studio 8
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSECache
MSXML 4.0
muvee Technologies
MySoft
Navilog1
NCH Software
NCH Swift Sound
NOS
Notepad++
Oberon Media
Objective Tarot
ONES (F)
Online Services
OpenOffice.org 3
orange
Panda Security
POPUPKILLER
Portrait Professional 6
QuickTime
Realtek
Reference Assemblies
RegCure
RngInterstitial.dll
Safari
Satsuki Decoder Pack
ScanSoft
Search Guard Plus
Search Guard PlusU
Securitoo
Skype
Spybot - Search & Destroy
Steam
Synaptics
Teamspeak2_RC2
Toshiba
trend micro
Uninstall Information
Utilitaire de configuration iPhone
uTorrent
VideoLAN
WildGames
Windows Calendar
Windows Collaboration
Windows Defender
Windows Journal
Windows Live
Windows Live SkyDrive
Windows Mail
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Portable Devices
Windows Sidebar
WinRAR
WinSCP
World of Warcraft
Yahoo!
Zylom Games

============
Lecteur C:
============

$RECYCLE.BIN
aaw7boot.log
Ad-Remover
Archivos de programa
autoexec.bat
autorun.inf
Avenger
avenger.txt
Boonty
boot
bootmgr
Config.Msi
config.sys
coreuninstall.log
divx
Documents and Settings
Downloads
Driver
DrvSetup
FtpCmd.txt
globdata.ini
HP
install.dat
install.exe
install.ini
install.res.1028.dll
install.res.1031.dll
install.res.1033.dll
install.res.1036.dll
install.res.1040.dll
install.res.1041.dll
install.res.1042.dll
install.res.2052.dll
install.res.3082.dll
IO.SYS
IPH.PH
Kill'em
lgupload
List'em.txt
Lop SD
lopR.txt
Movavi files
MSDOS.SYS
MSOCache
My Download Files
My Games
NIS2006FR.exe
orange.bmp
OUT_MEDIA_FILES
pagefile.sys
PerfLogs
Program Files
ProgramData
ProgramData.LOG1
ProgramData.LOG2
Programs
README
Remote Programs
rsit
SWSETUP
System Volume Information
System.sav
Tech_Vista.log
TMOTM
UCD
UsbFix
UsbFix.txt
Users
vcredist.bmp
VC_RED.cab
VC_RED.MSI
Windows
Windows Sidebar
 
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials 
 
C:\Program Files\HP Games\Campfire Legends - The Hookman\sound\environment\cracking_twig.ogg 
C:\Program Files\HP Games\Deep Sea Tycoon\save_game\Patch.apf 
C:\Program Files\HP Games\Dynomite\Images\crackmask1.gif 
C:\Program Files\HP Games\Dynomite\Images\crackmask2.gif 
C:\Program Files\HP Games\Dynomite\Images\crackmask3.gif 
C:\Program Files\HP Games\Dynomite\Images\crackmask4.gif 
C:\Program Files\HP Games\Eets\Data\Sound\Patch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Blink.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Bob Activation.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Boing.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Crashing_Bang.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Eating 1.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Eating 2.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Emotion Change.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Jumping 1.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Jumping 2.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Landing.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Walking 1.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Walking 2.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Happy Eating End.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Happy Eating.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Happy Emotion Change.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Happy Jumping.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Happy Landing.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Happy Walking 1.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Happy Walking 2.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Scared Eating 1.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Scared Eating 2.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Scared Emotion Change.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Scared Landing.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Scared Stopping.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Scared Walking.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Tripping.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Error.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Explosion.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Fanfare.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Firing Sound.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Freedom.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\GUI Click 1.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\GUI Click 2.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\GUI MouseOver.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\GUI Radial Menu Popup.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Hint.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Level Complete.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Marshomech Buildup.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Marshomech Roar.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Marshomech Walk 1.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Marshomech Walk 2.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Merch Bite 1.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Merch Bite 2.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Merch Bite 3.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Merch Kreee.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Merch Poomph.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Popup.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Power Baby.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Puzzle Piece Down Explosion.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Puzzle Piece Get.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Sneezy Sow Firing.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Sneezy Sow Windup 2.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Sneezy Sow Windup.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Squeaky Hammer of Power.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Star Hit.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Whale Eating 1.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Whale Eating 2.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Whale Eating 3.ptch 
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Whale Grinning.ptch 
C:\Program Files\HP Games\Sea Journey\Data\Textures\Map\Patch1.png 
C:\Program Files\HP Games\Sea Journey\Data\Textures\Map\Patch2.png 
C:\Program Files\HP Games\Sea Journey\Data\Textures\Map\Patch3.png 
C:\Program Files\HP Games\Sea Journey\Data\Textures\Map\Patch4.png 
C:\Program Files\HP Games\Sea Journey\Data\Textures\Map\Patch5.png 
C:\SWSETUP\Inetsec\NCO\NCO\APP\Patch25d.dll 
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches 
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch 
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\Blizzard Updater.exe 
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\wow-final.MPQ 
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\wow-partial-1.MPQ 
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\wow-partial-2.MPQ 
C:\Program Files\Microsoft Works\Install.exe 
C:\SWSETUP\MSWorks\Install.exe 
C:\SWSETUP\MSWorks\PFiles\MSWorks\Install.exe 
C:\Windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe 
 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

moment de grace · Answer

ok

&#9654; Relance List&Kill'em (clic droit "exécuter en tant qu'administrateur" pour Vista/Seven)   avec le raccourci sur ton bureau , 


mais cette fois-ci : 

&#9654; choisis l'option 2 = Mode Suppression 

laisse travailler l'outil. 

en fin de scan un rapport s'ouvre 

&#9654; colle le contenu dans ta reponse

..................

ensuite retentes GMER en supprimant celui que tu as et en le retéléchargeant, 

si ca coince dis le, compte tenu du comportement du pc , on fera plus fort ou pas...

knostra · Answer

Kill'em by g3n-h@ckm@n 1.1.8.3 
 
User : beatrice (Administrateurs) 
Update on 14/01/2010 by g3n-h@ckm@n ::::: 18:30 
Start at: 19:42:14 | 16/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Turion(tm) X2 Dual-Core Mobile RM-70
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 223,73 Go (10,97 Go free) | NTFS
D:\ -> Disque fixe local | 9,15 Go (1,66 Go free) [HP_RECOVERY] | NTFS
E:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
C:\Windows\system32\conime.exe
C:\Windows\system32undll32.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\beatrice\AppData\Local\Temp\7834.tmp\pv.exe
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quaranteend & Deleted !! : C:\install.exe 
Quaranteend & Deleted !! : C:\ProgramData\Valusoft 
Quaranteend & Deleted !! : C:\Program Files\Search Guard PlusU 
 
Quaranteend & Deleted !! : C:\Windows\SYSTEM32\EZUPBH~1.DLL 
Quaranteend & Deleted !! : C:\Windows\system32\logs 
 
==============
host file OK !
==============

========
Registry
========
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff  
Deleted : HKCU\software\microsoft\internet explorer\searchscopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}  
Deleted : HKCR\ezUPBHook.ShellObj  
Deleted : HKCR\ezUPBHook.ShellObj.1  
Deleted : HKCR\ImageOle.GifAnimator  
Deleted : HKCR\ImageOle.GifAnimator.1  
Deleted : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}  
Deleted : HKCR\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f}  
Deleted : HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}  
Deleted : HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5}  
Deleted : HKLM\SOFTWARE\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}  

============
Disk Cleaned
============
 
================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

knostra · Answer

Apparement gmer à l'air de fonctionner par contre il scan déja depuis un bon moment et il a pas fini alors j'ai mis le rapport de kill et je mettrais l'autre quand il aura fini.
merci

moment de grace · Answer

apres relecture des rapports

supprimes manuellement ceci de tes programmes

RegCure (rogue)

knostra · Answer

ok bon j'ai supprimé le dossier que vous m'avez indiqué, quant à gmer ba c'est pas concluant j'ai essayé plusieurs fois mais ca ne fonctionne pas pourtant il avait l'air de fonctionner mais au bout du compte sa fais buger le pc!

moment de grace · Answer

d'accord

comment va le pc ?

relances RSIT et poste juste le rapport log

knostra · Answer

Bonjour moment de grace,

C'est vrai je ne parle même pas du plus important, le pc va beaucoup mieux sa c'est sur plus de pop_up intempestive lors de la navigation sur le net, les logiciel s'ouvre sans trop de mal, la souris ne bloque plus pendant une heure pour rien.....

Pour résumer il c'est déjà refait une petite jeunesse grace à vous :)

Par contre dans c:// j'ai encore plusieurs fichiers qui ce nome install.res.1028.dll, install.res.1031.dll, install.res.1036.dll ect....

est-ce que je peux les supprimer?

rapport 

Logfile of random's system information tool 1.06 (written by random/random)
Run by beatrice at 2010-01-17 08:47:33
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 2
System drive C: has 8 GB (3%) free of 229 GB
Total RAM: 3069 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47:46, on 17/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\beatrice\Desktop\desinfection\RSIT.exe
C:\Program Files	rend micro\beatrice.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\beatrice\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

moment de grace · Answer

bon procédons par ordre

à supprimer manuellement

C:\Program Files\Search Guard Plus
C:\Windows	asks\RegCure Program Check.job 
C:\Windows	asks\RegCure.job
 C:\ProgramData\ObjPlay

(si tu ne les trouves pas, voir pour afficher les dossiers cachés un peu plus bas dans mon post)
...................
ensuite pour les dll , à priori ils sont légitimes

néanmoins on va en verifier quelques uns (les trois cités)

+ ceux là

C:\Windows Sidebar
C:\SWSETUP

Rends toi sur ce site : 

https://www.virustotal.com/gui/ 

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\......... 


Clique sur Send File. 

Un rapport va s'élaborer ligne à ligne. 

Attends la fin. Il doit comprendre la taille du fichier envoyé. 

Sauvegarde le rapport avec le bloc-note. 

Copie le dans ta réponse.

Si tu ne trouves pas le fichier alors

Affiche tous les fichiers et dossiers : 

Pour cela : 
Clique sur démarrer/panneau de configuration/option des dossiers/affichage 

Cocher afficher les dossiers cachés

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" 

Décocher masquer les extensions dont le type est connu 

Puis fais «appliquer» pour valider les changements. 

Et OK

..................

enfin

apres tout ca, je suspecte la présence de rookit peut être encore...mais si le pc réagit normalement, sans lenteur inexpliquée genre System drive C: has 8 GB (3%) free of 229 GB (disque trop plein)

alors on en restera là et on nettoiera

je m'en remets à tes observations...

Mon Pc est infecté de virus - Page 1

Newsletters