Trojan TR/Crypt.XPACK.GEN

patmoss Messages postés 2759 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour ou bonsoir, j'ai recemment été infecté par Virtumonde. J'ai réparer partiellement cela grâce à Combofix, or j'avais un problême avec la barre des tâches seulement maintenant, j'ai juste le fond d'ecran noir et inchangeable. A par ça je peut accéder à tous les programmes etc.
Mais l'antivirus du nom d'AntiVir détecte un trojan du nom inscrit au titre de ce post. Il à infecté 2 fichiers dans le dd que sont : C:/Users/Antho/AppData/Local/.../css4CA6VEFFL et C:/Windows/System32/byxuSJcD.dll qui lui est détécté de fois de suite. Puis par défault je coche "deni access". Le problême c'est que cela est rémanent, à savoir que quelque temps après ces avertissements d'AntiVir réapparaissent donc.

Que faire? Aidez-moi s'il vous plaît! En tout cas merci d'avoir pris la peine de lire ce problême, maintenant il ne vous reste plus qu'à me répondre si possible, merci encore.
Configuration: Windows Vista Edition Familiale basique (32 bits)
Firefox 2.0.0.14

50 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

La discussion porte sur une infection Virtumonde (Vundo) sur Windows Vista et les tentatives de suppression lorsque l'antivirus signale un trojan dans des fichiers système. Plusieurs solutions logicielles ont été proposées, notamment VundoFix pour nettoyer les racines de l'infection et HijackThis ou Combofix pour générer des rapports et guider l'élimination. En cas de persistance, des outils complémentaires comme VundoBeGone ou Malwarebytes' Anti-Malware et la collecte de rapports HijackThis et Combofix sont évoqués pour évaluer et confirmer une suppression. Enfin, des extraits et chemins d'infection cités montrent que des éléments de démarrage et des barres d'outils douteuses apparaissent dans les rapports, soulignant l'importance d'analyser les programmes au démarrage et les extensions de navigateur.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    scan avec vundofix (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    _______________

    virtumondebegone (colle le rapport)

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    _______________

    colle un rapport combofix

    _______________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :
    http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    2
  2. patmoss Messages postés 2759 Statut Membre 41
     
    Pour Vundo, no files were found. Donc AntiVir signale Virtumondebegone comme virus que dois-je faire?

    Saches que j'ai déja fait ComboFix je le refait ou je colle le résultat du scan ComboFix réaliser il y a quelque jours?

    Et pour Hijackthis, je fait un scan en rennommant hijackthis.exe dans le repertoire C:/Hijackthis? Et combien de scan et quand dois-je les faires en tout cas Vundo n'a rien trouvé.

    Merci de m'aider.
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fais un nouveau combofix pour voir ce qu'il reste
    et oui fais Virtumondebegone (désactive antivir le temps de le faire)
    0
  4. patmoss Messages postés 2759 Statut Membre 41
     
    VirtumondeBeGone

    [06/08/2008, 11:56:41] - VirtumundoBeGone v1.5 ( "C:\Users\antho\Desktop\VirtumundoBeGone.exe" )
    [06/08/2008, 11:56:50] - Detected System Information:
    [06/08/2008, 11:56:50] - Windows Version: 6.0.6001, Service Pack 1
    [06/08/2008, 11:56:50] - Current Username: antho (Admin)
    [06/08/2008, 11:56:50] - Windows is in NORMAL mode.
    [06/08/2008, 11:56:50] - Searching for Browser Helper Objects:
    [06/08/2008, 11:56:50] - BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
    [06/08/2008, 11:56:50] - BHO 2: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
    [06/08/2008, 11:56:50] - BHO 3: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [06/08/2008, 11:56:50] - BHO 4: {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} (Ask Search Assistant BHO)
    [06/08/2008, 11:56:50] - BHO 5: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [06/08/2008, 11:56:50] - BHO 6: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
    [06/08/2008, 11:56:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/08/2008, 11:56:50] - Checking for HKLM\...\Winlogon\Notify\NppBho
    [06/08/2008, 11:56:50] - Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
    [06/08/2008, 11:56:50] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [06/08/2008, 11:56:50] - BHO 8: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
    [06/08/2008, 11:56:50] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [06/08/2008, 11:56:50] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [06/08/2008, 11:56:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/08/2008, 11:56:50] - No filename found. Continuing.
    [06/08/2008, 11:56:50] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    [06/08/2008, 11:56:50] - BHO 12: {95D166B3-B002-4702-9BA3-7E79911325AD} ()
    [06/08/2008, 11:56:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/08/2008, 11:56:50] - No filename found. Continuing.
    [06/08/2008, 11:56:50] - BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} ()
    [06/08/2008, 11:56:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/08/2008, 11:56:50] - No filename found. Continuing.
    [06/08/2008, 11:56:50] - BHO 14: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
    [06/08/2008, 11:56:50] - BHO 15: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
    [06/08/2008, 11:56:50] - BHO 16: {E1B2F22F-88F6-4381-A18F-079FD0488676} ()
    [06/08/2008, 11:56:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/08/2008, 11:56:50] - No filename found. Continuing.
    [06/08/2008, 11:56:50] - BHO 17: {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} ()
    [06/08/2008, 11:56:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [06/08/2008, 11:56:51] - Checking for HKLM\...\Winlogon\Notify\urqrrstS
    [06/08/2008, 11:56:51] - Key not found: HKLM\...\Winlogon\Notify\urqrrstS, continuing.
    [06/08/2008, 11:56:51] - BHO 18: {EEE6C35C-6118-11DC-9C72-001320C79847} (SweetIM Toolbar Helper)
    [06/08/2008, 11:56:51] - BHO 19: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (Ask Toolbar BHO)
    [06/08/2008, 11:56:51] - Finished Searching Browser Helper Objects
    [06/08/2008, 11:56:51] - Finishing up...
    [06/08/2008, 11:56:51] - Nothing found! Exiting...
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. patmoss Messages postés 2759 Statut Membre 41
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:04, on 2008-06-08
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\COMODO\Firewall\cfp.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Powercinema\PCMService.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Vista Start Menu\VistaStartMenu.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\Phone\Skype.exe
    C:\Program Files\Spybot\TeaTimer.exe
    C:\Program Files\RALINK\Common\RaUI.exe
    C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\Windows\system32\conime.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
    C:\Program Files\Windows Media Player\wmprph.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\HijackThis\edes.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pagedetournee.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {95D166B3-B002-4702-9BA3-7E79911325AD} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: (no name) - {E1B2F22F-88F6-4381-A18F-079FD0488676} - (no file)
    O2 - BHO: (no name) - {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} - C:\Windows\system32\urqrrstS.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [GBMPro8Agent] "C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
    O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqrrstS.dll,#1
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [PCMService] "c:\Program Files\Powercinema\PCMService.exe"
    O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe"
    O4 - HKCU\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKCU\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKCU\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe"" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll
    O4 - HKCU\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe"" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT
    O4 - HKCU\..\Run: [Meteo Fusion] "C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe"
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{75918A0B-DC7E-4F07-9959-955064C5C2E5}
    O4 - HKCU\..\Run: [C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize] wallpaper.exe -minimize
    O4 - HKCU\..\Run: [MzCpuAccelerator] "C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: FullShot 9.lnk = C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
    O8 - Extra context menu item: &Search - ?p=ZJfox000
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/ - C:\Windows\system32\HDDSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot\SDWinSec.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    0
  7. patmoss Messages postés 2759 Statut Membre 41
     
    Alors je fait quoi?
    Il semble correct ce rapport HijackThis non?
    Ou récupérer le texte de Combofix; je l'exécute en mode sans echec avant c'est bien cela?
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok
    ton rapport montre des infections

    et je vois que tu as norton et antivir: vire un des deux sinon l'ordi va planter

    ______________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pagedetournee.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp

    R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)

    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {95D166B3-B002-4702-9BA3-7E79911325AD} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {E1B2F22F-88F6-4381-A18F-079FD0488676} - (no file)
    O2 - BHO: (no name) - {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} - C:\Windows\system32\urqrrstS.dll
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqrrstS.dll,#1

    ____________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Windows\system32\urqrrstS.dll
    C:\Program Files\AskSBar
    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    __________________

    vire ce qui est dans moved files en allant dans poste de travail puis C puis otmovit
    ___________________

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  9. patmoss Messages postés 2759 Statut Membre 41
     
    File/Folder C:\Windows\system32\urqrrstS.dll not found.
    C:\Program Files\AskSBar\SrchAstt\1.bin moved successfully.
    C:\Program Files\AskSBar\SrchAstt moved successfully.
    C:\Program Files\AskSBar\bar\History moved successfully.
    C:\Program Files\AskSBar\bar\1.bin moved successfully.
    C:\Program Files\AskSBar\bar moved successfully.
    C:\Program Files\AskSBar moved successfully.
    File/Folder C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL not found.
    File/Folder C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL not found.
    0
  10. patmoss Messages postés 2759 Statut Membre 41
     
    Mais comment désinstaller Norton, il n'y a que AntiVir qui est operationnel?
    0
  11. patmoss Messages postés 2759 Statut Membre 41
     
    J'ai essayé avec CCleaner mais un message ne l'autorise pas qui est : Setup, "This MSI must be lauched through setup". Comment désinstaller Norton alors?
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    regarde le deuxieme lien
    0
  13. patmoss Messages postés 2759 Statut Membre 41
     
    AntiVir ne fait qu'afficher C:\Windows\System32\byXonnmL.dll -du Trojan TR/Crypt.XPACK.Gen- sans arrêt
    j'ai beau Move to quarantaine ou deny access il ne evient que de plus bele (sans arrêt).
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    c'est normal c'est pourquoi je t'ai demandé un combofix aussi
    0
  15. patmoss Messages postés 2759 Statut Membre 41
     
    ComboFix 08-06-05.3 - antho 2008-06-08 20:12:32.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.197 [GMT 2:00]
    Endroit: C:\Users\antho\Desktop\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\system32\byXonnmL.dll
    C:\Windows\system32\khfcbawW.dll
    C:\Windows\System32\LmnnoXyb.ini
    C:\Windows\System32\LmnnoXyb.ini2
    .
    ---- Previous Run -------
    .
    C:\Program Files\internet explorer\msimg32.dll
    C:\Windows\System32\abIRtCfe.ini
    C:\Windows\System32\abIRtCfe.ini2
    C:\Windows\system32\awttRhGY.dll
    C:\Windows\system32\f3PSSavr.scr
    C:\Windows\System32\fOpAaccf.ini
    C:\Windows\System32\fOpAaccf.ini2
    C:\Windows\System32\IQBLRqru.ini
    C:\Windows\System32\IQBLRqru.ini2
    C:\Windows\system32\jkkJyXRH.dll
    C:\Windows\System32\kkklSvut.ini
    C:\Windows\System32\kkklSvut.ini2
    C:\Windows\System32\KTtvuwEg.ini
    C:\Windows\System32\KTtvuwEg.ini2
    C:\Windows\System32\PWvvCcfe.ini
    C:\Windows\System32\PWvvCcfe.ini2
    C:\Windows\System32\rBehOXyb.ini
    C:\Windows\System32\rBehOXyb.ini2
    C:\Windows\System32\rYFgMnnn.ini
    C:\Windows\System32\rYFgMnnn.ini2
    C:\Windows\System32\vGiiRXbc.ini
    C:\Windows\System32\vGiiRXbc.ini2
    C:\Windows\system32\yayaWPGY.dll
    C:\Windows\System32\YGPWayay.ini
    C:\Windows\System32\YGPWayay.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-08 to 2008-06-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-08 12:03 . 2008-06-08 19:41 <REP> d-------- C:\HijackThis
    2008-06-08 11:01 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
    2008-06-08 10:01 . 2008-06-08 10:01 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-06-08 10:01 . 2008-06-08 10:01 <REP> d-------- C:\Program Files\HDDGURU LLF Tool
    2008-06-08 09:51 . 2008-06-08 09:51 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-06-08 09:47 . 2008-06-08 10:06 <REP> d-------- C:\Windows\SHELLNEW
    2008-06-08 09:45 . 2008-06-08 11:08 <REP> d-------- C:\ProgramData\Microsoft Help
    2008-06-08 09:03 . 2008-06-08 09:08 <REP> d-a------ C:\office 2007
    2008-06-07 21:31 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-06-07 21:31 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
    2008-06-07 17:49 . 2008-06-07 17:49 <REP> d-------- C:\Program Files\Hard Drive Inspector
    2008-06-07 12:09 . 2008-06-07 19:59 <REP> d-------- C:\Program Files\PeerGuardian2
    2008-06-07 11:08 . 2008-06-07 11:08 <REP> d-------- C:\Users\antho\AppData\Roaming\HDD Thermometer
    2008-06-07 11:08 . 2008-06-07 11:08 <REP> d-------- C:\ProgramData\HDD Thermometer
    2008-06-07 10:47 . 2008-06-07 10:47 <REP> d-------- C:\_OTMoveIt
    2008-06-06 19:02 . 2008-06-06 19:02 <REP> d-------- C:\Users\antho\AppData\Roaming\Malwarebytes
    2008-06-06 19:01 . 2008-06-06 19:01 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-06-06 18:02 . 2008-06-05 10:44 <REP> d-------- C:\SDFix
    2008-06-06 17:53 . 2008-06-06 19:34 <REP> d-------- C:\VundoFix Backups
    2008-06-06 17:14 . 2008-06-06 17:14 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-06-06 13:32 . 2008-06-06 21:32 <REP> d-------- C:\__eetemp
    2008-06-05 22:21 . 2008-06-06 17:13 559 --a------ C:\Windows\wininit.ini
    2008-06-04 23:21 . 2008-06-04 23:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Videos
    2008-06-04 23:21 . 2008-06-04 23:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Searches
    2008-06-04 23:21 . 2008-06-04 23:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Saved Games
    2008-06-04 23:21 . 2008-06-04 23:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Pictures
    2008-06-04 23:21 . 2008-06-04 23:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Links
    2008-06-04 23:21 . 2008-06-04 23:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Downloads
    2008-06-04 21:50 . 2008-06-04 20:11 152,576 --a------ C:\Windows\System32\SPWizUI.dll
    2008-06-04 21:50 . 2008-06-04 20:11 47,560 --a------ C:\Windows\System32\SPReview.exe
    2008-06-04 21:24 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
    2008-06-04 21:24 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
    2008-06-04 21:22 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
    2008-06-04 21:20 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
    2008-06-04 21:20 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
    2008-06-04 21:18 . 2008-06-04 21:21 <REP> d-------- C:\Windows\A1C4EE2BDF144488BC8AF9336D588E97.TMP
    2008-06-04 21:15 . 2008-01-18 23:35 4,495,360 --a------ C:\Windows\System32\NlsData0816.dll
    2008-06-04 21:14 . 2008-01-18 23:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
    2008-06-04 21:13 . 2008-01-18 23:33 5,714,432 --a------ C:\Windows\System32\logon.scr
    2008-06-04 21:11 . 2008-01-18 23:36 2,153,472 --a------ C:\Windows\System32\oobefldr.dll
    2008-06-04 21:10 . 2008-01-18 23:33 2,927,104 --a------ C:\Windows\explorer.exe
    2008-06-04 21:09 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
    2008-06-04 21:07 . 2008-01-18 23:33 3,216,896 --a------ C:\Windows\System32\WinSAT.exe
    2008-06-04 21:05 . 2008-01-18 23:43 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-06-04 21:04 . 2008-01-18 23:32 691,200 --a------ C:\Windows\System32\TabletPC.cpl
    2008-06-04 21:02 . 2008-01-18 23:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
    2008-06-04 21:01 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
    2008-06-04 21:00 . 2008-01-18 23:36 1,505,792 --a------ C:\Windows\System32\tquery.dll
    2008-06-04 20:59 . 2008-01-18 23:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll
    2008-06-04 20:58 . 2008-01-18 21:28 226,816 --a------ C:\Windows\System32\drivers\udfs.sys
    2008-06-04 20:58 . 2008-01-18 23:36 208,384 --a------ C:\Windows\System32\uDWM.dll
    2008-06-04 20:58 . 2008-01-18 23:36 152,064 --a------ C:\Windows\System32\UIAutomationCore.dll
    2008-06-04 20:58 . 2008-01-18 23:36 92,672 --a------ C:\Windows\System32\ufat.dll
    2008-06-04 20:58 . 2008-01-18 23:36 89,088 --a------ C:\Windows\System32\txflog.dll
    2008-06-04 20:58 . 2008-01-18 23:36 56,320 --a------ C:\Windows\System32\uexfat.dll
    2008-06-04 20:58 . 2008-01-18 23:33 35,840 --a------ C:\Windows\System32\UI0Detect.exe
    2008-06-04 20:58 . 2008-01-05 03:21 28,672 --a------ C:\Windows\System32\TsWpfWrp.exe
    2008-06-04 20:58 . 2008-01-18 21:55 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
    2008-06-04 20:58 . 2008-01-18 21:55 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
    2008-06-04 20:25 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
    2008-06-04 20:11 . 2008-06-04 20:11 <REP> d-------- C:\96c2110d97d1b8b8abf446f4818453
    2008-06-04 18:43 . 2008-06-04 18:52 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-06-04 18:43 . 2008-06-08 19:21 <REP> d-------- C:\Program Files\Spybot
    2008-06-03 20:21 . 2008-06-03 20:21 <REP> d-------- C:\Program Files\NeoSmart Technologies
    2008-06-03 20:19 . 2008-06-03 20:20 <REP> d-------- C:\Program Files\Mz_CpuAcc
    2008-06-03 20:17 . 2008-06-03 20:17 <REP> d-------- C:\Program Files\FreshDevices
    2008-06-01 15:51 . 2008-06-04 20:09 <REP> d-------- C:\Program Files\Hard Disk Sentinel
    2008-06-01 00:24 . 2008-06-01 00:24 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-06-01 00:05 . 2008-01-18 23:34 15,872 --a------ C:\Windows\System32\hcrstco.dll
    2008-05-31 21:30 . 2008-05-31 21:30 <REP> d-------- C:\ProgramData\TechSmith
    2008-05-31 21:27 . 2008-05-31 21:27 <REP> d-------- C:\Program Files\TechSmith
    2008-05-30 20:03 . 2008-05-30 20:03 <REP> d-------- C:\Program Files\AxBx
    2008-05-29 21:51 . 2008-05-29 21:52 <REP> d-------- C:\Program Files\Windows Live Toolbar
    2008-05-29 21:40 . 2008-05-29 21:40 <REP> d-------- C:\Windows\PCHEALTH
    2008-05-29 21:40 . 2008-06-05 18:59 <REP> d-------- C:\Program Files\MSN Messenger
    2008-05-29 21:18 . 2006-10-30 17:22 8,192 --a------ C:\Windows\System32\drivers\AtiPcie.sys
    2008-05-29 19:05 . 2008-05-29 19:05 <REP> d-------- C:\Windows\Repair
    2008-05-28 23:19 . 2007-07-04 00:16 1,820 --a------ C:\Windows\System32\rasctrnm.h
    2008-05-28 23:04 . 2008-06-04 21:53 81,920 --a------ C:\Windows\SPInstall.etl
    2008-05-28 22:10 . 2008-06-04 18:42 0 --ah----- C:\Users\Default.LOG2
    2008-05-28 22:10 . 2008-06-04 18:42 0 --ah----- C:\Users\Default.LOG1
    2008-05-28 22:10 . 2008-05-28 22:10 0 --ah----- C:\ProgramData.LOG2
    2008-05-28 22:10 . 2008-05-28 22:10 0 --ah----- C:\ProgramData.LOG1
    2008-05-28 20:01 . 2008-06-05 08:09 <REP> d-------- C:\Users\antho\AppData\Roaming\ESTsoft
    2008-05-28 20:01 . 2008-05-28 20:02 <REP> d-------- C:\Program Files\ESTsoft
    2008-05-28 19:42 . 2008-05-28 19:45 <REP> d-------- C:\Users\antho\AppData\Roaming\Notepad++
    2008-05-28 19:42 . 2008-05-28 19:42 <REP> d-------- C:\Program Files\Notepad++
    2008-05-28 19:31 . 2008-05-28 19:31 <REP> d-------- C:\Program Files\Intel
    2008-05-28 18:28 . 2008-05-28 18:28 <REP> d-------- C:\Program Files\COMODO
    2008-05-28 18:28 . 2008-05-28 18:49 76,280 --a------ C:\Windows\System32\drivers\cmdGuard.sys
    2008-05-28 18:28 . 2008-05-28 18:49 24,568 --a------ C:\Windows\System32\drivers\cmdhlp.sys
    2008-05-28 13:22 . 2006-10-25 19:09 758,352 --a------ C:\fwconfig.exe
    2008-05-28 13:22 . 2006-10-25 19:09 131,072 --a------ C:\clicapi.dll
    2008-05-26 21:49 . 2008-05-26 21:49 <REP> d-------- C:\ProgramData\Avira
    2008-05-26 21:49 . 2008-05-26 21:49 <REP> d-------- C:\Program Files\Avira
    2008-05-26 19:28 . 2008-05-26 20:23 81,984 --a------ C:\Windows\System32\bdod.bin
    2008-05-25 14:42 . 2008-05-26 20:27 121 --a------ C:\Windows\bdagent.INI
    2008-05-25 14:06 . 2008-05-26 20:30 <REP> d-------- C:\Program Files\BitDefender
    2008-05-25 14:03 . 2008-05-26 20:30 <REP> d-------- C:\Program Files\Common Files\BitDefender
    2008-05-25 13:59 . 2008-05-25 13:59 <REP> d-------- C:\Programas
    2008-05-24 18:42 . 2007-12-15 18:35 1,626 --a------ C:\02B780B8.key
    2008-05-24 14:06 . 2008-05-25 13:35 <REP> d-------- C:\ProgramData\Kaspersky Lab
    2008-05-18 09:57 . 2008-05-18 09:57 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files
    2008-05-17 21:09 . 2008-05-18 09:04 171,136 -rahs---- C:\grldr
    2008-05-17 08:37 . 2008-05-17 08:38 <REP> d-------- C:\Program Files\Opera
    2008-05-16 09:00 . 2008-05-16 09:00 <REP> d-------- C:\ProgramData\eMule
    2008-05-15 19:55 . 2008-05-15 19:55 <REP> d-------- C:\Program Files\BSD Concept
    2008-05-15 12:42 . 2008-05-15 12:42 <REP> d-------- C:\Program Files\MagicISO
    2008-05-14 22:11 . 2008-06-06 13:41 0 ---hs---- C:\Windows\S164E22E3.tmp
    2008-05-14 22:06 . 2008-05-14 22:06 <REP> d-------- C:\Program Files\SlySoft
    2008-05-11 13:03 . 2008-05-11 13:08 <REP> d-------- C:\Program Files\Common Files\Adobe
    2008-05-09 16:29 . 2008-05-09 16:29 <REP> d-------- C:\Program Files\Ligos
    2008-05-09 16:29 . 2000-06-23 14:05 136,704 --a------ C:\Windows\System32\iacenc.dll
    2008-05-09 16:29 . 2000-06-22 13:09 56,320 --------- C:\Windows\System32\iyvu9_32.dll
    2008-05-09 16:21 . 2008-05-09 16:21 <REP> d-------- C:\Program Files\MediaTV
    2008-05-09 16:09 . 2008-05-11 09:54 <REP> d-------- C:\Program Files\DivXCodec

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-08 18:20 --------- d-----w C:\Users\antho\AppData\Roaming\DNA
    2008-06-08 18:11 --------- d-----w C:\Users\antho\AppData\Roaming\DMCache
    2008-06-08 17:41 --------- d-----w C:\Users\antho\AppData\Roaming\OpenOffice.org2
    2008-06-08 17:39 --------- d-----w C:\Users\antho\AppData\Roaming\Skype
    2008-06-08 17:21 --------- d-----w C:\Program Files\Internet Download Manager
    2008-06-08 10:15 --------- d-----w C:\Users\antho\AppData\Roaming\Vista Start Menu
    2008-06-08 09:43 --------- d-----w C:\Users\antho\AppData\Roaming\uTorrent
    2008-06-08 08:10 --------- d-----w C:\Program Files\Microsoft Works
    2008-06-08 08:09 --------- d-----w C:\Program Files\MSBuild
    2008-06-08 06:42 --------- d-----w C:\Program Files\Common Files\L&H
    2008-06-08 01:08 --------- d-----w C:\Program Files\Windows Mail
    2008-06-07 21:26 --------- d-----w C:\ProgramData\Roxio
    2008-06-07 20:45 24,306 ----a-w C:\Users\antho\AppData\Roaming\wklnhst.dat
    2008-06-06 17:09 --------- d-----w C:\Program Files\PowerISO
    2008-06-05 20:41 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-06-05 18:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-05 16:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-05 16:13 --------- d-----w C:\Program Files\Common Files\Acronis
    2008-06-04 21:15 174 --sha-w C:\Program Files\desktop.ini
    2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Sidebar
    2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Collaboration
    2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Calendar
    2008-06-04 20:51 --------- d-----w C:\Program Files\Windows Defender
    2008-06-01 18:41 --------- d-----w C:\Program Files\RALINK
    2008-05-31 01:15 --------- d-----w C:\Program Files\Learning Essentials
    2008-05-29 20:16 --------- d-----w C:\Program Files\ATI
    2008-05-28 20:41 --------- d-----w C:\Users\antho\AppData\Roaming\Packard Bell
    2008-05-28 16:28 --------- d-----w C:\Users\antho\AppData\Roaming\Comodo
    2008-05-26 17:51 --------- d-----w C:\Program Files\Symantec
    2008-05-24 16:58 --------- d-----w C:\Program Files\Alwil Software
    2008-05-24 16:56 --------- d-----w C:\Users\antho\AppData\Roaming\IDM
    2008-05-16 06:55 --------- d-----w C:\Program Files\eMule
    2008-05-01 07:34 --------- d-----w C:\ProgramData\Symantec
    2008-04-26 09:49 --------- d-----w C:\Program Files\AOL 9.0 VR
    2008-04-26 09:47 --------- d-----w C:\Users\antho\AppData\Roaming\LimeWire
    2008-04-25 20:32 --------- d-----w C:\Program Files\Quicken
    2008-04-25 20:06 --------- d-----w C:\Users\antho\AppData\Roaming\Systweak
    2008-04-25 20:06 --------- d-----w C:\Program Files\Advanced System Optimizer
    2008-04-25 19:51 --------- d-----w C:\Users\antho\AppData\Roaming\Application Data
    2008-04-25 19:43 --------- d-----w C:\Program Files\Philips
    2008-04-25 17:17 --------- d-----w C:\Program Files\Auralog
    2008-04-25 10:02 --------- d-----w C:\Users\antho\AppData\Roaming\BSDh9
    2008-04-24 18:44 --------- d---a-w C:\ProgramData\TEMP
    2008-04-24 12:59 --------- d-----w C:\Users\antho\AppData\Roaming\iolo
    2008-04-23 15:25 100,904 ----a-w C:\Users\antho\AppData\Roaming\GDIPFONTCACHEV1.DAT
    2008-04-23 11:41 --------- d-----w C:\Program Files\SweetIM
    2008-04-23 11:39 --------- d-----w C:\ProgramData\SweetIM
    2008-04-23 08:24 --------- d-----w C:\ProgramData\Genie-Soft
    2008-04-23 08:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-04-23 08:19 --------- d-----w C:\Program Files\Genie-Soft
    2008-04-21 21:03 --------- d-----w C:\Program Files\OpenOffice.org 2.4
    2008-04-21 18:49 --------- d-----w C:\ProgramData\iolo
    2008-04-14 17:56 --------- d-----w C:\Users\antho\AppData\Roaming\Simply Super Software
    2008-04-14 17:56 --------- d-----w C:\ProgramData\Simply Super Software
    2008-04-13 19:17 --------- d-----w C:\ProgramData\BVRP Software
    2008-04-13 18:57 --------- d-----w C:\Users\antho\AppData\Roaming\Avanquest
    2008-04-13 18:57 --------- d-----w C:\ProgramData\Avanquest
    2008-04-13 18:45 --------- d-----w C:\Program Files\Avanquest
    2008-04-12 10:14 --------- d-----w C:\Program Files\Microsoft Etudes
    2008-04-10 19:09 --------- d--h--w C:\ProgramData\{A526BBD6-4321-4B38-BF34-B3C9B982DA32}
    2008-04-10 18:58 --------- d-----w C:\ProgramData\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
    2008-04-10 18:56 --------- d-----w C:\Program Files\Blaze Media Pro
    2007-10-11 17:33 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
    2005-11-04 15:59 135,525 ----a-w C:\Program Files\Common Files\ReportPreview.app
    2005-01-21 06:53 45,056 ------r C:\Program Files\SetAttrib.exe
    2004-11-30 13:23 40,960 ------r C:\Program Files\delete.exe
    2008-02-17 11:28 5 --sha-w C:\Windows\System32\afcfdcbd6_g.dll
    2007-10-30 22:31 11,270 --sha-w C:\Windows\System32\KGyGaAvL.sys
    2006-11-02 12:34 168,960 --sha-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16386_none_09330123522ea8c1\wmplayer.exe
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0243BC71-E8CF-4E60-83AC-710A53BF050E}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2BFA2D-8F90-423F-A84F-FA0923BF25EE}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]
    "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [ ]

    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

    [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-20 18:26 289088]
    "PCMService"="c:\Program Files\Powercinema\PCMService.exe" [2006-11-15 16:49 151552]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:08 107112]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 12:11 81920]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184]
    "VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-10-29 18:47 1682944]
    "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 16:49 1092152]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
    "IS CfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-11-26 20:46 456072]
    "Meteo Fusion"="C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe" [2007-04-12 13:01 294912]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-23 17:15 2577840]
    "Skype"="C:\Program Files\Phone\Skype.exe" [2007-09-13 13:31 22880040]
    "RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2008-01-18 23:33 12800]
    "MzCpuAccelerator"="C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe" [2008-05-29 00:15 159744]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184]
    "GBMPro8Agent"="C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-01-27 09:55 230016]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-28 18:48 1481984]
    "HDInspector.exe"="C:\Program Files\Hard Drive Inspector\HDInspector.exe" [2008-03-26 18:22 1007368]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

    C:\Users\antho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    FullShot 9.lnk - C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe [2007-07-04 01:00:00 3993600]
    OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-10-15 17:41:47 1585152]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"= 1 (0x1)
    "AllowUnhashedWebView"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoBandCustomize"= 0 (0x0)
    "NoMovingBands"= 0 (0x0)
    "NoCloseDragDropBands"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ffvfw.dll
    "vidc.fvfw"= ffvfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3525442163-3756774792-3855537706-1002]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{01E66E1C-3F58-4100-9979-969E84A0185F}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
    "{7E6503D6-F74C-4404-B1D2-C5F5BFAA3F4C}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
    "{46287467-9706-4F01-87B8-04F8E32FBF8E}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
    "{68EECAC6-165F-4634-8DCF-3EF2D444A33F}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
    "{1809F410-608B-4960-8A0A-8EE63FCDD1E8}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
    "{01955B9E-02AC-4CA0-9E1B-401FF76EDA0B}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
    "{BD688FB9-3901-4073-A779-453A3F48E281}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
    "{2E6E59BC-17D0-4C9F-88A9-260913C3B64F}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
    "{FD843E49-9219-4181-9B2D-836C7F552C04}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
    "{E2CE24DB-1978-41EF-BE46-B742741D090D}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
    "{581C3C69-E48E-440B-BCDC-736440C35946}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
    "{5B4E6F60-A58C-4A40-99EB-C8078B8B3CA9}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
    "{FDE4E33C-94E9-40AA-9ED4-C4057CDCF405}"= UDP:C:\Program Files\Powercinema\PowerCinema.exe:CyberLink PowerCinema
    "{59F25144-3256-4102-940E-7C16BBBE40AC}"= TCP:C:\Program Files\Powercinema\PowerCinema.exe:CyberLink PowerCinema
    "{E73B0411-5451-4930-AC79-C0D016568B1C}"= UDP:C:\Program Files\Powercinema\PCMService.exe:CyberLink PowerCinema Resident Program
    "{C74E8417-8F17-4E34-B212-2C3AFE355A2C}"= TCP:C:\Program Files\Powercinema\PCMService.exe:CyberLink PowerCinema Resident Program
    "{91DBBC18-3919-4F47-B3CA-457DC4B9E0C7}"= UDP:C:\Windows\System32\WindowsAnytimeUpgrade.exe:Achat de mise à niveau en ligne
    "{74AE9E5F-5689-41AB-9A6F-E6D03E117267}"= TCP:C:\Windows\System32\WindowsAnytimeUpgrade.exe:Achat de mise à niveau en ligne
    "TCP Query User{07A95485-2F6E-4CE0-8053-0CC0A04051E4}C:\\users\\antho\\documents\\logiciels et autres applications\\emule.exe"= UDP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe
    "UDP Query User{8BBBA791-BA17-431D-A9FE-0DC0A29D4090}C:\\users\\antho\\documents\\logiciels et autres applications\\emule.exe"= TCP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe
    "TCP Query User{6A2D8392-0021-4BEF-BFB6-F9E638563201}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{6FA76C49-8162-44A3-92DC-14EB9B2BA6F7}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{0C22D93B-237C-4F96-A5BB-70A4DFEE4EDA}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{97492C02-5B44-4F5D-AFB0-605C6A2A9B87}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
    "TCP Query User{37A804FE-AEFC-44DD-A9A6-36C14A337080}D:\\emule, divx\\emule.exe"= UDP:D:\emule, divx\emule.exe:eMule
    "UDP Query User{6632D0CD-0207-4DC5-B535-844EBBF9D289}D:\\emule, divx\\emule.exe"= TCP:D:\emule, divx\emule.exe:eMule
    "TCP Query User{6B7F931C-CD1C-4129-8275-075A30DEBA14}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{E353D420-15BC-4837-9CAB-065E359589B3}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{2F15F38A-4B46-48E3-8921-FF6FE6D0DFC1}C:\\program files\\dap\\dap.exe"= UDP:C:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
    "UDP Query User{B6CECE21-CD78-4D4C-A655-7324754C0290}C:\\program files\\dap\\dap.exe"= TCP:C:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
    "TCP Query User{5703F225-1E15-48AF-B1A4-94C64DE51EFC}C:\\program files\\gamespy arcade\\aphex.exe"= UDP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.0
    "UDP Query User{E102D4C9-31AC-4E12-B321-5BB85028DBFD}C:\\program files\\gamespy arcade\\aphex.exe"= TCP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.0
    "TCP Query User{85C72ECC-4223-42B4-8FD0-098CB40C3810}C:\\users\\antho\\downloads\\emule\\incoming\\smiley's center pack.exe"= UDP:C:\users\antho\downloads\emule\incoming\smiley's center pack.exe:smiley's center pack.exe
    "UDP Query User{5DC80A59-8230-4D1E-93A2-8A4E498A6517}C:\\users\\antho\\downloads\\emule\\incoming\\smiley's center pack.exe"= TCP:C:\users\antho\downloads\emule\incoming\smiley's center pack.exe:smiley's center pack.exe
    "TCP Query User{C75FFE1D-25D9-436F-985D-E1FB04DB9111}C:\\users\\antho\\downloads\\emule\\incoming\\smiley's center pack avatar.exe"= UDP:C:\users\antho\downloads\emule\incoming\smiley's center pack avatar.exe:smiley's center pack avatar.exe
    "UDP Query User{BB43F992-B6E7-41D7-8C11-18DEF9AA53EF}C:\\users\\antho\\downloads\\emule\\incoming\\smiley's center pack avatar.exe"= TCP:C:\users\antho\downloads\emule\incoming\smiley's center pack avatar.exe:smiley's center pack avatar.exe
    "{B52B2D78-8313-4D9D-9207-409385E90B8A}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
    "{A03A8A84-55C9-4D98-89FB-2D4FF17FAE98}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
    "{88C3B4D9-57B2-4C73-B30E-1B99F358899B}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{A08C9179-3A45-4858-ADE5-9AF3878334D9}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "TCP Query User{3A71837B-35D6-4379-AE96-F97E83202840}C:\\users\\antho\\program files\\bittorrent_dna\\dna.exe"= UDP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe
    "UDP Query User{2D83D689-E235-4C81-990F-9F37CC15C882}C:\\users\\antho\\program files\\bittorrent_dna\\dna.exe"= TCP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe
    "TCP Query User{51B2DD42-91F6-4C04-9BB5-675D05ED9126}C:\\program files\\kss\\peertv\\peercast.exe"= UDP:C:\program files\kss\peertv\peercast.exe:PeerCast
    "UDP Query User{6E97BDF2-FAB2-4E6A-B054-92F8C72D4307}C:\\program files\\kss\\peertv\\peercast.exe"= TCP:C:\program files\kss\peertv\peercast.exe:PeerCast
    "TCP Query User{873F9C4F-C846-445B-832A-263418F90C7B}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
    "UDP Query User{A7E8F0C4-823E-4FE9-835B-C9C3C12A140F}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
    "TCP Query User{DF59C06F-B5DE-4B3E-91B1-1A08CABD9313}C:\\users\\antho\\program files\\bittorrent_dna\\dna.exe"= UDP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe
    "UDP Query User{8C79AA92-2EA1-49D0-94D8-ADEA5E249222}C:\\users\\antho\\program files\\bittorrent_dna\\dna.exe"= TCP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe
    "TCP Query User{3493BFB2-928E-482F-864F-CD93A687EF7F}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "UDP Query User{45CDA921-4560-406D-9069-60D42022F657}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "{D587302D-09DD-43B9-9A41-650B80DCCA73}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
    "{57FB543D-CC56-4A52-B0EC-5BC25ACCBDDC}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
    "TCP Query User{B818DD14-FA04-473E-91BB-B4DB118E0CE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:utorrent
    "UDP Query User{C7A621C3-F0D6-4C38-9312-74F29F76297A}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:utorrent
    "{A9FF4EEF-81E5-472B-BF29-EDF1A6E21584}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
    "{04BE99E0-11FB-4B1B-A929-3B4F001BACBB}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
    "TCP Query User{965FAB58-D1E0-4FCF-8306-5732D844CFF5}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{E12C5356-75E2-4506-AE9A-440FD39764E1}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
    "TCP Query User{84087DB4-DA5B-43AF-A0CC-CC9F7CC226E9}C:\\users\\antho\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "UDP Query User{C0F9C65E-2B48-4FAD-A3C4-10E03B031BEC}C:\\users\\antho\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "TCP Query User{1EA8784C-D890-4410-B7F2-9A76E5480521}C:\\users\\antho\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "UDP Query User{63364818-7361-4227-9407-D97DBA1799B7}C:\\users\\antho\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "TCP Query User{F56E73AA-21E1-49B2-B47B-8B8969D3C3B2}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{15B978BF-686C-4370-BB6B-0EF15DAAD918}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
    "{400FE3C7-136D-4019-81FE-FD5FBC2DF407}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{45651627-9F7B-4B5D-BA95-952807C491A1}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "TCP Query User{06FB6572-7F2A-4942-9100-E850B48B4F46}C:\\program files\\amsn\\bin\\wish.exe"= UDP:C:\program files\amsn\bin\wish.exe:Wish Application
    "UDP Query User{89C18C01-D10B-4E50-A0E4-5CD977C0C710}C:\\program files\\amsn\\bin\\wish.exe"= TCP:C:\program files\amsn\bin\wish.exe:Wish Application
    "{7CB965AD-DD8F-4761-AB07-159C89BF8BE3}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{759B9853-CB02-4ED5-9500-B2253BF1183F}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{6722D139-34A5-4A31-8C05-570D1149A893}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
    "{41D95863-086B-4981-9D6A-F42AFCAD6BBD}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
    "TCP Query User{636866E4-5E6C-403B-8403-37276E8F6364}C:\\users\\antho\\documents\\logiciels et autres applications\\emule.exe"= UDP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe
    "UDP Query User{77E2DA1E-EF5F-45D2-9A89-F7B4C639BDF2}C:\\users\\antho\\documents\\logiciels et autres applications\\emule.exe"= TCP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe
    "TCP Query User{BCAF9AAE-45EE-4C58-B05F-79C1FDC8CCB0}C:\\users\\antho\\program files\\dna\\btdna.exe"= UDP:C:\users\antho\program files\dna\btdna.exe:btdna.exe
    "UDP Query User{021CC62D-A463-4DBB-8AD5-58C6B649185E}C:\\users\\antho\\program files\\dna\\btdna.exe"= TCP:C:\users\antho\program files\dna\btdna.exe:btdna.exe
    "TCP Query User{DB02C6CC-914C-4403-93FD-A5FFF31BCA68}C:\\program files\\acronis\\trueimageconsole\\trueimageremoteconsole.exe"= UDP:C:\program files\acronis\trueimageconsole\trueimageremoteconsole.exe:True Image Remote Console
    "UDP Query User{8CE30D40-894F-407B-9E7B-9688F67DE45C}C:\\program files\\acronis\\trueimageconsole\\trueimageremoteconsole.exe"= TCP:C:\program files\acronis\trueimageconsole\trueimageremoteconsole.exe:True Image Remote Console
    "TCP Query User{3D5C1F4A-F5A6-4CB1-A943-8300599EAFBC}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
    "UDP Query User{65F25515-EA6B-4F98-A19D-542C3D5ADD5F}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
    "TCP Query User{DB84317C-DB98-4AEC-B6F1-A4E17280F064}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
    "UDP Query User{C609A5E1-509B-48D2-88EC-37CAEEDEF07D}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
    "TCP Query User{6B4F1D6A-E864-419C-84E5-3D5DF6853790}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
    "UDP Query User{85E1D39A-F6E0-4AAB-BAD3-561C98E2D124}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
    "TCP Query User{0930AD54-DCB8-4862-B3AF-0E7090175125}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
    "UDP Query User{3F44E42A-930C-42DF-88CC-F66B8312C2E2}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
    "{6802CD02-E0C1-47B2-AF31-8637867F49A9}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
    "{966EFDE7-0453-45F0-8C1B-61D7C49979D4}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
    "{4E381DEF-8434-4CC4-8786-8E5953C99457}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "TCP Query User{25EFF61B-BF19-4B9F-84E3-170358469854}C:\\program files\\phone\\skype.exe"= Disabled:UDP:C:\program files\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{C72BDAC5-DA32-4EAA-8E29-054B2B6722F2}C:\\program files\\phone\\skype.exe"= Disabled:TCP:C:\program files\phone\skype.exe:Skype. Take a deep breath
    "{2A99A101-D0E9-483E-BEE9-3C054D7C5B8F}"= UDP:C:\Users\antho\AppData\Roaming\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{A48DB6EA-B739-452F-B394-F1E959A294EE}"= TCP:C:\Users\antho\AppData\Roaming\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{661A2346-E86A-4112-B532-C0ED421FA844}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{1843B412-B58F-45F0-89CB-DE10C507F606}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{9346C052-B7CE-42F8-B09D-F78F303BFD07}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{6D82BDFA-5151-476E-836B-E813DA28C41D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{9368C9B5-0101-4FF1-AA87-00D840DBDBF9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{37519672-0D57-4FB8-90BA-1C602D884CE9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "DoNotAllowExceptions"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)
    "DoNotAllowExceptions"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:22]
    R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-05-28 18:49]
    R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-05-28 18:49]
    R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 14:12]
    R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe [2008-04-23 11:59]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot\SDWinSec.exe [2008-01-28 11:43]
    R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 15:46]
    R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-05-11 17:28]
    S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 05:10]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ccd3e16-5701-11dc-8efb-00038a000015}]
    \shell\1\Command - autorun.pif
    \shell\2\Command - autorun.pif
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ccd3e1b-5701-11dc-8efb-00038a000015}]
    \shell\AutoRun\command - K:\LaunchU3.exe -a

    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-06-07 20:55:12 C:\Windows\Tasks\User_Feed_Synchronization-{75918A0B-DC7E-4F07-9959-955064C5C2E5}.job"
    - C:\Windows\system32\msfeedssync.exe
    "2008-06-08 18:35:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour fusionner:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    ____________

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

    Registry::

    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0243BC71-E8CF-4E60-83AC-710A53BF050E}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2BFA2D-8F90-423F-A84F-FA0923BF25EE}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  17. patmoss Messages postés 2759 Statut Membre 41
     
    Puis-je le faire plus tard demain par exemple. Car là je ne pourrais pas. Je peut eteindre le PC ou le mettre en veille en attendant, qu'est-ce qui est préconiser? En tout cas merci pour tout. Au demarrage AntiVir avait détécté un virus dans C:/Combofix, est-ce normal?
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    il faut désactiver antivir le temps de la procdure que tu peux faire demain ( donc tu peux eteindre le pc)

    a plus
    0
  19. patmoss Messages postés 2759 Statut Membre 41
     
    ComboFix 08-06-05.3 - antho 2008-06-09 13:04:15.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.242 [GMT 2:00]
    Endroit: C:\Users\antho\Desktop\ComboFix.exe
    Command switches used :: C:\Users\antho\Desktop\CFscript.txt

    FILE ::
    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    .
    ---- Previous Run -------
    .
    C:\Program Files\internet explorer\msimg32.dll
    C:\Windows\System32\abIRtCfe.ini
    C:\Windows\System32\abIRtCfe.ini2
    C:\Windows\system32\awttRhGY.dll
    C:\Windows\system32\byXonnmL.dll
    C:\Windows\system32\f3PSSavr.scr
    C:\Windows\System32\fOpAaccf.ini
    C:\Windows\System32\fOpAaccf.ini2
    C:\Windows\System32\IQBLRqru.ini
    C:\Windows\System32\IQBLRqru.ini2
    C:\Windows\system32\jkkJyXRH.dll
    C:\Windows\system32\khfcbawW.dll
    C:\Windows\System32\kkklSvut.ini
    C:\Windows\System32\kkklSvut.ini2
    C:\Windows\System32\KTtvuwEg.ini
    C:\Windows\System32\KTtvuwEg.ini2
    C:\Windows\System32\LmnnoXyb.ini
    C:\Windows\System32\LmnnoXyb.ini2
    C:\Windows\System32\PWvvCcfe.ini
    C:\Windows\System32\PWvvCcfe.ini2
    C:\Windows\System32\rBehOXyb.ini
    C:\Windows\System32\rBehOXyb.ini2
    C:\Windows\System32\rYFgMnnn.ini
    C:\Windows\System32\rYFgMnnn.ini2
    C:\Windows\System32\vGiiRXbc.ini
    C:\Windows\System32\vGiiRXbc.ini2
    C:\Windows\system32\yayaWPGY.dll
    C:\Windows\system32\YGPWayay.ini
    C:\Windows\System32\YGPWayay.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-09 to 2008-06-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-08 12:03 . 2008-06-08 19:41 <REP> d-------- C:\HijackThis
    2008-06-08 11:01 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
    2008-06-08 10:01 . 2008-06-08 10:01 <REP> d-------- C:\Program Files\Microsoft.NET
    2008-06-08 10:01 . 2008-06-08 10:01 <REP> d-------- C:\Program Files\HDDGURU LLF Tool
    2008-06-08 09:51 . 2008-06-08 09:51 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2008-06-08 09:47 . 2008-06-08 10:06 <REP> d-------- C:\Windows\SHELLNEW
    2008-06-08 09:45 . 2008-06-08 11:08 <REP> d-------- C:\ProgramData\Microsoft Help
    2008-06-08 09:03 . 2008-06-08 09:08 <REP> d-a------ C:\office 2007
    2008-06-07 21:31 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-06-07 21:31 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
    2008-06-07 17:49 . 2008-06-07 17:49 <REP> d-------- C:\Program Files\Hard Drive Inspector
    2008-06-07 12:09 . 2008-06-07 19:59 <REP> d-------- C:\Program Files\PeerGuardian2
    2008-06-07 11:08 . 2008-06-07 11:08 <REP> d-------- C:\Users\antho\AppData\Roaming\HDD Thermometer
    2008-06-07 11:08 . 2008-06-07 11:08 <REP> d-------- C:\ProgramData\HDD Thermometer
    2008-06-07 10:47 . 2008-06-07 10:47 <REP> d-------- C:\_OTMoveIt
    2008-06-06 19:02 . 2008-06-06 19:02 <REP> d-------- C:\Users\antho\AppData\Roaming\Malwarebytes
    2008-06-06 19:01 . 2008-06-06 19:01 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-06-06 18:02 . 2008-06-05 10:44 <REP> d-------- C:\SDFix
    2008-06-06 17:53 . 2008-06-06 19:34 <REP> d-------- C:\VundoFix Backups
    2008-06-06 17:14 . 2008-06-06 17:14 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-06-06 13:32 . 2008-06-06 21:32 <REP> d-------- C:\__eetemp
    2008-06-05 22:21 . 2008-06-06 17:13 559 --a------ C:\Windows\wininit.ini
    2008-06-04 23:21 . 2008-06-04 23:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Videos
    2008-06-04 23:21 . 2008-06-04 23:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Searches
    2008-06-04 23:21 . 2008-06-04 23:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Saved Games
    2008-06-04 23:21 . 2008-06-04 23:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Pictures
    2008-06-04 23:21 . 2008-06-04 23:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Links
    2008-06-04 23:21 . 2008-06-04 23:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Downloads
    2008-06-04 21:50 . 2008-06-04 20:11 152,576 --a------ C:\Windows\System32\SPWizUI.dll
    2008-06-04 21:50 . 2008-06-04 20:11 47,560 --a------ C:\Windows\System32\SPReview.exe
    2008-06-04 21:24 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe
    2008-06-04 21:24 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll
    2008-06-04 21:22 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe
    2008-06-04 21:20 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll
    2008-06-04 21:20 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll
    2008-06-04 21:18 . 2008-06-04 21:21 <REP> d-------- C:\Windows\A1C4EE2BDF144488BC8AF9336D588E97.TMP
    2008-06-04 21:15 . 2008-01-18 23:35 4,495,360 --a------ C:\Windows\System32\NlsData0816.dll
    2008-06-04 21:14 . 2008-01-18 23:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
    2008-06-04 21:13 . 2008-01-18 23:33 5,714,432 --a------ C:\Windows\System32\logon.scr
    2008-06-04 21:11 . 2008-01-18 23:36 2,153,472 --a------ C:\Windows\System32\oobefldr.dll
    2008-06-04 21:10 . 2008-01-18 23:33 2,927,104 --a------ C:\Windows\explorer.exe
    2008-06-04 21:09 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
    2008-06-04 21:07 . 2008-01-18 23:33 3,216,896 --a------ C:\Windows\System32\WinSAT.exe
    2008-06-04 21:05 . 2008-01-18 23:43 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-06-04 21:04 . 2008-01-18 23:32 691,200 --a------ C:\Windows\System32\TabletPC.cpl
    2008-06-04 21:02 . 2008-01-18 23:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
    2008-06-04 21:01 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
    2008-06-04 21:00 . 2008-01-18 23:36 1,505,792 --a------ C:\Windows\System32\tquery.dll
    2008-06-04 20:59 . 2008-01-18 23:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll
    2008-06-04 20:58 . 2008-01-18 21:28 226,816 --a------ C:\Windows\System32\drivers\udfs.sys
    2008-06-04 20:58 . 2008-01-18 23:36 208,384 --a------ C:\Windows\System32\uDWM.dll
    2008-06-04 20:58 . 2008-01-18 23:36 152,064 --a------ C:\Windows\System32\UIAutomationCore.dll
    2008-06-04 20:58 . 2008-01-18 23:36 92,672 --a------ C:\Windows\System32\ufat.dll
    2008-06-04 20:58 . 2008-01-18 23:36 89,088 --a------ C:\Windows\System32\txflog.dll
    2008-06-04 20:58 . 2008-01-18 23:36 56,320 --a------ C:\Windows\System32\uexfat.dll
    2008-06-04 20:58 . 2008-01-18 23:33 35,840 --a------ C:\Windows\System32\UI0Detect.exe
    2008-06-04 20:58 . 2008-01-05 03:21 28,672 --a------ C:\Windows\System32\TsWpfWrp.exe
    2008-06-04 20:58 . 2008-01-18 21:55 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys
    2008-06-04 20:58 . 2008-01-18 21:55 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS
    2008-06-04 20:25 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
    2008-06-04 20:11 . 2008-06-04 20:11 <REP> d-------- C:\96c2110d97d1b8b8abf446f4818453
    2008-06-04 18:43 . 2008-06-04 18:52 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-06-04 18:43 . 2008-06-08 19:21 <REP> d-------- C:\Program Files\Spybot
    2008-06-03 20:21 . 2008-06-03 20:21 <REP> d-------- C:\Program Files\NeoSmart Technologies
    2008-06-03 20:19 . 2008-06-03 20:20 <REP> d-------- C:\Program Files\Mz_CpuAcc
    2008-06-03 20:17 . 2008-06-03 20:17 <REP> d-------- C:\Program Files\FreshDevices
    2008-06-01 15:51 . 2008-06-04 20:09 <REP> d-------- C:\Program Files\Hard Disk Sentinel
    2008-06-01 00:24 . 2008-06-01 00:24 <REP> d-------- C:\Program Files\Microsoft Silverlight
    2008-06-01 00:05 . 2008-01-18 23:34 15,872 --a------ C:\Windows\System32\hcrstco.dll
    2008-05-31 21:30 . 2008-05-31 21:30 <REP> d-------- C:\ProgramData\TechSmith
    2008-05-31 21:27 . 2008-05-31 21:27 <REP> d-------- C:\Program Files\TechSmith
    2008-05-30 20:03 . 2008-05-30 20:03 <REP> d-------- C:\Program Files\AxBx
    2008-05-29 21:51 . 2008-05-29 21:52 <REP> d-------- C:\Program Files\Windows Live Toolbar
    2008-05-29 21:40 . 2008-05-29 21:40 <REP> d-------- C:\Windows\PCHEALTH
    2008-05-29 21:40 . 2008-06-05 18:59 <REP> d-------- C:\Program Files\MSN Messenger
    2008-05-29 21:18 . 2006-10-30 17:22 8,192 --a------ C:\Windows\System32\drivers\AtiPcie.sys
    2008-05-29 19:05 . 2008-05-29 19:05 <REP> d-------- C:\Windows\Repair
    2008-05-28 23:19 . 2007-07-04 00:16 1,820 --a------ C:\Windows\System32\rasctrnm.h
    2008-05-28 23:04 . 2008-06-04 21:53 81,920 --a------ C:\Windows\SPInstall.etl
    2008-05-28 22:10 . 2008-06-04 18:42 0 --ah----- C:\Users\Default.LOG2
    2008-05-28 22:10 . 2008-06-04 18:42 0 --ah----- C:\Users\Default.LOG1
    2008-05-28 22:10 . 2008-05-28 22:10 0 --ah----- C:\ProgramData.LOG2
    2008-05-28 22:10 . 2008-05-28 22:10 0 --ah----- C:\ProgramData.LOG1
    2008-05-28 20:01 . 2008-06-05 08:09 <REP> d-------- C:\Users\antho\AppData\Roaming\ESTsoft
    2008-05-28 20:01 . 2008-05-28 20:02 <REP> d-------- C:\Program Files\ESTsoft
    2008-05-28 19:42 . 2008-05-28 19:45 <REP> d-------- C:\Users\antho\AppData\Roaming\Notepad++
    2008-05-28 19:42 . 2008-05-28 19:42 <REP> d-------- C:\Program Files\Notepad++
    2008-05-28 19:31 . 2008-05-28 19:31 <REP> d-------- C:\Program Files\Intel
    2008-05-28 18:28 . 2008-05-28 18:28 <REP> d-------- C:\Program Files\COMODO
    2008-05-28 18:28 . 2008-05-28 18:49 76,280 --a------ C:\Windows\System32\drivers\cmdGuard.sys
    2008-05-28 18:28 . 2008-05-28 18:49 24,568 --a------ C:\Windows\System32\drivers\cmdhlp.sys
    2008-05-28 13:22 . 2006-10-25 19:09 758,352 --a------ C:\fwconfig.exe
    2008-05-28 13:22 . 2006-10-25 19:09 131,072 --a------ C:\clicapi.dll
    2008-05-26 21:49 . 2008-05-26 21:49 <REP> d-------- C:\ProgramData\Avira
    2008-05-26 21:49 . 2008-05-26 21:49 <REP> d-------- C:\Program Files\Avira
    2008-05-26 19:28 . 2008-05-26 20:23 81,984 --a------ C:\Windows\System32\bdod.bin
    2008-05-25 14:42 . 2008-05-26 20:27 121 --a------ C:\Windows\bdagent.INI
    2008-05-25 14:06 . 2008-05-26 20:30 <REP> d-------- C:\Program Files\BitDefender
    2008-05-25 14:03 . 2008-05-26 20:30 <REP> d-------- C:\Program Files\Common Files\BitDefender
    2008-05-25 13:59 . 2008-05-25 13:59 <REP> d-------- C:\Programas
    2008-05-24 18:42 . 2007-12-15 18:35 1,626 --a------ C:\[u]0/u2B780B8.key
    2008-05-24 14:06 . 2008-05-25 13:35 <REP> d-------- C:\ProgramData\Kaspersky Lab
    2008-05-18 09:57 . 2008-05-18 09:57 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files
    2008-05-17 21:09 . 2008-05-18 09:04 171,136 -rahs---- C:\grldr
    2008-05-17 08:37 . 2008-05-17 08:38 <REP> d-------- C:\Program Files\Opera
    2008-05-16 09:00 . 2008-05-16 09:00 <REP> d-------- C:\ProgramData\eMule
    2008-05-15 19:55 . 2008-05-15 19:55 <REP> d-------- C:\Program Files\BSD Concept
    2008-05-15 12:42 . 2008-05-15 12:42 <REP> d-------- C:\Program Files\MagicISO
    2008-05-14 22:11 . 2008-06-06 13:41 0 ---hs---- C:\Windows\S164E22E3.tmp
    2008-05-14 22:06 . 2008-05-14 22:06 <REP> d-------- C:\Program Files\SlySoft
    2008-05-11 13:03 . 2008-05-11 13:08 <REP> d-------- C:\Program Files\Common Files\Adobe
    2008-05-09 16:29 . 2008-05-09 16:29 <REP> d-------- C:\Program Files\Ligos
    2008-05-09 16:29 . 2000-06-23 14:05 136,704 --a------ C:\Windows\System32\iacenc.dll
    2008-05-09 16:29 . 2000-06-22 13:09 56,320 --------- C:\Windows\System32\iyvu9_32.dll
    2008-05-09 16:21 . 2008-05-09 16:21 <REP> d-------- C:\Program Files\MediaTV
    2008-05-09 16:09 . 2008-05-11 09:54 <REP> d-------- C:\Program Files\DivXCodec

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-09 11:03 --------- d-----w C:\Users\antho\AppData\Roaming\DNA
    2008-06-09 10:58 --------- d-----w C:\Users\antho\AppData\Roaming\DMCache
    2008-06-09 10:53 --------- d-----w C:\Users\antho\AppData\Roaming\Skype
    2008-06-08 18:33 --------- d-----w C:\Users\antho\AppData\Roaming\OpenOffice.org2
    2008-06-08 17:21 --------- d-----w C:\Program Files\Internet Download Manager
    2008-06-08 10:15 --------- d-----w C:\Users\antho\AppData\Roaming\Vista Start Menu
    2008-06-08 09:43 --------- d-----w C:\Users\antho\AppData\Roaming\uTorrent
    2008-06-08 08:10 --------- d-----w C:\Program Files\Microsoft Works
    2008-06-08 08:09 --------- d-----w C:\Program Files\MSBuild
    2008-06-08 06:42 --------- d-----w C:\Program Files\Common Files\L&H
    2008-06-08 01:08 --------- d-----w C:\Program Files\Windows Mail
    2008-06-07 21:26 --------- d-----w C:\ProgramData\Roxio
    2008-06-07 20:45 24,306 ----a-w C:\Users\antho\AppData\Roaming\wklnhst.dat
    2008-06-06 17:09 --------- d-----w C:\Program Files\PowerISO
    2008-06-05 20:41 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-06-05 18:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-05 16:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-06-05 16:13 --------- d-----w C:\Program Files\Common Files\Acronis
    2008-06-04 21:15 174 --sha-w C:\Program Files\desktop.ini
    2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Sidebar
    2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Collaboration
    2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Calendar
    2008-06-04 20:51 --------- d-----w C:\Program Files\Windows Defender
    2008-06-04 20:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-06-04 20:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-06-01 18:41 --------- d-----w C:\Program Files\RALINK
    2008-05-31 01:15 --------- d-----w C:\Program Files\Learning Essentials
    2008-05-29 20:16 --------- d-----w C:\Program Files\ATI
    2008-05-28 20:41 --------- d-----w C:\Users\antho\AppData\Roaming\Packard Bell
    2008-05-28 16:49 139,008 ----a-w C:\Windows\System32\guard32.dll
    2008-05-28 16:28 --------- d-----w C:\Users\antho\AppData\Roaming\Comodo
    2008-05-26 17:51 --------- d-----w C:\Program Files\Symantec
    2008-05-24 16:58 --------- d-----w C:\Program Files\Alwil Software
    2008-05-24 16:56 --------- d-----w C:\Users\antho\AppData\Roaming\IDM
    2008-05-16 06:55 --------- d-----w C:\Program Files\eMule
    2008-05-01 07:34 --------- d-----w C:\ProgramData\Symantec
    2008-04-26 09:49 --------- d-----w C:\Program Files\AOL 9.0 VR
    2008-04-26 09:47 --------- d-----w C:\Users\antho\AppData\Roaming\LimeWire
    2008-04-25 20:32 --------- d-----w C:\Program Files\Quicken
    2008-04-25 20:06 --------- d-----w C:\Users\antho\AppData\Roaming\Systweak
    2008-04-25 20:06 --------- d-----w C:\Program Files\Advanced System Optimizer
    2008-04-25 19:51 --------- d-----w C:\Users\antho\AppData\Roaming\Application Data
    2008-04-25 19:43 --------- d-----w C:\Program Files\Philips
    2008-04-25 17:17 --------- d-----w C:\Program Files\Auralog
    2008-04-25 10:02 --------- d-----w C:\Users\antho\AppData\Roaming\BSDh9
    2008-04-24 18:44 --------- d---a-w C:\ProgramData\TEMP
    2008-04-24 12:59 --------- d-----w C:\Users\antho\AppData\Roaming\iolo
    2008-04-23 15:25 100,904 ----a-w C:\Users\antho\AppData\Roaming\GDIPFONTCACHEV1.DAT
    2008-04-23 11:41 --------- d-----w C:\Program Files\SweetIM
    2008-04-23 11:39 --------- d-----w C:\ProgramData\SweetIM
    2008-04-23 08:24 --------- d-----w C:\ProgramData\Genie-Soft
    2008-04-23 08:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-04-23 08:19 --------- d-----w C:\Program Files\Genie-Soft
    2008-04-21 21:03 --------- d-----w C:\Program Files\OpenOffice.org 2.4
    2008-04-21 18:49 --------- d-----w C:\ProgramData\iolo
    2008-04-14 17:56 --------- d-----w C:\Users\antho\AppData\Roaming\Simply Super Software
    2008-04-14 17:56 --------- d-----w C:\ProgramData\Simply Super Software
    2008-04-13 19:17 --------- d-----w C:\ProgramData\BVRP Software
    2008-04-13 18:57 --------- d-----w C:\Users\antho\AppData\Roaming\Avanquest
    2008-04-13 18:57 --------- d-----w C:\ProgramData\Avanquest
    2008-04-13 18:45 --------- d-----w C:\Program Files\Avanquest
    2008-04-13 09:55 74,703 ----a-w C:\Windows\System32\mfc45.dll
    2008-04-12 10:14 --------- d-----w C:\Program Files\Microsoft Etudes
    2008-04-10 19:09 --------- d--h--w C:\ProgramData\{A526BBD6-4321-4B38-BF34-B3C9B982DA32}
    2008-04-10 18:58 --------- d-----w C:\ProgramData\{CFAB4006-0AE0-414D-866A-DCB2C46553CF}
    2008-04-10 18:56 --------- d-----w C:\Program Files\Blaze Media Pro
    2007-10-11 17:33 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe
    2005-11-04 15:59 135,525 ----a-w C:\Program Files\Common Files\ReportPreview.app
    2005-01-21 06:53 45,056 ------r C:\Program Files\SetAttrib.exe
    2004-11-30 13:23 40,960 ------r C:\Program Files\delete.exe
    2008-02-17 11:28 5 --sha-w C:\Windows\System32\afcfdcbd6_g.dll
    2007-10-30 22:31 11,270 --sha-w C:\Windows\System32\KGyGaAvL.sys
    2006-11-02 12:34 168,960 --sha-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16386_none_09330123522ea8c1\wmplayer.exe
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((( snapshot@2008-06-06_21.40.20.17 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-18 21:33:42 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    + 2008-03-08 04:19:20 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
    - 2008-01-18 21:33:42 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
    + 2008-03-08 04:19:20 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
    - 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    + 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    - 2008-01-18 21:33:42 459,264 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    + 2008-03-08 04:19:21 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    - 2008-01-18 21:33:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    + 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    - 2007-10-28 17:15:38 110,592 ----a-w C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
    + 2008-06-08 08:10:09 110,592 ----a-w C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
    + 2008-06-08 08:10:15 4,608 ----a-w C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
    + 2008-06-08 08:09:59 1,215,328 ----a-w C:\Windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
    + 2008-06-08 08:10:00 82,784 ----a-w C:\Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
    + 2008-06-08 08:09:38 31,560 ----a-w C:\Windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
    + 2008-06-08 08:10:07 8,007,680 ----a-w C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
    + 2008-06-08 08:09:38 16,712 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
    + 2008-06-08 08:02:34 80,696 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
    + 2008-06-08 08:06:15 1,612,592 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
    + 2008-06-08 08:06:16 1,276,720 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
    + 2008-06-08 08:06:16 150,320 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
    + 2008-06-08 08:09:41 404,296 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
    + 2008-06-08 08:06:24 88,896 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
    + 2008-06-08 08:06:22 146,232 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
    + 2008-06-08 08:08:54 17,208 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
    + 2008-06-08 08:06:18 920,376 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
    + 2008-06-08 08:06:19 35,648 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
    + 2008-06-08 08:06:20 248,632 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
    + 2008-06-08 08:06:20 232,248 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
    + 2008-06-08 08:06:17 20,280 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
    + 2008-06-08 08:06:21 781,104 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    + 2008-06-08 08:10:04 13,312 ----a-w C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
    + 2008-06-08 08:06:16 371,496 ----a-w C:\Windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
    + 2008-06-08 08:06:21 64,288 ----a-w C:\Windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
    + 2008-06-08 08:06:18 416,544 ----a-w C:\Windows\assembly\GAC\Office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
    + 2008-06-08 08:02:26 12,104 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
    + 2008-06-08 08:02:37 12,096 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
    + 2008-06-08 08:07:25 12,096 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
    + 2008-06-08 08:09:43 12,616 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
    + 2008-06-08 08:09:41 12,616 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
    + 2008-06-08 08:09:03 12,104 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
    + 2008-06-08 08:08:54 12,632 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
    + 2008-06-08 08:09:03 12,112 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
    + 2008-06-08 08:09:24 12,104 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
    + 2008-06-08 08:08:29 12,104 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
    + 2008-06-08 08:09:33 12,096 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
    + 2008-06-08 08:08:35 12,080 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
    + 2008-06-08 08:08:34 11,544 ----a-w C:\Windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
    + 2008-06-08 08:09:39 118,112 ----a-w C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
    + 2008-06-08 08:10:35 367,400 ----a-w C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
    + 2008-06-08 08:09:39 609,104 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
    + 2008-06-08 08:09:38 43,840 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
    + 2008-06-08 08:09:42 39,728 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
    + 2008-06-08 08:09:39 60,200 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
    + 2008-06-08 08:09:57 211,736 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
    + 2008-06-08 08:09:57 105,248 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
    + 2008-06-08 08:09:55 330,520 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
    + 2008-06-08 08:09:57 39,712 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
    + 2008-06-08 08:09:58 39,704 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
    + 2008-06-08 08:09:56 72,472 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
    + 2008-06-08 08:09:58 47,832 ----a-w C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    + 2008-06-08 08:09:58 39,624 ----a-w C:\Windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
    - 2008-06-06 19:23:57 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-06-09 10:32:59 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-06-08 09:04:05 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
    + 2008-06-08 09:04:06 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
    + 2008-06-08 09:04:05 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
    + 2008-06-08 09:04:06 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
    + 2008-06-08 09:04:06 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
    + 2008-06-08 09:04:06 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
    + 2008-06-08 09:04:07 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
    + 2008-06-08 09:04:06 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
    + 2008-06-08 09:04:06 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
    + 2008-06-08 09:04:06 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
    + 2008-06-08 09:04:07 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
    + 2008-06-08 09:04:05 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
    + 2008-06-08 07:46:36 217,864 ----a-r C:\Windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
    + 2008-06-07 19:49:27 32,768 ----a-r C:\Windows\Installer\{C523D256-313D-4866-B36A-F3DE528246EF}\icon.exe
    + 2008-06-08 18:23:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-06-08 18:23:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-06-06 19:24:46 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    + 2008-06-08 18:25:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
    - 2008-06-06 19:24:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-06-08 18:25:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
    + 2008-06-08 18:25:52 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-06-06 15:27:45 1,672 ----a-w C:\Windows\SoftwareDistribution\EventCache\{8F66E85A-166A-4F9E-AB4D-C48795EABEF2}.bin
    + 2008-06-08 09:47:36 7,858 ----a-w C:\Windows\SoftwareDistribution\EventCache\{8F66E85A-166A-4F9E-AB4D-C48795EABEF2}.bin
    - 2008-06-06 17:13:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-06-09 10:53:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-06-06 17:13:44 98,304 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-06-09 10:53:36 98,304 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-06-06 17:13:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-06-09 10:53:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 1999-10-17 18:01:42 1,129,232 ----a-w C:\Windows\System32\FM20.DLL
    + 2006-10-26 12:10:08 1,190,688 ----a-w C:\Windows\System32\FM20.DLL
    - 1999-10-17 18:01:16 26,384 ----a-w C:\Windows\System32\FM20ENU.DLL
    + 2006-10-26 12:10:06 33,088 ----a-w C:\Windows\System32\FM20ENU.DLL
    - 2008-06-06 11:42:17 391,112 ----a-w C:\Windows\System32\FNTCACHE.DAT
    + 2008-06-08 16:57:20 476,352 ----a-w C:\Windows\System32\FNTCACHE.DAT
    + 2008-02-27 03:50:08 189,704 ----a-w C:\Windows\System32\HDDSvc.exe
    - 2007-05-08 13:03:04 1,275,392 ----a-w C:\Windows\System32\msxml4.dll
    + 2007-08-24 16:08:24 1,275,392 ----a-w C:\Windows\System32\msxml4.dll
    - 2008-06-06 18:55:17 104,742 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-06-08 18:36:16 104,940 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-06-06 18:55:17 127,798 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-06-08 18:36:16 128,004 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-06-06 18:55:17 595,308 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-06-08 18:36:16 595,506 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-06-06 18:55:17 196,388 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-06-08 18:36:16 196,626 ----a-w C:\Windows\System32\perfh00C.dat
    - 1998-03-24 19:54:08 15,872 ----a-w C:\Windows\System32\SCP32.DLL
    + 2006-07-24 08:50:40 39,728 ----a-w C:\Windows\System32\SCP32.DLL
    - 2008-06-06 11:39:08 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
    + 2008-06-08 01:09:33 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
    + 2006-10-26 17:56:16 864,080 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\msonpdrv.dll
    + 2006-10-26 17:56:14 67,408 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\msonpui.dll
    + 2006-10-26 17:56:16 864,080 ----a-w C:\Windows\System32\spool\drivers\w32x86\msonpdrv.dll
    + 2006-10-26 17:56:14 67,408 ----a-w C:\Windows\System32\spool\drivers\w32x86\msonpui.dll
    + 2006-10-26 17:56:12 33,104 ----a-w C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
    - 1999-11-24 16:40:50 40,960 ----a-w C:\Windows\System32\VBAME.DLL
    + 2006-07-24 08:50:40 47,920 ----a-w C:\Windows\System32\VBAME.DLL
    - 2008-06-06 11:46:11 13,166 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3525442163-3756774792-3855537706-1002_UserData.bin
    + 2008-06-08 18:26:45 13,484 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3525442163-3756774792-3855537706-1002_UserData.bin
    - 2008-06-06 11:46:11 68,456 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-06-08 18:26:44 69,228 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-06-06 11:38:22 5,490 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    + 2008-06-08 11:36:54 5,490 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
    - 2008-06-06 11:46:06 71,398 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-06-08 01:14:27 72,194 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2008-06-04 16:18:06 281,894 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2008-06-09 10:33:28 286,248 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2008-06-04 21:01:34 250,276,053 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    + 2008-06-07 19:49:47 250,278,469 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
    + 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16651_none_0a06ea31f54d7fe8\AcRes.dll
    + 2008-03-08 00:15:10 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20788_none_0a77193f0e7d24e6\AcRes.dll
    + 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18032_none_0c03c8f9f262f24e\AcRes.dll
    + 2008-03-08 01:56:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22132_none_0c8d65c50b809218\AcRes.dll
    + 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16651_none_0a08eac5f54bb296\AcGenral.dll
    + 2008-03-08 04:15:43 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20788_none_0a7919d30e7b5794\AcGenral.dll
    + 2008-03-08 04:19:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18032_none_0c05c98df26124fc\AcGenral.dll
    + 2008-03-08 04:09:28 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22132_none_0c8f66590b7ec4c6\AcGenral.dll
    + 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16651_none_0a09eb0ff54acbed\AcSpecfc.dll
    + 2008-03-08 04:15:44 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20788_none_0a7a1a1d0e7a70eb\AcSpecfc.dll
    + 2008-03-08 04:19:21 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18032_none_0c06c9d7f2603e53\AcSpecfc.dll
    + 2008-03-08 04:09:29 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22132_none_0c9066a30b7dde1d\AcSpecfc.dll
    + 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcLayers.dll
    + 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcXtrnal.dll
    + 2008-03-08 04:15:44 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcLayers.dll
    + 2008-03-08 04:15:44 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcXtrnal.dll
    + 2008-03-08 04:19:20 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcLayers.dll
    + 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcXtrnal.dll
    + 2008-03-08 04:09:28 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcLayers.dll
    + 2008-03-08 04:09:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcXtrnal.dll
    + 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\gameux.dll
    + 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\GameUXLegacyGDFs.dll
    + 2008-03-08 04:16:23 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\gameux.dll
    + 2008-03-08 00:29:38 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\GameUXLegacyGDFs.dll
    + 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\gameux.dll
    + 2008-03-08 02:08:55 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\GameUXLegacyGDFs.dll
    + 2008-03-08 04:10:46 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\gameux.dll
    + 2008-03-08 02:09:25 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\GameUXLegacyGDFs.dll
    + 2008-04-16 00:49:12 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16674_none_f05a2d326e88eb29\OESpamFilter.dat
    + 2008-04-16 00:44:28 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20815_none_f125abb58774f9cb\OESpamFilter.dat
    + 2008-04-16 00:44:37 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18054_none_f2560bb06b9f4438\OESpamFilter.dat
    + 2008-04-16 00:43:45 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22159_none_f2e4a9ed84b862b5\OESpamFilter.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-20 18:26 289088]
    "PCMService"="c:\Program Files\Powercinema\PCMService.exe" [2006-11-15 16:49 151552]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
    "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 12:11 81920]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184]
    "VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-10-29 18:47 1682944]
    "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 16:49 1092152]
    "Meteo Fusion"="C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe" [2007-04-12 13:01 294912]
    "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-23 17:15 2577840]
    "Skype"="C:\Program Files\Phone\Skype.exe" [2007-09-13 13:31 22880040]
    "RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2008-01-18 23:33 12800]
    "MzCpuAccelerator"="C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe" [2008-05-29 00:15 159744]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184]
    "GBMPro8Agent"="C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-01-27 09:55 230016]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-28 18:48 1481984]
    "HDInspector.exe"="C:\Program Files\Hard Drive Inspector\HDInspector.exe" [2008-03-26 18:22 1007368]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

    C:\Users\antho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    FullShot 9.lnk - C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe [2007-07-04 01:00:00 3993600]
    OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-10-15 17:41:47 1585152]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"= 1 (0x1)
    "AllowUnhashedWebView"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoBandCustomize"= 0 (0x0)
    "NoMovingBands"= 0 (0x0)
    "NoCloseDragDropBands"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.avis"= ffvfw.dll
    "vidc.fvfw"= ffvfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    --a------ 2006-10-24 23:08 107112 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
    --a------ 2007-11-26 20:46 456072 C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    --a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3525442163-3756774792-3855537706-1002]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{01E66E1C-3F58-4100-9979-969E84A0185F}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
    "{7E6503D6-F74C-4404-B1D2-C5F5BFAA3F4C}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect
    "{46287467-9706-4F01-87B8-04F8E32FBF8E}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
    "{68EECAC6-165F-4634-8DCF-3EF2D444A33F}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL
    "{1809F410-608B-4960-8A0A-8EE63FCDD1E8}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
    "{01955B9E-02AC-4CA0-9E1B-401FF76EDA0B}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
    "{BD688FB9-3901-4073-A779-453A3F48E281}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
    "{2E6E59BC-17D0-4C9F-88A9-260913C3B64F}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
    "{FD843E49-9219-4181-9B2D-836C7F552C04}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
    "{E2CE24DB-1978-41EF-BE46-B742741D090D}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
    "{581C3C69-E48E-440B-BCDC-736440C35946}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
    "{5B4E6F60-A58C-4A40-99EB-C8078B8B3CA9}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
    "{FDE4E33C-94E9-40AA-9ED4-C4057CDCF405}"= UDP:C:\Program Files\Powercinema\PowerCinema.exe:CyberLink PowerCinema
    "{59F25144-3256-4102-940E-7C16BBBE40AC}"= TCP:C:\Program Files\Powercinema\PowerCinema.exe:CyberLink PowerCinema
    "{E73B0411-5451-4930-AC79-C0D016568B1C}"= UDP:C:\Program Files\Powercinema\PCMService.exe:CyberLink PowerCinema Resident Program
    "{C74E8417-8F17-4E34-B212-2C3AFE355A2C}"= TCP:C:\Program Files\Powercinema\PCMService.exe:CyberLink PowerCinema Resident Program
    "{91DBBC18-3919-4F47-B3CA-457DC4B9E0C7}"= UDP:C:\Windows\System32\WindowsAnytimeUpgrade.exe:Achat de mise à niveau en ligne
    "{74AE9E5F-5689-41AB-9A6F-E6D03E117267}"= TCP:C:\Windows\System32\WindowsAnytimeUpgrade.exe:Achat de mise à niveau en ligne
    "TCP Query User{07A95485-2F6E-4CE0-8053-0CC0A04051E4}C:\\users\\antho\\documents\\logiciels et autres applications\\emule.exe"= UDP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe
    "UDP Query User{8BBBA791-BA17-431D-A9FE-0DC0A29D4090}C:\\users\\antho\\documents\\logiciels et autres applications\\emule.exe"= TCP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe
    "TCP Query User{6A2D8392-0021-4BEF-BFB6-F9E638563201}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{6FA76C49-8162-44A3-92DC-14EB9B2BA6F7}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "{0C22D93B-237C-4F96-A5BB-70A4DFEE4EDA}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
    "{97492C02-5B44-4F5D-AFB0-605C6A2A9B87}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
    "TCP Query User{37A804FE-AEFC-44DD-A9A6-36C14A337080}D:\\emule, divx\\emule.exe"= UDP:D:\emule, divx\emule.exe:eMule
    "UDP Query User{6632D0CD-0207-4DC5-B535-844EBBF9D289}D:\\emule, divx\\emule.exe"= TCP:D:\emule, divx\emule.exe:eMule
    "TCP Query User{6B7F931C-CD1C-4129-8275-075A30DEBA14}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
    "UDP Query User{E353D420-15BC-4837-9CAB-065E359589B3}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
    "TCP Query User{2F15F38A-4B46-48E3-8921-FF6FE6D0DFC1}C:\\program files\\dap\\dap.exe"= UDP:C:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
    "UDP Query User{B6CECE21-CD78-4D4C-A655-7324754C0290}C:\\program files\\dap\\dap.exe"= TCP:C:\program files\dap\dap.exe:Download Accelerator Plus (DAP)
    "TCP Query User{5703F225-1E15-48AF-B1A4-94C64DE51EFC}C:\\program files\\gamespy arcade\\aphex.exe"= UDP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.0
    "UDP Query User{E102D4C9-31AC-4E12-B321-5BB85028DBFD}C:\\program files\\gamespy arcade\\aphex.exe"= TCP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.0
    "TCP Query User{85C72ECC-4223-42B4-8FD0-098CB40C3810}C:\\users\\antho\\downloads\\emule\\incoming\\smiley's center pack.exe"= UDP:C:\users\antho\downloads\emule\incoming\smiley's center pack.exe:smiley's center pack.exe
    "UDP Query User{5DC80A59-8230-4D1E-93A2-8A4E498A6517}C:\\users\\antho\\downloads\\emule\\incoming\\smiley's center pack.exe"= TCP:C:\users\antho\downloads\emule\incoming\smiley's center pack.exe:smiley's center pack.exe
    "TCP Query User{C75FFE1D-25D9-436F-985D-E1FB04DB9111}C:\\users\\antho\\downloads\\emule\\incoming\\smiley's center pack avatar.exe"= UDP:C:\users\antho\downloads\emule\incoming\smiley's center pack avatar.exe:smiley's center pack avatar.exe
    "UDP Query User{BB43F992-B6E7-41D7-8C11-18DEF9AA53EF}C:\\users\\antho\\downloads\\emule\\incoming\\smiley's center pack avatar.exe"= TCP:C:\users\antho\downloads\emule\incoming\smiley's center pack avatar.exe:smiley's center pack avatar.exe
    "{B52B2D78-8313-4D9D-9207-409385E90B8A}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
    "{A03A8A84-55C9-4D98-89FB-2D4FF17FAE98}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
    "{88C3B4D9-57B2-4C73-B30E-1B99F358899B}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "{A08C9179-3A45-4858-ADE5-9AF3878334D9}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
    "TCP Query User{3A71837B-35D6-4379-AE96-F97E83202840}C:\\users\\antho\\program files\\bittorrent_dna\\dna.exe"= UDP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe
    "UDP Query User{2D83D689-E235-4C81-990F-9F37CC15C882}C:\\users\\antho\\program files\\bittorrent_dna\\dna.exe"= TCP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe
    "TCP Query User{51B2DD42-91F6-4C04-9BB5-675D05ED9126}C:\\program files\\kss\\peertv\\peercast.exe"= UDP:C:\program files\kss\peertv\peercast.exe:PeerCast
    "UDP Query User{6E97BDF2-FAB2-4E6A-B054-92F8C72D4307}C:\\program files\\kss\\peertv\\peercast.exe"= TCP:C:\program files\kss\peertv\peercast.exe:PeerCast
    "TCP Query User{873F9C4F-C846-445B-832A-263418F90C7B}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
    "UDP Query User{A7E8F0C4-823E-4FE9-835B-C9C3C12A140F}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
    "TCP Query User{DF59C06F-B5DE-4B3E-91B1-1A08CABD9313}C:\\users\\antho\\program files\\bittorrent_dna\\dna.exe"= UDP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe
    "UDP Query User{8C79AA92-2EA1-49D0-94D8-ADEA5E249222}C:\\users\\antho\\program files\\bittorrent_dna\\dna.exe"= TCP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe
    "TCP Query User{3493BFB2-928E-482F-864F-CD93A687EF7F}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "UDP Query User{45CDA921-4560-406D-9069-60D42022F657}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
    "{D587302D-09DD-43B9-9A41-650B80DCCA73}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
    "{57FB543D-CC56-4A52-B0EC-5BC25ACCBDDC}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
    "TCP Query User{B818DD14-FA04-473E-91BB-B4DB118E0CE4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:utorrent
    "UDP Query User{C7A621C3-F0D6-4C38-9312-74F29F76297A}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:utorrent
    "{A9FF4EEF-81E5-472B-BF29-EDF1A6E21584}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
    "{04BE99E0-11FB-4B1B-A929-3B4F001BACBB}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
    "TCP Query User{965FAB58-D1E0-4FCF-8306-5732D844CFF5}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{E12C5356-75E2-4506-AE9A-440FD39764E1}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
    "TCP Query User{84087DB4-DA5B-43AF-A0CC-CC9F7CC226E9}C:\\users\\antho\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "UDP Query User{C0F9C65E-2B48-4FAD-A3C4-10E03B031BEC}C:\\users\\antho\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "TCP Query User{1EA8784C-D890-4410-B7F2-9A76E5480521}C:\\users\\antho\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "UDP Query User{63364818-7361-4227-9407-D97DBA1799B7}C:\\users\\antho\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe
    "TCP Query User{F56E73AA-21E1-49B2-B47B-8B8969D3C3B2}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{15B978BF-686C-4370-BB6B-0EF15DAAD918}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
    "{400FE3C7-136D-4019-81FE-FD5FBC2DF407}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{45651627-9F7B-4B5D-BA95-952807C491A1}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "TCP Query User{06FB6572-7F2A-4942-9100-E850B48B4F46}C:\\program files\\amsn\\bin\\wish.exe"= UDP:C:\program files\amsn\bin\wish.exe:Wish Application
    "UDP Query User{89C18C01-D10B-4E50-A0E4-5CD977C0C710}C:\\program files\\amsn\\bin\\wish.exe"= TCP:C:\program files\amsn\bin\wish.exe:Wish Application
    "{7CB965AD-DD8F-4761-AB07-159C89BF8BE3}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{759B9853-CB02-4ED5-9500-B2253BF1183F}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
    "{6722D139-34A5-4A31-8C05-570D1149A893}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
    "{41D95863-086B-4981-9D6A-F42AFCAD6BBD}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
    "TCP Query User{636866E4-5E6C-403B-8403-37276E8F6364}C:\\users\\antho\\documents\\logiciels et autres applications\\emule.exe"= UDP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe
    "UDP Query User{77E2DA1E-EF5F-45D2-9A89-F7B4C639BDF2}C:\\users\\antho\\documents\\logiciels et autres applications\\emule.exe"= TCP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe
    "TCP Query User{BCAF9AAE-45EE-4C58-B05F-79C1FDC8CCB0}C:\\users\\antho\\program files\\dna\\btdna.exe"= UDP:C:\users\antho\program files\dna\btdna.exe:btdna.exe
    "UDP Query User{021CC62D-A463-4DBB-8AD5-58C6B649185E}C:\\users\\antho\\program files\\dna\\btdna.exe"= TCP:C:\users\antho\program files\dna\btdna.exe:btdna.exe
    "TCP Query User{DB02C6CC-914C-4403-93FD-A5FFF31BCA68}C:\\program files\\acronis\\trueimageconsole\\trueimageremoteconsole.exe"= UDP:C:\program files\acronis\trueimageconsole\trueimageremoteconsole.exe:True Image Remote Console
    "UDP Query User{8CE30D40-894F-407B-9E7B-9688F67DE45C}C:\\program files\\acronis\\trueimageconsole\\trueimageremoteconsole.exe"= TCP:C:\program files\acronis\trueimageconsole\trueimageremoteconsole.exe:True Image Remote Console
    "TCP Query User{3D5C1F4A-F5A6-4CB1-A943-8300599EAFBC}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
    "UDP Query User{65F25515-EA6B-4F98-A19D-542C3D5ADD5F}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
    "TCP Query User{DB84317C-DB98-4AEC-B6F1-A4E17280F064}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\french\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
    "UDP Query User{C609A5E1-509B-48D2-88EC-37CAEEDEF07D}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\french\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0
    "TCP Query User{6B4F1D6A-E864-419C-84E5-3D5DF6853790}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
    "UDP Query User{85E1D39A-F6E0-4AAB-BAD3-561C98E2D124}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
    "TCP Query User{0930AD54-DCB8-4862-B3AF-0E7090175125}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
    "UDP Query User{3F44E42A-930C-42DF-88CC-F66B8312C2E2}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
    "{6802CD02-E0C1-47B2-AF31-8637867F49A9}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
    "{966EFDE7-0453-45F0-8C1B-61D7C49979D4}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
    "{4E381DEF-8434-4CC4-8786-8E5953C99457}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "TCP Query User{25EFF61B-BF19-4B9F-84E3-170358469854}C:\\program files\\phone\\skype.exe"= Disabled:UDP:C:\program files\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{C72BDAC5-DA32-4EAA-8E29-054B2B6722F2}C:\\program files\\phone\\skype.exe"= Disabled:TCP:C:\program files\phone\skype.exe:Skype. Take a deep breath
    "{2A99A101-D0E9-483E-BEE9-3C054D7C5B8F}"= UDP:C:\Users\antho\AppData\Roaming\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{A48DB6EA-B739-452F-B394-F1E959A294EE}"= TCP:C:\Users\antho\AppData\Roaming\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{661A2346-E86A-4112-B532-C0ED421FA844}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{1843B412-B58F-45F0-89CB-DE10C507F606}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{9346C052-B7CE-42F8-B09D-F78F303BFD07}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{6D82BDFA-5151-476E-836B-E813DA28C41D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{9368C9B5-0101-4FF1-AA87-00D840DBDBF9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{37519672-0D57-4FB8-90BA-1C602D884CE9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "DoNotAllowExceptions"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)
    "DoNotAllowExceptions"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:22]
    R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-05-28 18:49]
    R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-05-28 18:49]
    R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 14:12]
    R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe [2008-04-23 11:59]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot\SDWinSec.exe [2008-01-28 11:43]
    R3 R300;R300;C:\Windows
    0
  20. patmoss Messages postés 2759 Statut Membre 41
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:18:18, on 09/06/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\COMODO\Firewall\cfp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Powercinema\PCMService.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Vista Start Menu\VistaStartMenu.exe
    C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Phone\Skype.exe
    C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe
    C:\Program Files\Spybot\TeaTimer.exe
    C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\explorer.exe
    C:\Program Files\Opera\Opera.exe
    C:\HijackThis\Serfnn.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [GBMPro8Agent] "C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
    O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [PCMService] "c:\Program Files\Powercinema\PCMService.exe"
    O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe"
    O4 - HKCU\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
    O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
    O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    O4 - HKCU\..\Run: [Meteo Fusion] "C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe"
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{75918A0B-DC7E-4F07-9959-955064C5C2E5}
    O4 - HKCU\..\Run: [C:\Program Files\Advanced System Optimizer\wallpaper.exe -minimize] wallpaper.exe -minimize
    O4 - HKCU\..\Run: [MzCpuAccelerator] "C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: FullShot 9.lnk = C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
    O8 - Extra context menu item: &Search - ?p=ZJfox000
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
    O13 - Gopher Prefix:
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O20 - AppInit_DLLs: "C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll" C:\Windows\system32\guard32.dll
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/ - C:\Windows\system32\HDDSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot\SDWinSec.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    0
  • 1
  • 2
  • 3