Besoin dinfo car mon ordi est vraiment lent
rickiboy
Messages postés
1
Statut
Membre
-
sKe69 Messages postés 21955 Statut Contributeur sécurité -
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour,
je ne sais plus quoi faire mon ordi est plus lent que jamais et jai 50 programe qui roule don je ne connais meme pas la provenence jai lu plusieur post de personne ayant des problemme semblable mais je ne comprend rien en ordi et cest trop complexe
jai donloader le programe Trend Micro HijackThis v2.0.2 et jai fait un scan et voici ce quil ma donner comme resulta
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:07 AM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ca.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.videotron.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://compaq-consumer.my.aol.ca/?icid=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {10555C13-6B09-4A67-9FA5-0238F6E908D4} - C:\WINDOWS\system32\wvUkJyXr.dll (file missing)
O2 - BHO: {375b1655-185e-7ec8-1814-ae865067ff01} - {10ff7605-68ea-4181-8ce7-e5815561b573} - C:\WINDOWS\system32\qyqpdvyf.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} - C:\WINDOWS\system32\pmnmkKay.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat.thewolven.com:3080/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.daoutcasts.com:4080/chat/data/html/user/msie/msichat.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28081/activereceiver.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: pmnmkKay - pmnmkKay.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
je ne sais plus quoi faire mon ordi est plus lent que jamais et jai 50 programe qui roule don je ne connais meme pas la provenence jai lu plusieur post de personne ayant des problemme semblable mais je ne comprend rien en ordi et cest trop complexe
jai donloader le programe Trend Micro HijackThis v2.0.2 et jai fait un scan et voici ce quil ma donner comme resulta
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:07 AM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ca.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.videotron.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://compaq-consumer.my.aol.ca/?icid=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {10555C13-6B09-4A67-9FA5-0238F6E908D4} - C:\WINDOWS\system32\wvUkJyXr.dll (file missing)
O2 - BHO: {375b1655-185e-7ec8-1814-ae865067ff01} - {10ff7605-68ea-4181-8ce7-e5815561b573} - C:\WINDOWS\system32\qyqpdvyf.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} - C:\WINDOWS\system32\pmnmkKay.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat.thewolven.com:3080/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.daoutcasts.com:4080/chat/data/html/user/msie/msichat.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28081/activereceiver.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: pmnmkKay - pmnmkKay.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
A voir également:
- Besoin dinfo car mon ordi est vraiment lent
- Mon pc est lent - Guide
- Mon mac est lent comment le nettoyer - Guide
- Comment reinitialiser un ordi - Guide
- Mon pc est trop lent et se bloque - Guide
- Mon ordi ne reconnait pas ma clé usb - Guide
17 réponses
Salut,
Infection Vundo déjà ...
commence par ce-ci :
Télécharges VirtumundoBegone sur ton bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
!!Ce déconnecter et fermer toute ces applications le temps de la manipe !!
Double cliquer sur VirtumundoBeGone.exe et suivre les instructions.
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau .
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu).
Postes le rapport VBG accompagné d'un nouveau rapport Hijackthis pour analyse ...
Infection Vundo déjà ...
commence par ce-ci :
Télécharges VirtumundoBegone sur ton bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
!!Ce déconnecter et fermer toute ces applications le temps de la manipe !!
Double cliquer sur VirtumundoBeGone.exe et suivre les instructions.
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau .
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu).
Postes le rapport VBG accompagné d'un nouveau rapport Hijackthis pour analyse ...
voila cest fait jai fait se que tu ma demander
[06/10/2008, 14:15:00] - VirtumundoBeGone v1.5 ( "C:\HJT\VirtumundoBeGone.exe" )
[06/10/2008, 14:15:01] - Detected System Information:
[06/10/2008, 14:15:01] - Windows Version: 5.1.2600, Service Pack 2
[06/10/2008, 14:15:01] - Current Username: Compaq_Administrator (Admin)
[06/10/2008, 14:15:01] - Windows is in NORMAL mode.
[06/10/2008, 14:15:01] - Searching for Browser Helper Objects:
[06/10/2008, 14:15:01] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} ()
[06/10/2008, 14:15:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:01] - No filename found. Continuing.
[06/10/2008, 14:15:01] - BHO 2: {10555C13-6B09-4A67-9FA5-0238F6E908D4} ()
[06/10/2008, 14:15:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:01] - Checking for HKLM\...\Winlogon\Notify\wvUkJyXr
[06/10/2008, 14:15:01] - Key not found: HKLM\...\Winlogon\Notify\wvUkJyXr, continuing.
[06/10/2008, 14:15:01] - BHO 3: {10ff7605-68ea-4181-8ce7-e5815561b573} ()
[06/10/2008, 14:15:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:01] - Checking for HKLM\...\Winlogon\Notify\qyqpdvyf
[06/10/2008, 14:15:01] - Key not found: HKLM\...\Winlogon\Notify\qyqpdvyf, continuing.
[06/10/2008, 14:15:01] - BHO 4: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[06/10/2008, 14:15:01] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/10/2008, 14:15:01] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/10/2008, 14:15:01] - BHO 7: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (hpWebHelper Class)
[06/10/2008, 14:15:01] - BHO 8: {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} ()
[06/10/2008, 14:15:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:01] - Checking for HKLM\...\Winlogon\Notify\pmnmkKay
[06/10/2008, 14:15:01] - Found: HKLM\...\Winlogon\Notify\pmnmkKay - This is probably Virtumundo.
[06/10/2008, 14:15:01] - Assigning {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} MSEvents Object
[06/10/2008, 14:15:01] - BHO list has been changed! Starting over...
[06/10/2008, 14:15:01] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} ()
[06/10/2008, 14:15:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:01] - No filename found. Continuing.
[06/10/2008, 14:15:01] - BHO 2: {10555C13-6B09-4A67-9FA5-0238F6E908D4} ()
[06/10/2008, 14:15:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:01] - Checking for HKLM\...\Winlogon\Notify\wvUkJyXr
[06/10/2008, 14:15:01] - Key not found: HKLM\...\Winlogon\Notify\wvUkJyXr, continuing.
[06/10/2008, 14:15:01] - BHO 3: {10ff7605-68ea-4181-8ce7-e5815561b573} ()
[06/10/2008, 14:15:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:01] - Checking for HKLM\...\Winlogon\Notify\qyqpdvyf
[06/10/2008, 14:15:01] - Key not found: HKLM\...\Winlogon\Notify\qyqpdvyf, continuing.
[06/10/2008, 14:15:01] - BHO 4: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[06/10/2008, 14:15:01] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/10/2008, 14:15:01] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/10/2008, 14:15:01] - BHO 7: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (hpWebHelper Class)
[06/10/2008, 14:15:01] - BHO 8: {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} (MSEvents Object)
[06/10/2008, 14:15:01] - ALERT: Found MSEvents Object!
[06/10/2008, 14:15:01] - BHO 9: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[06/10/2008, 14:15:01] - Finished Searching Browser Helper Objects
[06/10/2008, 14:15:01] - *** Detected MSEvents Object
[06/10/2008, 14:15:01] - Trying to remove MSEvents Object...
[06/10/2008, 14:15:02] - Terminating Process: IEXPLORE.EXE
[06/10/2008, 14:15:03] - Terminating Process: RUNDLL32.EXE
[06/10/2008, 14:15:03] - Disabling Automatic Shell Restart
[06/10/2008, 14:15:03] - Terminating Process: EXPLORER.EXE
[06/10/2008, 14:15:04] - Suspending the NT Session Manager System Service
[06/10/2008, 14:15:04] - Terminating Windows NT Logon/Logoff Manager
[06/10/2008, 14:15:04] - Re-enabling Automatic Shell Restart
[06/10/2008, 14:15:04] - File to disable: C:\WINDOWS\system32\pmnmkKay.dll
[06/10/2008, 14:15:04] - Removing HKLM\...\Browser Helper Objects\{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}
[06/10/2008, 14:15:05] - Removing HKCR\CLSID\{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}
[06/10/2008, 14:15:05] - Adding Kill Bit for ActiveX for GUID: {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}
[06/10/2008, 14:15:05] - Deleting ATLEvents/MSEvents Registry entries
[06/10/2008, 14:15:05] - Removing HKLM\...\Winlogon\Notify\pmnmkKay
[06/10/2008, 14:15:05] - Searching for Browser Helper Objects:
[06/10/2008, 14:15:05] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} ()
[06/10/2008, 14:15:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:05] - No filename found. Continuing.
[06/10/2008, 14:15:05] - BHO 2: {10555C13-6B09-4A67-9FA5-0238F6E908D4} ()
[06/10/2008, 14:15:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:05] - Checking for HKLM\...\Winlogon\Notify\wvUkJyXr
[06/10/2008, 14:15:05] - Key not found: HKLM\...\Winlogon\Notify\wvUkJyXr, continuing.
[06/10/2008, 14:15:05] - BHO 3: {10ff7605-68ea-4181-8ce7-e5815561b573} ()
[06/10/2008, 14:15:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:05] - Checking for HKLM\...\Winlogon\Notify\qyqpdvyf
[06/10/2008, 14:15:05] - Key not found: HKLM\...\Winlogon\Notify\qyqpdvyf, continuing.
[06/10/2008, 14:15:05] - BHO 4: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[06/10/2008, 14:15:05] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/10/2008, 14:15:05] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/10/2008, 14:15:05] - BHO 7: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (hpWebHelper Class)
[06/10/2008, 14:15:05] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[06/10/2008, 14:15:05] - Finished Searching Browser Helper Objects
[06/10/2008, 14:15:05] - Finishing up...
[06/10/2008, 14:15:05] - A restart is needed.
[06/10/2008, 14:15:13] - Attempting to Restart via STOP error (Blue Screen!)
ca c le vbg
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:36 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ca.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.videotron.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://compaq-consumer.my.aol.ca/?icid=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {10555C13-6B09-4A67-9FA5-0238F6E908D4} - C:\WINDOWS\system32\wvUkJyXr.dll (file missing)
O2 - BHO: {375b1655-185e-7ec8-1814-ae865067ff01} - {10ff7605-68ea-4181-8ce7-e5815561b573} - C:\WINDOWS\system32\qyqpdvyf.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat.thewolven.com:3080/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.daoutcasts.com:4080/chat/data/html/user/msie/msichat.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28081/activereceiver.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
[06/10/2008, 14:15:00] - VirtumundoBeGone v1.5 ( "C:\HJT\VirtumundoBeGone.exe" )
[06/10/2008, 14:15:01] - Detected System Information:
[06/10/2008, 14:15:01] - Windows Version: 5.1.2600, Service Pack 2
[06/10/2008, 14:15:01] - Current Username: Compaq_Administrator (Admin)
[06/10/2008, 14:15:01] - Windows is in NORMAL mode.
[06/10/2008, 14:15:01] - Searching for Browser Helper Objects:
[06/10/2008, 14:15:01] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} ()
[06/10/2008, 14:15:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:01] - No filename found. Continuing.
[06/10/2008, 14:15:01] - BHO 2: {10555C13-6B09-4A67-9FA5-0238F6E908D4} ()
[06/10/2008, 14:15:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:01] - Checking for HKLM\...\Winlogon\Notify\wvUkJyXr
[06/10/2008, 14:15:01] - Key not found: HKLM\...\Winlogon\Notify\wvUkJyXr, continuing.
[06/10/2008, 14:15:01] - BHO 3: {10ff7605-68ea-4181-8ce7-e5815561b573} ()
[06/10/2008, 14:15:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:01] - Checking for HKLM\...\Winlogon\Notify\qyqpdvyf
[06/10/2008, 14:15:01] - Key not found: HKLM\...\Winlogon\Notify\qyqpdvyf, continuing.
[06/10/2008, 14:15:01] - BHO 4: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[06/10/2008, 14:15:01] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/10/2008, 14:15:01] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/10/2008, 14:15:01] - BHO 7: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (hpWebHelper Class)
[06/10/2008, 14:15:01] - BHO 8: {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} ()
[06/10/2008, 14:15:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:01] - Checking for HKLM\...\Winlogon\Notify\pmnmkKay
[06/10/2008, 14:15:01] - Found: HKLM\...\Winlogon\Notify\pmnmkKay - This is probably Virtumundo.
[06/10/2008, 14:15:01] - Assigning {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} MSEvents Object
[06/10/2008, 14:15:01] - BHO list has been changed! Starting over...
[06/10/2008, 14:15:01] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} ()
[06/10/2008, 14:15:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:01] - No filename found. Continuing.
[06/10/2008, 14:15:01] - BHO 2: {10555C13-6B09-4A67-9FA5-0238F6E908D4} ()
[06/10/2008, 14:15:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:01] - Checking for HKLM\...\Winlogon\Notify\wvUkJyXr
[06/10/2008, 14:15:01] - Key not found: HKLM\...\Winlogon\Notify\wvUkJyXr, continuing.
[06/10/2008, 14:15:01] - BHO 3: {10ff7605-68ea-4181-8ce7-e5815561b573} ()
[06/10/2008, 14:15:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:01] - Checking for HKLM\...\Winlogon\Notify\qyqpdvyf
[06/10/2008, 14:15:01] - Key not found: HKLM\...\Winlogon\Notify\qyqpdvyf, continuing.
[06/10/2008, 14:15:01] - BHO 4: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[06/10/2008, 14:15:01] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/10/2008, 14:15:01] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/10/2008, 14:15:01] - BHO 7: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (hpWebHelper Class)
[06/10/2008, 14:15:01] - BHO 8: {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367} (MSEvents Object)
[06/10/2008, 14:15:01] - ALERT: Found MSEvents Object!
[06/10/2008, 14:15:01] - BHO 9: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[06/10/2008, 14:15:01] - Finished Searching Browser Helper Objects
[06/10/2008, 14:15:01] - *** Detected MSEvents Object
[06/10/2008, 14:15:01] - Trying to remove MSEvents Object...
[06/10/2008, 14:15:02] - Terminating Process: IEXPLORE.EXE
[06/10/2008, 14:15:03] - Terminating Process: RUNDLL32.EXE
[06/10/2008, 14:15:03] - Disabling Automatic Shell Restart
[06/10/2008, 14:15:03] - Terminating Process: EXPLORER.EXE
[06/10/2008, 14:15:04] - Suspending the NT Session Manager System Service
[06/10/2008, 14:15:04] - Terminating Windows NT Logon/Logoff Manager
[06/10/2008, 14:15:04] - Re-enabling Automatic Shell Restart
[06/10/2008, 14:15:04] - File to disable: C:\WINDOWS\system32\pmnmkKay.dll
[06/10/2008, 14:15:04] - Removing HKLM\...\Browser Helper Objects\{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}
[06/10/2008, 14:15:05] - Removing HKCR\CLSID\{BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}
[06/10/2008, 14:15:05] - Adding Kill Bit for ActiveX for GUID: {BC7D8DE8-EF3D-4F44-8B54-03759FAC1367}
[06/10/2008, 14:15:05] - Deleting ATLEvents/MSEvents Registry entries
[06/10/2008, 14:15:05] - Removing HKLM\...\Winlogon\Notify\pmnmkKay
[06/10/2008, 14:15:05] - Searching for Browser Helper Objects:
[06/10/2008, 14:15:05] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} ()
[06/10/2008, 14:15:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:05] - No filename found. Continuing.
[06/10/2008, 14:15:05] - BHO 2: {10555C13-6B09-4A67-9FA5-0238F6E908D4} ()
[06/10/2008, 14:15:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:05] - Checking for HKLM\...\Winlogon\Notify\wvUkJyXr
[06/10/2008, 14:15:05] - Key not found: HKLM\...\Winlogon\Notify\wvUkJyXr, continuing.
[06/10/2008, 14:15:05] - BHO 3: {10ff7605-68ea-4181-8ce7-e5815561b573} ()
[06/10/2008, 14:15:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/10/2008, 14:15:05] - Checking for HKLM\...\Winlogon\Notify\qyqpdvyf
[06/10/2008, 14:15:05] - Key not found: HKLM\...\Winlogon\Notify\qyqpdvyf, continuing.
[06/10/2008, 14:15:05] - BHO 4: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (AVG Safe Search)
[06/10/2008, 14:15:05] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/10/2008, 14:15:05] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/10/2008, 14:15:05] - BHO 7: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} (hpWebHelper Class)
[06/10/2008, 14:15:05] - BHO 8: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[06/10/2008, 14:15:05] - Finished Searching Browser Helper Objects
[06/10/2008, 14:15:05] - Finishing up...
[06/10/2008, 14:15:05] - A restart is needed.
[06/10/2008, 14:15:13] - Attempting to Restart via STOP error (Blue Screen!)
ca c le vbg
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:36 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ca.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.videotron.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://compaq-consumer.my.aol.ca/?icid=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {10555C13-6B09-4A67-9FA5-0238F6E908D4} - C:\WINDOWS\system32\wvUkJyXr.dll (file missing)
O2 - BHO: {375b1655-185e-7ec8-1814-ae865067ff01} - {10ff7605-68ea-4181-8ce7-e5815561b573} - C:\WINDOWS\system32\qyqpdvyf.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat.thewolven.com:3080/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.daoutcasts.com:4080/chat/data/html/user/msie/msichat.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28081/activereceiver.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
bien ... la suite :
Télécharges MalwareByte's :
ftp://ftp.commentcamarche.com/download/mbam-setup.exe
un tuto sympa : https://forum.pcastuces.com/sujet.asp?f=31&s=3
Instales le ( choisis bien "francais" ; ne modifies pas les parramètres d'instale ) et mets le à jour .
Puis redémarres en mode sans échec :
Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)
Lances Malwarebyte's .
Fais un scan dit "complet" ( sélectionnes bien tout tes disks avant le scan ) et supprimes tout ce qu'il peut trouver :
--->une fois le scan terminé , click sur "résultat" : puis vérifies que tous les ojbets infectés soient validés, puis click sur " supression " .
Redémarres ton PC ( mode normal ).
Postes le rapport sauvegardé après la supression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes) accompagné d'un nouvel hijackthis ( fait en mode normal ) ...
Télécharges MalwareByte's :
ftp://ftp.commentcamarche.com/download/mbam-setup.exe
un tuto sympa : https://forum.pcastuces.com/sujet.asp?f=31&s=3
Instales le ( choisis bien "francais" ; ne modifies pas les parramètres d'instale ) et mets le à jour .
Puis redémarres en mode sans échec :
Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)
Lances Malwarebyte's .
Fais un scan dit "complet" ( sélectionnes bien tout tes disks avant le scan ) et supprimes tout ce qu'il peut trouver :
--->une fois le scan terminé , click sur "résultat" : puis vérifies que tous les ojbets infectés soient validés, puis click sur " supression " .
Redémarres ton PC ( mode normal ).
Postes le rapport sauvegardé après la supression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes) accompagné d'un nouvel hijackthis ( fait en mode normal ) ...
bon jai fait se que tu ma demander et sa donne ceci
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 848
15:30:52 6/11/2008
mbam-log-6-11-2008 (15-30-52).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 176658
Temps écoulé: 1 hour(s), 18 minute(s), 27 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 59
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 16
Fichier(s) infecté(s): 215
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{02910a3c-5d77-4a3e-8a13-fdf81ac7fecd} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0485b9a3-61d4-40a9-82ee-5b8b6bd51a58} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{29143580-a3e7-4afb-a8ef-b88f3b56c5a3} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3eb2d5e5-ab7c-46db-950e-878cf812aa1c} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5caeb087-af31-494d-842d-39cf1c7adade} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5df8c005-6e2e-4bd6-a765-304a8e550ece} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{60659361-1c5f-4fa7-aeb0-f39df2547122} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6a97a178-3e84-45af-8f28-982c22e9a49d} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7d9351b3-4ebe-4f8f-981e-9af90ba99f54} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7e22e1d0-5af8-4fb8-a635-bd31b3308c71} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{821a05ed-bb06-4444-a1e0-f0ab21ff626d} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{886bacae-e094-4bde-912e-99c3a3ddd122} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8f290589-db12-447f-8f38-d24653ce9f13} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bad16ee0-5134-4dc2-bd33-46a557c93d36} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec6671fe-7062-4f26-8383-4b887c4cb50b} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc8db863-22bc-4382-ac7a-96fabfd95bb8} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e9d2f33-4585-4404-aa57-15b2b03707f4} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bc7d8de8-ef3d-4f44-8b54-03759fac1367} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_11_00_12_37.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_11_03_31_22.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_16_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_17_03_30_02.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_20_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_21_03_30_25.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_22_03_30_33.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_23_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_28_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_29_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_01_03_36_02.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_02_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_03_03_35_12.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_04_03_35_19.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_05_03_37_28.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_07_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_08_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_09_03_33_15.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_16_03_30_40.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_17_03_31_14.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_18_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_19_03_31_11.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_20_03_30_05.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_21_03_31_25.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_22_03_30_18.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_27_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_30_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_31_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_01_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_03_03_30_02.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_04_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_05_03_30_02.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_08_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_10_03_30_55.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_12_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_14_03_30_02.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_15_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_17_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_18_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_19_03_30_02.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_20_03_35_47.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_21_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_23_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_27_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_28_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_30_03_35_48.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_07_01_03_39_29.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_07_02_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_07_03_03_39_47.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_07_04_03_35_38.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_07_05_03_31_14.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_07_06_03_35_35.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Registry Backups\2007-04-11_00-14-47.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Registry Backups\2007-05-03_12-46-28.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Registry Backups\2007-06-14_08-50-13.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Registry Backups\2007-06-17_13-20-04.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.
et pour hijack ca donne
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:13 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ca.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.videotron.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://compaq-consumer.my.aol.ca/?icid=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {10555C13-6B09-4A67-9FA5-0238F6E908D4} - C:\WINDOWS\system32\wvUkJyXr.dll (file missing)
O2 - BHO: {375b1655-185e-7ec8-1814-ae865067ff01} - {10ff7605-68ea-4181-8ce7-e5815561b573} - C:\WINDOWS\system32\qyqpdvyf.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat.thewolven.com:3080/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.daoutcasts.com:4080/chat/data/html/user/msie/msichat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28081/activereceiver.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax
Malwarebytes' Anti-Malware 1.17
Version de la base de données: 848
15:30:52 6/11/2008
mbam-log-6-11-2008 (15-30-52).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 176658
Temps écoulé: 1 hour(s), 18 minute(s), 27 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 59
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 16
Fichier(s) infecté(s): 215
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{02910a3c-5d77-4a3e-8a13-fdf81ac7fecd} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0485b9a3-61d4-40a9-82ee-5b8b6bd51a58} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{29143580-a3e7-4afb-a8ef-b88f3b56c5a3} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3eb2d5e5-ab7c-46db-950e-878cf812aa1c} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5caeb087-af31-494d-842d-39cf1c7adade} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5df8c005-6e2e-4bd6-a765-304a8e550ece} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{60659361-1c5f-4fa7-aeb0-f39df2547122} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6a97a178-3e84-45af-8f28-982c22e9a49d} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7d9351b3-4ebe-4f8f-981e-9af90ba99f54} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7e22e1d0-5af8-4fb8-a635-bd31b3308c71} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{821a05ed-bb06-4444-a1e0-f0ab21ff626d} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{886bacae-e094-4bde-912e-99c3a3ddd122} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8f290589-db12-447f-8f38-d24653ce9f13} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bad16ee0-5134-4dc2-bd33-46a557c93d36} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec6671fe-7062-4f26-8383-4b887c4cb50b} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc8db863-22bc-4382-ac7a-96fabfd95bb8} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e9d2f33-4585-4404-aa57-15b2b03707f4} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{bc7d8de8-ef3d-4f44-8b54-03759fac1367} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Errors.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Results.stg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_11_00_12_37.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_11_03_31_22.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_16_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_17_03_30_02.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_20_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_21_03_30_25.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_22_03_30_33.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_23_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_28_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_04_29_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_01_03_36_02.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_02_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_03_03_35_12.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_04_03_35_19.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_05_03_37_28.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_07_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_08_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_09_03_33_15.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_16_03_30_40.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_17_03_31_14.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_18_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_19_03_31_11.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_20_03_30_05.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_21_03_31_25.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_22_03_30_18.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_27_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_30_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_05_31_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_01_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_03_03_30_02.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_04_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_05_03_30_02.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_08_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_10_03_30_55.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_12_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_14_03_30_02.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_15_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_17_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_18_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_19_03_30_02.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_20_03_35_47.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_21_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_23_03_30_01.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_27_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_28_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_06_30_03_35_48.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_07_01_03_39_29.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_07_02_03_30_00.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_07_03_03_39_47.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_07_04_03_35_38.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_07_05_03_31_14.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Log\log_2007_07_06_03_35_35.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Registry Backups\2007-04-11_00-14-47.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Registry Backups\2007-05-03_12-46-28.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Registry Backups\2007-06-14_08-50-13.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Application Data\RegistrySmart\Registry Backups\2007-06-17_13-20-04.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.
et pour hijack ca donne
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:13 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://ca.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.videotron.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://compaq-consumer.my.aol.ca/?icid=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {10555C13-6B09-4A67-9FA5-0238F6E908D4} - C:\WINDOWS\system32\wvUkJyXr.dll (file missing)
O2 - BHO: {375b1655-185e-7ec8-1814-ae865067ff01} - {10ff7605-68ea-4181-8ce7-e5815561b573} - C:\WINDOWS\system32\qyqpdvyf.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat.thewolven.com:3080/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.daoutcasts.com:4080/chat/data/html/user/msie/msichat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28081/activereceiver.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Pffff .... Fichier(s) infecté(s): 215 reccord battu !
Fais exactement ce qui suit :
Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleur !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide .
----------------------------------------------- ATTENTION ---------------------------------------------------------------
!! déconnectes toi, fermes tes applications en cours et DESACTIVES TES DEFENCES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
---------------------------------------------------------------------------------------------------------------------------------
Ensuite :
double-cliques C-Fix.exe ( = combofix.exe ) .
Appuyes sur la touche Y (Yes) pour démarrer le scan .
Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
---> si un message d'erreur windows apparait à un momment , clik sur la croix en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! )
Le rapport sera crée dans: C:\Combofix.txt
Postes le rapport combo fix et un nouveau rapport hijackthis pour analyse ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Fais exactement ce qui suit :
Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleur !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe <--- clik droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix et valide .
----------------------------------------------- ATTENTION ---------------------------------------------------------------
!! déconnectes toi, fermes tes applications en cours et DESACTIVES TES DEFENCES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
---------------------------------------------------------------------------------------------------------------------------------
Ensuite :
double-cliques C-Fix.exe ( = combofix.exe ) .
Appuyes sur la touche Y (Yes) pour démarrer le scan .
Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
---> si un message d'erreur windows apparait à un momment , clik sur la croix en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! )
Le rapport sera crée dans: C:\Combofix.txt
Postes le rapport combo fix et un nouveau rapport hijackthis pour analyse ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
voila les 2 resulta
ComboFix 08-06-10.5 - Compaq_Administrator 2008-06-11 16:41:35.1 - NTFSx86
Running from: C:\HJT\c-fix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMd32494c3.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dldgnxua.ini
C:\WINDOWS\system32\gasgbspy.ini
C:\WINDOWS\system32\gnkxcxyh.ini
C:\WINDOWS\system32\gsuqrchh.ini
C:\WINDOWS\system32\guqatibh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\rXyJkUvw.ini
C:\WINDOWS\system32\rXyJkUvw.ini2
C:\WINDOWS\system32\xijyiiyv.ini
C:\WINDOWS\system32\xwyssuid.ini
C:\WINDOWS\system32\yesysjxw.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.
2008-11-27 19:14 . 2008-11-27 19:14 143,872 --a------ C:\WINDOWS\system32\iacenc.dll
2008-11-27 19:14 . 2008-11-27 19:14 56,832 --a------ C:\WINDOWS\system32\iyvu9_32.dll
2008-06-11 16:05 . <DIR> C:\WINDOWS\LastGood.Tmp
2008-06-11 13:59 . 2008-06-11 14:04 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 13:59 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-11 13:59 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-10 16:26 . 2008-06-10 16:26 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2008-06-10 16:26 . 2008-06-10 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 10:37 . 2008-06-11 16:37 <DIR> d-------- C:\HJT
2008-06-10 09:51 . 2008-06-10 09:51 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-09 10:25 . 2008-06-09 10:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-09 10:25 . 2008-06-09 10:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-09 10:14 . 2008-06-09 10:29 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-28 14:55 . 2008-05-28 14:55 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\ITTNord
2008-05-28 13:47 . 2008-05-28 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-05-27 12:57 . 2008-05-27 12:58 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-17 17:41 . 2008-05-17 17:43 <DIR> d-------- C:\Program Files\Dofus
2008-05-12 08:44 . 2008-05-12 08:45 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\ErrorSmart
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 20:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-09 14:28 --------- d-----w C:\Program Files\AutoCAD 2008
2008-06-09 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-06 23:39 --------- d-----w C:\Program Files\Shockwave.com
2008-06-06 22:17 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\U3
2008-06-05 12:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-04 23:01 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\PlayFirst
2008-06-04 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-29 18:49 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\iWin
2008-05-29 04:30 --------- d-----w C:\Program Files\Microsoft Works
2008-05-29 02:16 --------- d-----w C:\Program Files\Yahoo!
2008-05-29 01:08 --------- d-----w C:\Program Files\XoftSpySE
2008-05-29 00:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-05-28 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-05-26 22:32 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Azureus
2008-05-15 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-12 12:32 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-05-11 16:28 --------- d-----w C:\Program Files\Escape the Museum
2008-05-10 23:32 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Bell
2008-05-10 18:23 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-05-10 16:32 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-10 16:31 --------- d-----w C:\Program Files\AVG
2008-05-10 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-10 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-05-10 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-05-10 02:34 --------- d-----w C:\Program Files\Common Files\iS3
2008-05-09 15:37 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-08 21:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-06 15:17 --------- d-----w C:\Program Files\Panicware
2008-05-05 20:52 --------- d-----w C:\Program Files\Webroot
2008-05-05 19:39 --------- d-----w C:\Program Files\Windows Defender
2008-05-05 19:35 --------- d-----w C:\Program Files\Google
2008-05-05 17:23 --------- d-----w C:\Program Files\Leroy Merlin
2008-05-05 17:14 --------- d-----w C:\Program Files\Zylom Games
2008-05-05 16:10 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-05-03 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2008-05-02 02:43 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Gaijin Ent
2008-05-01 13:32 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-01 13:31 --------- d-----w C:\Program Files\Common Files\Real
2008-04-30 18:42 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\funkitron
2008-04-26 20:46 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\SprillBermudeEng
2008-04-26 20:40 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Zylom
2008-04-26 20:36 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\SprillBermudeFr
2008-04-23 21:23 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Friday's games
2008-04-22 21:35 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Meridian93
2008-04-20 14:41 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Cabos
2008-04-13 00:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
2008-04-12 15:38 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Jane s Hotel Family Hero
2008-04-12 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\MonteCristo
2008-03-23 18:53 87,608 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\inst.exe
2008-03-23 18:53 47,360 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys
2008-03-02 03:33 2,166 ----a-w C:\Program Files\INSTALL.LOG
2007-12-09 13:47 87,608 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\ezpinst.exe
2007-09-12 18:27 150 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2007-07-12 19:29 476,752 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-02-02 12:53 94,080 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\ezplay.sys
2007-07-12 19:18 8 --sh--r C:\WINDOWS\system32\[u]0/uAA18D2AF8.sys
2007-07-12 19:29 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10555C13-6B09-4A67-9FA5-0238F6E908D4}]
C:\WINDOWS\system32\wvUkJyXr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10ff7605-68ea-4181-8ce7-e5815561b573}]
C:\WINDOWS\system32\qyqpdvyf.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 17:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 18:50 7311360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 01:14 237568]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 13:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"nwiz"="nwiz.exe" [2006-05-09 18:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"VideotronSA.exe"="C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" [ ]
"Services de sécurité Vidéotron"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe" [ ]
"-FreedomNeedsReboot"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-01 09:31 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-10 12:31 1177368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--------- 2005-03-29 02:13 258048 C:\Program Files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d017a75f]
C:\WINDOWS\system32\auxngdld.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Loud New]
C:\DOCUME~1\COMPAQ~1\APPLIC~1\idlemeal\Elseone.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-05-09 18:50 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Settingsmapimediawin]
C:\Documents and Settings\All Users\Application Data\Upcoalsettingsmapi\OPEN ONE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 18:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"iPod Service"=3 (0x3)
"CCALib8"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"usnjsvc"=3 (0x3)
"pwsex_service"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"PDEngine"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"ITMRTSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"dvpapi"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Compaq_Administrator\\My Documents\\Azureus Downloads\\Azureus\\Azureus.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-10 12:32]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-10 12:31]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 17:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 17:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 17:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 17:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 17:50]
S3 z520bus;Sony Ericsson 520 driver (WDM);C:\WINDOWS\system32\DRIVERS\z520bus.sys [2005-09-07 18:42]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z520mdfl.sys [2005-09-07 18:42]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\z520mdm.sys [2005-09-07 18:43]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\z520mgmt.sys [2005-09-07 18:43]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\z520obex.sys [2005-09-07 18:43]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b750967-d0c6-11dc-a866-0018f387af33}]
\Shell\AutoRun\command - K:\LaunchU3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{182B5DC5-0534-768D-0003-030700020404}]
C:\WINDOWS\system32\Crack.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-09 15:54:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-11 20:56:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-09 07:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-06-11 20:52:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-03-17 21:29:00 C:\WINDOWS\Tasks\XoftSpy.job"
- E:\XoftSpy\XoftSpy.exe
"2008-06-11 21:00:07 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-05-24 12:39:41 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 16:50:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\TEMP\b299025e-b8d0-4420-8f2c-4bf90022cc92.tmp
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-06-11 17:00:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 21:00:43
Pre-Run: 109,705,318,400 bytes free
Post-Run: 109,843,894,272 bytes free
314 --- E O F --- 2008-06-11 19:47:50
et pour hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:31 PM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://compaq-consumer.my.aol.ca/?icid=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {10555C13-6B09-4A67-9FA5-0238F6E908D4} - C:\WINDOWS\system32\wvUkJyXr.dll (file missing)
O2 - BHO: {375b1655-185e-7ec8-1814-ae865067ff01} - {10ff7605-68ea-4181-8ce7-e5815561b573} - C:\WINDOWS\system32\qyqpdvyf.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat.thewolven.com:3080/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.daoutcasts.com:4080/chat/data/html/user/msie/msichat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28081/activereceiver.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
ComboFix 08-06-10.5 - Compaq_Administrator 2008-06-11 16:41:35.1 - NTFSx86
Running from: C:\HJT\c-fix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMd32494c3.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dldgnxua.ini
C:\WINDOWS\system32\gasgbspy.ini
C:\WINDOWS\system32\gnkxcxyh.ini
C:\WINDOWS\system32\gsuqrchh.ini
C:\WINDOWS\system32\guqatibh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\rXyJkUvw.ini
C:\WINDOWS\system32\rXyJkUvw.ini2
C:\WINDOWS\system32\xijyiiyv.ini
C:\WINDOWS\system32\xwyssuid.ini
C:\WINDOWS\system32\yesysjxw.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.
2008-11-27 19:14 . 2008-11-27 19:14 143,872 --a------ C:\WINDOWS\system32\iacenc.dll
2008-11-27 19:14 . 2008-11-27 19:14 56,832 --a------ C:\WINDOWS\system32\iyvu9_32.dll
2008-06-11 16:05 . <DIR> C:\WINDOWS\LastGood.Tmp
2008-06-11 13:59 . 2008-06-11 14:04 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 13:59 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-11 13:59 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-10 16:26 . 2008-06-10 16:26 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2008-06-10 16:26 . 2008-06-10 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 10:37 . 2008-06-11 16:37 <DIR> d-------- C:\HJT
2008-06-10 09:51 . 2008-06-10 09:51 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-09 10:25 . 2008-06-09 10:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-09 10:25 . 2008-06-09 10:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-09 10:14 . 2008-06-09 10:29 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-28 14:55 . 2008-05-28 14:55 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\ITTNord
2008-05-28 13:47 . 2008-05-28 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-05-27 12:57 . 2008-05-27 12:58 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-17 17:41 . 2008-05-17 17:43 <DIR> d-------- C:\Program Files\Dofus
2008-05-12 08:44 . 2008-05-12 08:45 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\ErrorSmart
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 20:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-09 14:28 --------- d-----w C:\Program Files\AutoCAD 2008
2008-06-09 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-06 23:39 --------- d-----w C:\Program Files\Shockwave.com
2008-06-06 22:17 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\U3
2008-06-05 12:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-04 23:01 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\PlayFirst
2008-06-04 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-29 18:49 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\iWin
2008-05-29 04:30 --------- d-----w C:\Program Files\Microsoft Works
2008-05-29 02:16 --------- d-----w C:\Program Files\Yahoo!
2008-05-29 01:08 --------- d-----w C:\Program Files\XoftSpySE
2008-05-29 00:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-05-28 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-05-26 22:32 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Azureus
2008-05-15 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-12 12:32 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-05-11 16:28 --------- d-----w C:\Program Files\Escape the Museum
2008-05-10 23:32 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Bell
2008-05-10 18:23 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-05-10 16:32 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-10 16:31 --------- d-----w C:\Program Files\AVG
2008-05-10 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-10 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-05-10 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-05-10 02:34 --------- d-----w C:\Program Files\Common Files\iS3
2008-05-09 15:37 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-08 21:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-06 15:17 --------- d-----w C:\Program Files\Panicware
2008-05-05 20:52 --------- d-----w C:\Program Files\Webroot
2008-05-05 19:39 --------- d-----w C:\Program Files\Windows Defender
2008-05-05 19:35 --------- d-----w C:\Program Files\Google
2008-05-05 17:23 --------- d-----w C:\Program Files\Leroy Merlin
2008-05-05 17:14 --------- d-----w C:\Program Files\Zylom Games
2008-05-05 16:10 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-05-03 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2008-05-02 02:43 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Gaijin Ent
2008-05-01 13:32 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-01 13:31 --------- d-----w C:\Program Files\Common Files\Real
2008-04-30 18:42 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\funkitron
2008-04-26 20:46 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\SprillBermudeEng
2008-04-26 20:40 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Zylom
2008-04-26 20:36 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\SprillBermudeFr
2008-04-23 21:23 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Friday's games
2008-04-22 21:35 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Meridian93
2008-04-20 14:41 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Cabos
2008-04-13 00:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
2008-04-12 15:38 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Jane s Hotel Family Hero
2008-04-12 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\MonteCristo
2008-03-23 18:53 87,608 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\inst.exe
2008-03-23 18:53 47,360 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys
2008-03-02 03:33 2,166 ----a-w C:\Program Files\INSTALL.LOG
2007-12-09 13:47 87,608 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\ezpinst.exe
2007-09-12 18:27 150 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2007-07-12 19:29 476,752 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-02-02 12:53 94,080 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\ezplay.sys
2007-07-12 19:18 8 --sh--r C:\WINDOWS\system32\[u]0/uAA18D2AF8.sys
2007-07-12 19:29 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10555C13-6B09-4A67-9FA5-0238F6E908D4}]
C:\WINDOWS\system32\wvUkJyXr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10ff7605-68ea-4181-8ce7-e5815561b573}]
C:\WINDOWS\system32\qyqpdvyf.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 17:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 18:50 7311360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 01:14 237568]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 13:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"nwiz"="nwiz.exe" [2006-05-09 18:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"VideotronSA.exe"="C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" [ ]
"Services de sécurité Vidéotron"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe" [ ]
"-FreedomNeedsReboot"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-01 09:31 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-10 12:31 1177368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--------- 2005-03-29 02:13 258048 C:\Program Files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d017a75f]
C:\WINDOWS\system32\auxngdld.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Loud New]
C:\DOCUME~1\COMPAQ~1\APPLIC~1\idlemeal\Elseone.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-05-09 18:50 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Settingsmapimediawin]
C:\Documents and Settings\All Users\Application Data\Upcoalsettingsmapi\OPEN ONE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 18:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"iPod Service"=3 (0x3)
"CCALib8"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"usnjsvc"=3 (0x3)
"pwsex_service"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"PDEngine"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"ITMRTSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"dvpapi"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Compaq_Administrator\\My Documents\\Azureus Downloads\\Azureus\\Azureus.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-10 12:32]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-10 12:31]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 17:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 17:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 17:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 17:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 17:50]
S3 z520bus;Sony Ericsson 520 driver (WDM);C:\WINDOWS\system32\DRIVERS\z520bus.sys [2005-09-07 18:42]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z520mdfl.sys [2005-09-07 18:42]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\z520mdm.sys [2005-09-07 18:43]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\z520mgmt.sys [2005-09-07 18:43]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\z520obex.sys [2005-09-07 18:43]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b750967-d0c6-11dc-a866-0018f387af33}]
\Shell\AutoRun\command - K:\LaunchU3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{182B5DC5-0534-768D-0003-030700020404}]
C:\WINDOWS\system32\Crack.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-09 15:54:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-11 20:56:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-09 07:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-06-11 20:52:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-03-17 21:29:00 C:\WINDOWS\Tasks\XoftSpy.job"
- E:\XoftSpy\XoftSpy.exe
"2008-06-11 21:00:07 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-05-24 12:39:41 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 16:50:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\TEMP\b299025e-b8d0-4420-8f2c-4bf90022cc92.tmp
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-06-11 17:00:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 21:00:43
Pre-Run: 109,705,318,400 bytes free
Post-Run: 109,843,894,272 bytes free
314 --- E O F --- 2008-06-11 19:47:50
et pour hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:31 PM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://compaq-consumer.my.aol.ca/?icid=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {10555C13-6B09-4A67-9FA5-0238F6E908D4} - C:\WINDOWS\system32\wvUkJyXr.dll (file missing)
O2 - BHO: {375b1655-185e-7ec8-1814-ae865067ff01} - {10ff7605-68ea-4181-8ce7-e5815561b573} - C:\WINDOWS\system32\qyqpdvyf.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat.thewolven.com:3080/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.daoutcasts.com:4080/chat/data/html/user/msie/msichat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28081/activereceiver.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
On continue ...
A)Crées un point de restauration de ton PC :
Aller dans le Menu Démarrer puis dans Programmes,
- Ensuite dans Accessoires et enfin dans Outils système,
- Choisir "Restauration du système",
- Sélectionner "Créer un point de restauration",
- Cliquer sur "Suivant",
- Entrer un nom pour le point de restauration : ce nom doit être assez évocateur,
- Cliquer sur "Créer" et le point de restauration se créé automatiquement.
B) 1-Crée un doc texte sur ton bureau :
pointes ta souris sur ton bureau , click droit : vas dans "nouveau" et choisis "document texte" .
Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de crée :
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10555C13-6B09-4A67-9FA5-0238F6E908D4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10ff7605-68ea-4181-8ce7-e5815561b573}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d017a75f]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{182B5DC5-0534-768D-0003-030700020404}]
File::
C:\Documents and Settings\Compaq_Administrator\Application Data\inst.exe
C:\Documents and Settings\Compaq_Administrator\Application Data\ezpinst.exe
C:\WINDOWS\TEMP\b299025e-b8d0-4420-8f2c-4bf90022cc92.tmp
Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valides ...
2-Nettoyage :
!! Déconnectes toi,fermes toute tes application et désactive ton antivirus le temps de la manipe ( tu le réactiveras après ) !!
--->Sur ton bureau, fais un glisser avec ta souris le fichier CFScript sur l'icone de ComboFix.exe .
(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )
Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide.
Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)
!! Ne touche à rien tant que le scan n'est pas terminé !!
Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.
Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...
( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )
A)Crées un point de restauration de ton PC :
Aller dans le Menu Démarrer puis dans Programmes,
- Ensuite dans Accessoires et enfin dans Outils système,
- Choisir "Restauration du système",
- Sélectionner "Créer un point de restauration",
- Cliquer sur "Suivant",
- Entrer un nom pour le point de restauration : ce nom doit être assez évocateur,
- Cliquer sur "Créer" et le point de restauration se créé automatiquement.
B) 1-Crée un doc texte sur ton bureau :
pointes ta souris sur ton bureau , click droit : vas dans "nouveau" et choisis "document texte" .
Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de crée :
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10555C13-6B09-4A67-9FA5-0238F6E908D4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10ff7605-68ea-4181-8ce7-e5815561b573}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d017a75f]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{182B5DC5-0534-768D-0003-030700020404}]
File::
C:\Documents and Settings\Compaq_Administrator\Application Data\inst.exe
C:\Documents and Settings\Compaq_Administrator\Application Data\ezpinst.exe
C:\WINDOWS\TEMP\b299025e-b8d0-4420-8f2c-4bf90022cc92.tmp
Puis vas dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valides ...
2-Nettoyage :
!! Déconnectes toi,fermes toute tes application et désactive ton antivirus le temps de la manipe ( tu le réactiveras après ) !!
--->Sur ton bureau, fais un glisser avec ta souris le fichier CFScript sur l'icone de ComboFix.exe .
(Regarde ici : http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript.gif )
Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide.
Puis patientes le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)
!! Ne touche à rien tant que le scan n'est pas terminé !!
Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisses-le faire.
Une fois le scan achevé, un rapport va s'afficher : Postes le accompagné d' un nouveau rapport HijackThis pour analyse ...
( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )
ComboFix 08-06-10.5 - Compaq_Administrator 2008-06-16 9:49:18.2 - NTFSx86
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\c-fix.exe
Command switches used :: C:\Documents and Settings\Compaq_Administrator\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Documents and Settings\Compaq_Administrator\Application Data\ezpinst.exe
C:\Documents and Settings\Compaq_Administrator\Application Data\inst.exe
C:\WINDOWS\TEMP\b299025e-b8d0-4420-8f2c-4bf90022cc92.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Compaq_Administrator\Application Data\ezpinst.exe
C:\Documents and Settings\Compaq_Administrator\Application Data\inst.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.
2008-11-27 19:14 . 2008-11-27 19:14 143,872 --a------ C:\WINDOWS\system32\iacenc.dll
2008-11-27 19:14 . 2008-11-27 19:14 56,832 --a------ C:\WINDOWS\system32\iyvu9_32.dll
2008-06-11 19:21 . 2008-06-11 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-06-11 14:05 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:05 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 13:59 . 2008-06-11 14:04 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 13:59 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-11 13:59 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-10 16:26 . 2008-06-10 16:26 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2008-06-10 16:26 . 2008-06-10 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 10:37 . 2008-06-16 09:47 <DIR> d-------- C:\HJT
2008-06-10 09:51 . 2008-06-10 09:51 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-09 10:25 . 2008-06-09 10:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-09 10:25 . 2008-06-09 10:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-09 10:14 . 2008-06-09 10:29 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-28 14:55 . 2008-05-28 14:55 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\ITTNord
2008-05-28 13:47 . 2008-05-28 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-05-27 12:57 . 2008-05-27 12:58 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-17 17:41 . 2008-06-15 20:55 <DIR> d-------- C:\Program Files\Dofus
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 13:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-16 01:02 --------- d-----w C:\Program Files\Shockwave.com
2008-06-09 14:28 --------- d-----w C:\Program Files\AutoCAD 2008
2008-06-09 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-06 22:17 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\U3
2008-06-05 12:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-04 23:01 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\PlayFirst
2008-06-04 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-29 18:49 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\iWin
2008-05-29 04:30 --------- d-----w C:\Program Files\Microsoft Works
2008-05-29 02:16 --------- d-----w C:\Program Files\Yahoo!
2008-05-29 01:08 --------- d-----w C:\Program Files\XoftSpySE
2008-05-29 00:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-05-28 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-05-26 22:32 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Azureus
2008-05-15 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-12 12:45 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\ErrorSmart
2008-05-12 12:32 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-05-11 16:28 --------- d-----w C:\Program Files\Escape the Museum
2008-05-10 23:32 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Bell
2008-05-10 18:23 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-05-10 16:32 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-10 16:32 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-05-10 16:31 --------- d-----w C:\Program Files\AVG
2008-05-10 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-10 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-05-10 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-05-10 02:34 --------- d-----w C:\Program Files\Common Files\iS3
2008-05-09 15:37 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-08 21:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 15:17 --------- d-----w C:\Program Files\Panicware
2008-05-05 20:52 --------- d-----w C:\Program Files\Webroot
2008-05-05 19:39 --------- d-----w C:\Program Files\Windows Defender
2008-05-05 19:35 --------- d-----w C:\Program Files\Google
2008-05-05 17:23 --------- d-----w C:\Program Files\Leroy Merlin
2008-05-05 17:14 --------- d-----w C:\Program Files\Zylom Games
2008-05-05 16:10 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-05-04 21:02 1,483,755 --sha-w C:\WINDOWS\system32\gyychaln.tmp
2008-05-03 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2008-05-02 02:43 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Gaijin Ent
2008-05-01 13:32 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-01 13:31 --------- d-----w C:\Program Files\Common Files\Real
2008-04-30 18:42 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\funkitron
2008-04-26 20:46 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\SprillBermudeEng
2008-04-26 20:40 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Zylom
2008-04-26 20:36 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\SprillBermudeFr
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 21:23 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Friday's games
2008-04-22 21:35 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Meridian93
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 14:41 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Cabos
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-25 20:26 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-03-23 18:53 47,360 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-02 03:33 2,166 ----a-w C:\Program Files\INSTALL.LOG
2007-09-12 18:27 150 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2007-07-12 19:29 476,752 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-02-02 12:53 94,080 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\ezplay.sys
2007-07-12 19:18 8 --sh--r C:\WINDOWS\system32\[u]0/uAA18D2AF8.sys
2007-07-12 19:29 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-11_17.00.13.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953356\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953356\spuninst.exe
+ 2008-05-28 12:01:41 26,624 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\ippmcust.dll
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\updspapi.dll
- 2008-06-11 20:49:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 23:54:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 22:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-03-20 18:41:20 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe" [2007-06-13 15:38 61432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 17:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 18:50 7311360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 01:14 237568]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 13:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"nwiz"="nwiz.exe" [2006-05-09 18:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"VideotronSA.exe"="C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" [2007-06-13 14:41 2061816]
"Services de sécurité Vidéotron"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe" [2007-06-13 15:39 311288]
"-FreedomNeedsReboot"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe" [2007-06-13 15:41 13816]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-01 09:31 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-10 12:31 1177368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--------- 2005-03-29 02:13 258048 C:\Program Files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Loud New]
C:\DOCUME~1\COMPAQ~1\APPLIC~1\idlemeal\Elseone.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-05-09 18:50 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Settingsmapimediawin]
C:\Documents and Settings\All Users\Application Data\Upcoalsettingsmapi\OPEN ONE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 18:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"iPod Service"=3 (0x3)
"CCALib8"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"usnjsvc"=3 (0x3)
"pwsex_service"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"PDEngine"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"ITMRTSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"dvpapi"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Compaq_Administrator\\My Documents\\Azureus Downloads\\Azureus\\Azureus.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-10 12:32]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-10 12:31]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 17:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 17:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 17:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 17:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 17:50]
S3 z520bus;Sony Ericsson 520 driver (WDM);C:\WINDOWS\system32\DRIVERS\z520bus.sys [2005-09-07 18:42]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z520mdfl.sys [2005-09-07 18:42]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\z520mdm.sys [2005-09-07 18:43]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\z520mgmt.sys [2005-09-07 18:43]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\z520obex.sys [2005-09-07 18:43]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b750967-d0c6-11dc-a866-0018f387af33}]
\Shell\AutoRun\command - K:\LaunchU3.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-09 15:54:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-16 13:56:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-16 07:30:03 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-06-16 06:03:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-03-17 21:29:00 C:\WINDOWS\Tasks\XoftSpy.job"
- E:\XoftSpy\XoftSpy.exe
"2008-06-15 21:00:02 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-05-24 12:39:41 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 09:53:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-16 9:57:30
ComboFix-quarantined-files.txt 2008-06-16 13:57:26
ComboFix2.txt 2008-06-11 21:00:56
Pre-Run: 110,973,276,160 bytes free
Post-Run: 110,967,595,008 bytes free
444 --- E O F --- 2008-06-12 07:07:21
et pour hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:32 AM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://compaq-consumer.my.aol.ca/?icid=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat.thewolven.com:3080/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.daoutcasts.com:4080/chat/data/html/user/msie/msichat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28081/activereceiver.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
Running from: C:\Documents and Settings\Compaq_Administrator\Desktop\c-fix.exe
Command switches used :: C:\Documents and Settings\Compaq_Administrator\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Documents and Settings\Compaq_Administrator\Application Data\ezpinst.exe
C:\Documents and Settings\Compaq_Administrator\Application Data\inst.exe
C:\WINDOWS\TEMP\b299025e-b8d0-4420-8f2c-4bf90022cc92.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Compaq_Administrator\Application Data\ezpinst.exe
C:\Documents and Settings\Compaq_Administrator\Application Data\inst.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.
2008-11-27 19:14 . 2008-11-27 19:14 143,872 --a------ C:\WINDOWS\system32\iacenc.dll
2008-11-27 19:14 . 2008-11-27 19:14 56,832 --a------ C:\WINDOWS\system32\iyvu9_32.dll
2008-06-11 19:21 . 2008-06-11 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-06-11 14:05 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:05 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 13:59 . 2008-06-11 14:04 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 13:59 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-11 13:59 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-10 16:26 . 2008-06-10 16:26 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2008-06-10 16:26 . 2008-06-10 16:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 10:37 . 2008-06-16 09:47 <DIR> d-------- C:\HJT
2008-06-10 09:51 . 2008-06-10 09:51 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-09 10:25 . 2008-06-09 10:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-09 10:25 . 2008-06-09 10:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-09 10:14 . 2008-06-09 10:29 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2008-05-28 14:55 . 2008-05-28 14:55 <DIR> d-------- C:\Documents and Settings\Compaq_Administrator\Application Data\ITTNord
2008-05-28 13:47 . 2008-05-28 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-05-27 12:57 . 2008-05-27 12:58 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-17 17:41 . 2008-06-15 20:55 <DIR> d-------- C:\Program Files\Dofus
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 13:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-16 01:02 --------- d-----w C:\Program Files\Shockwave.com
2008-06-09 14:28 --------- d-----w C:\Program Files\AutoCAD 2008
2008-06-09 14:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-06 22:17 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\U3
2008-06-05 12:42 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-04 23:01 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\PlayFirst
2008-06-04 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-29 18:49 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\iWin
2008-05-29 04:30 --------- d-----w C:\Program Files\Microsoft Works
2008-05-29 02:16 --------- d-----w C:\Program Files\Yahoo!
2008-05-29 01:08 --------- d-----w C:\Program Files\XoftSpySE
2008-05-29 00:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-05-28 17:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-05-26 22:32 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Azureus
2008-05-15 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-12 12:45 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\ErrorSmart
2008-05-12 12:32 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-05-11 16:28 --------- d-----w C:\Program Files\Escape the Museum
2008-05-10 23:32 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Bell
2008-05-10 18:23 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-05-10 16:32 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-10 16:32 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-05-10 16:31 --------- d-----w C:\Program Files\AVG
2008-05-10 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-10 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-05-10 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-05-10 02:34 --------- d-----w C:\Program Files\Common Files\iS3
2008-05-09 15:37 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-05-08 21:10 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 15:17 --------- d-----w C:\Program Files\Panicware
2008-05-05 20:52 --------- d-----w C:\Program Files\Webroot
2008-05-05 19:39 --------- d-----w C:\Program Files\Windows Defender
2008-05-05 19:35 --------- d-----w C:\Program Files\Google
2008-05-05 17:23 --------- d-----w C:\Program Files\Leroy Merlin
2008-05-05 17:14 --------- d-----w C:\Program Files\Zylom Games
2008-05-05 16:10 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-05-04 21:02 1,483,755 --sha-w C:\WINDOWS\system32\gyychaln.tmp
2008-05-03 15:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gogii
2008-05-02 02:43 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Gaijin Ent
2008-05-01 13:32 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-01 13:31 --------- d-----w C:\Program Files\Common Files\Real
2008-04-30 18:42 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\funkitron
2008-04-26 20:46 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\SprillBermudeEng
2008-04-26 20:40 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Zylom
2008-04-26 20:36 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\SprillBermudeFr
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 21:23 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Friday's games
2008-04-22 21:35 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Meridian93
2008-04-22 07:40 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 14:41 --------- d-----w C:\Documents and Settings\Compaq_Administrator\Application Data\Cabos
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-25 20:26 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-03-23 18:53 47,360 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\pcouffin.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-02 03:33 2,166 ----a-w C:\Program Files\INSTALL.LOG
2007-09-12 18:27 150 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
2007-07-12 19:29 476,752 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-02-02 12:53 94,080 ----a-w C:\Documents and Settings\Compaq_Administrator\Application Data\ezplay.sys
2007-07-12 19:18 8 --sh--r C:\WINDOWS\system32\[u]0/uAA18D2AF8.sys
2007-07-12 19:29 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-11_17.00.13.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953356\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953356\spuninst.exe
+ 2008-05-28 12:01:41 26,624 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\ippmcust.dll
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953356\update\updspapi.dll
- 2008-06-11 20:49:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 23:54:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2008-03-01 13:06:21 63,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2008-03-01 13:06:22 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2008-03-01 13:06:24 6,066,176 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2008-03-01 13:06:25 267,776 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2008-02-22 10:00:51 13,824 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2008-03-01 13:06:26 459,264 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2008-03-01 22:36:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-03-20 18:41:20 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe" [2007-06-13 15:38 61432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 17:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:19 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 18:50 7311360]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 01:14 237568]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 13:03 36864 C:\WINDOWS\system32\P0620Pin.dll]
"nwiz"="nwiz.exe" [2006-05-09 18:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"VideotronSA.exe"="C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" [2007-06-13 14:41 2061816]
"Services de sécurité Vidéotron"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe" [2007-06-13 15:39 311288]
"-FreedomNeedsReboot"="C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe" [2007-06-13 15:41 13816]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-01 09:31 185896]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-10 12:31 1177368]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--------- 2005-03-29 02:13 258048 C:\Program Files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Loud New]
C:\DOCUME~1\COMPAQ~1\APPLIC~1\idlemeal\Elseone.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-05-09 18:50 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Settingsmapimediawin]
C:\Documents and Settings\All Users\Application Data\Upcoalsettingsmapi\OPEN ONE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 18:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"iPod Service"=3 (0x3)
"CCALib8"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"usnjsvc"=3 (0x3)
"pwsex_service"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"PDEngine"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"LightScribeService"=2 (0x2)
"ITMRTSVC"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"dvpapi"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Compaq_Administrator\\My Documents\\Azureus Downloads\\Azureus\\Azureus.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-10 12:32]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-10 12:31]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 17:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 17:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 17:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 17:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 17:50]
S3 z520bus;Sony Ericsson 520 driver (WDM);C:\WINDOWS\system32\DRIVERS\z520bus.sys [2005-09-07 18:42]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z520mdfl.sys [2005-09-07 18:42]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\z520mdm.sys [2005-09-07 18:43]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\z520mgmt.sys [2005-09-07 18:43]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\z520obex.sys [2005-09-07 18:43]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b750967-d0c6-11dc-a866-0018f387af33}]
\Shell\AutoRun\command - K:\LaunchU3.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-09 15:54:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-16 13:56:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-16 07:30:03 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-06-16 06:03:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-03-17 21:29:00 C:\WINDOWS\Tasks\XoftSpy.job"
- E:\XoftSpy\XoftSpy.exe
"2008-06-15 21:00:02 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-05-24 12:39:41 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 09:53:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-16 9:57:30
ComboFix-quarantined-files.txt 2008-06-16 13:57:26
ComboFix2.txt 2008-06-11 21:00:56
Pre-Run: 110,973,276,160 bytes free
Post-Run: 110,967,595,008 bytes free
444 --- E O F --- 2008-06-12 07:07:21
et pour hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:32 AM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://compaq-consumer.my.aol.ca/?icid=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat.thewolven.com:3080/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.daoutcasts.com:4080/chat/data/html/user/msie/msichat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28081/activereceiver.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
Salut,
1-Avoir accès aux fichiers cachés.
Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ---> coché
"Masquer les extensions des fichiers dont le type est connu" ---> décoché
2-Télécharges OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
C:\WINDOWS\system32\advpack.dll
C:\WINDOWS\system32\dllcache\advpack.dll
et colles-la dans le cadre de gauche de OTMoveIt2 :
Paste standard List of Files/Folders to be moved.
cliques sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
cliques sur Exit pour fermer.
--->postes le rapport situé dans " C:\OTMoveIt\MovedFiles."
il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas acceptes par "Yes".
1-Avoir accès aux fichiers cachés.
Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ---> coché
"Masquer les extensions des fichiers dont le type est connu" ---> décoché
2-Télécharges OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
C:\WINDOWS\system32\advpack.dll
C:\WINDOWS\system32\dllcache\advpack.dll
et colles-la dans le cadre de gauche de OTMoveIt2 :
Paste standard List of Files/Folders to be moved.
cliques sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
cliques sur Exit pour fermer.
--->postes le rapport situé dans " C:\OTMoveIt\MovedFiles."
il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas acceptes par "Yes".
DllUnregisterServer procedure not found in C:\WINDOWS\system32\advpack.dll
C:\WINDOWS\system32\advpack.dll NOT unregistered.
C:\WINDOWS\system32\advpack.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dllcache\advpack.dll
C:\WINDOWS\system32\dllcache\advpack.dll NOT unregistered.
C:\WINDOWS\system32\dllcache\advpack.dll moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06162008_105402
et voilla
je ne sais pas si tu voulais un autre hijack alord je vais en faire un pareil
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:35 AM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://compaq-consumer.my.aol.ca/?icid=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat.thewolven.com:3080/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.daoutcasts.com:4080/chat/data/html/user/msie/msichat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28081/activereceiver.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\system32\advpack.dll NOT unregistered.
C:\WINDOWS\system32\advpack.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dllcache\advpack.dll
C:\WINDOWS\system32\dllcache\advpack.dll NOT unregistered.
C:\WINDOWS\system32\dllcache\advpack.dll moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06162008_105402
et voilla
je ne sais pas si tu voulais un autre hijack alord je vais en faire un pareil
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:35 AM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://compaq-consumer.my.aol.ca/?icid=desktop
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\IdxClnR.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat.thewolven.com:3080/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.daoutcasts.com:4080/chat/data/html/user/msie/msichat.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28081/activereceiver.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
1-Fermes toutes tes applications et déconnectes toi .
Relance Hijackthis mais click sur " Do a scan only "
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide .
Tu vas clické sur les carré des lignes suivantes :
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat.thewolven.com:3080/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.daoutcasts.com:4080/chat/data/html/user/msie/msichat.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28081/activereceiver.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
Tu cliques en bas sur le bouton FIX CHECKED et valides .
2-Télécharges : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'instalation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ).
Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
Utilisation:
vas dans "nettoyeur" : fait annalyse puis nettoyage
et vas dans "registre" : fait chercher les erreurs et réparer ( plusieur fois jusqu'a ce qu'il n'y est plus d'erreur ) .
( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )
--->Redémarres ton PC .
3-Télécharge DiagHelp.zip sur ton bureau :
http://www.malekal.com/download/DiagHelp.zip
!! déconnectes toi et fermes toutes tes applications en cours !!
Fais un clic droit sur le fichier et extraire tout .
--> Un nouveau dossier va être créé : "DiagHelp"
Ouvres le et double-clic sur go.cmd et pas sur autre chose ! (le .cmd peut ne pas apparaître )
--> Une fenêtre va s'ouvrir, choisis l'option 1
L'analyse va commencer, ce-ci peut durer quelques minutes, laisses faire et appuies sur une touche quand on te le demandera :
une page IE va s'ouvrir , fermes la .
Re-appuis sur une touche, le bloc-note s'ouvre :
Sauvegardes ce rapport de façon à le retrouver et postes tout son contenu dans ta prochaine réponse ...
Relance Hijackthis mais click sur " Do a scan only "
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide .
Tu vas clické sur les carré des lignes suivantes :
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/spresults.aspx
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat.thewolven.com:3080/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://chat.daoutcasts.com:4080/chat/data/html/user/msie/msichat.cab
O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28081/activereceiver.cab
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
Tu cliques en bas sur le bouton FIX CHECKED et valides .
2-Télécharges : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'instalation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ).
Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
Utilisation:
vas dans "nettoyeur" : fait annalyse puis nettoyage
et vas dans "registre" : fait chercher les erreurs et réparer ( plusieur fois jusqu'a ce qu'il n'y est plus d'erreur ) .
( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )
--->Redémarres ton PC .
3-Télécharge DiagHelp.zip sur ton bureau :
http://www.malekal.com/download/DiagHelp.zip
!! déconnectes toi et fermes toutes tes applications en cours !!
Fais un clic droit sur le fichier et extraire tout .
--> Un nouveau dossier va être créé : "DiagHelp"
Ouvres le et double-clic sur go.cmd et pas sur autre chose ! (le .cmd peut ne pas apparaître )
--> Une fenêtre va s'ouvrir, choisis l'option 1
L'analyse va commencer, ce-ci peut durer quelques minutes, laisses faire et appuies sur une touche quand on te le demandera :
une page IE va s'ouvrir , fermes la .
Re-appuis sur une touche, le bloc-note s'ouvre :
Sauvegardes ce rapport de façon à le retrouver et postes tout son contenu dans ta prochaine réponse ...
et voilla
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 12:12:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bd,7d,1a,14,26,1f,88,67,cd,9c,9f,24,68,e8,bf,51,13,c1,a8,c4,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:4d,be,82,83,c8,07,a0,d7,cd,5a,04,bb,51,45,5a,2c,7d,32,43,7f,95,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d5,61,a5,37,3c,f5,61,a9,d6,f5,fb,47,d6,42,4e,39,27,8f,ea,94,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bd,7d,1a,14,26,1f,88,67,cd,9c,9f,24,68,e8,bf,51,13,c1,a8,c4,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:4d,be,82,83,c8,07,a0,d7,cd,5a,04,bb,51,45,5a,2c,7d,32,43,7f,95,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d5,61,a5,37,3c,f5,61,a9,d6,f5,fb,47,d6,42,4e,39,27,8f,ea,94,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1431799-5D7A-CD8F-AD75-BDF8562E09A8}]
"iaanldhmghkfgoahck"=hex:6b,61,6e,66,61,6d,64,66,69,6e,6b,67,63,63,6d,63,70,65,62,65,6c,..
"hagibhgeehdcchhm"=hex:6b,61,6d,66,6c,6c,65,65,68,66,66,61,61,68,6a,6a,6d,63,6d,68,6e,..
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 12:12:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bd,7d,1a,14,26,1f,88,67,cd,9c,9f,24,68,e8,bf,51,13,c1,a8,c4,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:4d,be,82,83,c8,07,a0,d7,cd,5a,04,bb,51,45,5a,2c,7d,32,43,7f,95,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d5,61,a5,37,3c,f5,61,a9,d6,f5,fb,47,d6,42,4e,39,27,8f,ea,94,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bd,7d,1a,14,26,1f,88,67,cd,9c,9f,24,68,e8,bf,51,13,c1,a8,c4,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:4d,be,82,83,c8,07,a0,d7,cd,5a,04,bb,51,45,5a,2c,7d,32,43,7f,95,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d5,61,a5,37,3c,f5,61,a9,d6,f5,fb,47,d6,42,4e,39,27,8f,ea,94,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1431799-5D7A-CD8F-AD75-BDF8562E09A8}]
"iaanldhmghkfgoahck"=hex:6b,61,6e,66,61,6d,64,66,69,6e,6b,67,63,63,6d,63,70,65,62,65,6c,..
"hagibhgeehdcchhm"=hex:6b,61,6d,66,6c,6c,65,65,68,66,66,61,61,68,6a,6a,6d,63,6d,68,6e,..
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
Ok ... ça c'est le rapport "catchme" , très bien ...
Maintenant postes moi le rapport de Diaghelp que tu as sauvegardé ( "résultat.txt" ) .
Maintenant postes moi le rapport de Diaghelp que tu as sauvegardé ( "résultat.txt" ) .
DiagHelp version v1.4 - http://www.malekal.com
excute le Tue 06/17/2008 à 12:32:35.51
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->6/17/2008 12:32:32
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->6/17/2008 12:32:32
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->6/17/2008 12:32:02
C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-1781D844.pf -->6/17/2008 12:31:40
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->6/17/2008 12:31:31
C:\WINDOWS\prefetch\AVGCMGR.EXE-1D29CBA8.pf -->6/17/2008 12:23:00
C:\WINDOWS\prefetch\RUNDLL32.EXE-3B3584BA.pf -->6/17/2008 12:13:33
C:\WINDOWS\prefetch\RUNDLL32.EXE-2514F699.pf -->6/17/2008 12:03:55
C:\WINDOWS\prefetch\RUNDLL32.EXE-2899CD9A.pf -->6/17/2008 12:02:45
C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf -->6/17/2008 12:02:30
C:\WINDOWS\System32\drivers\mbamcatchme.sys -->6/10/2008 19:02:44
C:\WINDOWS\System32\drivers\mbam.sys -->6/10/2008 19:02:40
C:\WINDOWS\System32\drivers\avgldx86.sys -->5/10/2008 12:32:05
C:\WINDOWS\System32\drivers\avgmfx86.sys -->5/10/2008 12:32:04
C:\WINDOWS\System32\drivers\rmcast.sys -->5/8/2008 8:28:49
C:\WINDOWS\System32\drivers\bthport.sys -->4/14/2008 7:01:02
C:\WINDOWS\System32\drivers\rp_skt32.sys -->3/4/2008 16:19:02
C:\WINDOWS\System32\iyvu9_32.dll -->11/27/2008 19:14:34
C:\WINDOWS\System32\iacenc.dll -->11/27/2008 19:14:34
C:\WINDOWS\System32\nvapps.xml -->6/16/2008 17:37:24
C:\WINDOWS\System32\wpa.dbl -->6/16/2008 10:24:55
C:\WINDOWS\System32\FNTCACHE.DAT -->6/10/2008 9:08:39
C:\WINDOWS\System32\MRT.exe -->5/29/2008 19:35:11
C:\WINDOWS\System32\avgrsstx.dll -->5/10/2008 12:32:08
C:\WINDOWS\System32\SDRemoveDB.db -->5/10/2008 9:48:50
C:\WINDOWS\System32\quartz.dll -->5/7/2008 0:55:40
C:\WINDOWS\System32\gyychaln.ini -->5/4/2008 17:12:55
C:\WINDOWS\System32\gyychaln.tmp -->5/4/2008 17:02:02
C:\WINDOWS\System32\keys.txt -->5/2/2008 0:28:12
C:\WINDOWS\System32\rmoc3260.dll -->5/1/2008 9:31:45
C:\WINDOWS\System32\pndx5032.dll -->5/1/2008 9:31:35
C:\WINDOWS\System32\pndx5016.dll -->5/1/2008 9:31:35
C:\WINDOWS\System32\pncrt.dll -->5/1/2008 9:31:30
C:\WINDOWS\System32\mshtml.dll -->4/23/2008 22:16:30
C:\WINDOWS\System32\wininet.dll -->4/23/2008 0:16:29
C:\WINDOWS\System32\webcheck.dll -->4/23/2008 0:16:29
C:\WINDOWS\System32\urlmon.dll -->4/23/2008 0:16:29
C:\WINDOWS\System32\url.dll -->4/23/2008 0:16:28
C:\WINDOWS\System32\pngfilt.dll -->4/23/2008 0:16:28
C:\WINDOWS\System32\occache.dll -->4/23/2008 0:16:28
C:\WINDOWS\System32\mstime.dll -->4/23/2008 0:16:28
C:\WINDOWS\System32\msrating.dll -->4/23/2008 0:16:28
C:\WINDOWS\WindowsUpdate.log -->6/17/2008 10:10:43
C:\WINDOWS\QTFont.qfn -->6/16/2008 17:51:07
C:\WINDOWS\0.log -->6/16/2008 17:39:05
C:\WINDOWS\wiadebug.log -->6/16/2008 17:37:11
C:\WINDOWS\wiaservc.log -->6/16/2008 17:37:10
C:\WINDOWS\bootstat.dat -->6/16/2008 17:35:56
C:\WINDOWS\FreedomInstallScript.log -->6/16/2008 13:15:55
C:\WINDOWS\SchedLgU.Txt -->6/16/2008 13:07:21
C:\WINDOWS\KB950759-IE7.log -->6/16/2008 12:47:04
C:\WINDOWS\updspapi.log -->6/16/2008 12:47:02
C:\WINDOWS\system.ini -->6/16/2008 9:53:51
C:\WINDOWS\NeroDigital.ini -->6/11/2008 13:56:53
C:\WINDOWS\win.ini -->6/10/2008 10:07:32
C:\WINDOWS\QTFont.for -->6/9/2008 10:25:25
C:\WINDOWS\BMd32494c3.txt -->5/10/2008 11:31:21
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 1836
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x78050000 0xd0000 7.00.6000.16674 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x78000000 0x45000 7.00.6000.16674 C:\WINDOWS\system32\iertutil.dll
0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x55df0000 0xd000 17.01.0051.0000 C:\WINDOWS\system32\AcSignIcon.dll
0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
0x5d360000 0xe000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL
0x661c0000 0x21d000 12.00.6211.1000 C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
0x68ef0000 0xf1000 12.00.6211.1000 C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL
0x68ff0000 0x7000 12.00.6211.1000 C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL
0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL
0x65e30000 0x37000 12.00.6211.1000 C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
0x01100000 0x127000 7.00.6000.16674 C:\WINDOWS\system32\urlmon.dll
0x74980000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WINDOW~4\MpShHook.dll
0x7c420000 0x87000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll
0x42ef0000 0x5cd000 7.00.6000.16674 C:\WINDOWS\system32\ieframe.dll
0x55fe0000 0x52000 17.01.0051.0000 C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x42e40000 0x3c000 7.00.6000.16674 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x7d1e0000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x10000000 0x16f000 6.14.0010.11034 C:\WINDOWS\system32\nview.dll
0x66b40000 0x17f000 12.00.6211.1000 C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll
0x14070000 0x1b000 11.00.5721.5145 C:\WINDOWS\system32\wmpshell.dll
0x02a90000 0x1b9000 2.00.0000.0008 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll
0x026c0000 0xe000 7.10.3077.0000 C:\WINDOWS\system32\MFC71ENU.DLL
0x55ee0000 0x1b000 17.01.0051.0000 C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
0x026f0000 0x5b000 8.01.0000.0000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\wmvcore.dll
0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL
0x02df0000 0x15000 6.14.0010.8208 C:\WINDOWS\system32\nvwddi.dll
0x02680000 0x14000 2.07.0002.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
0x03230000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
0x02d70000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x03740000 0x63000 1.03.0011.0000 C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll
0x02da0000 0x28000 1.03.0004.0000 C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrguil.dll
0x03d90000 0xc000 1.01.0000.0341 C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtensionRes.dll
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x02600000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x79000000 0x46000 2.00.50727.1433 C:\WINDOWS\system32\MSCOREE.DLL
0x60610000 0x6000 2.00.50727.1433 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
0x79e70000 0x58f000 2.00.50727.1433 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
0x03e30000 0xe1000 12.00.6211.1000 C:\Program Files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
0x60050000 0x1b000 6.00.0000.19305 C:\Program Files\Vidéotron\Services de sécurité Vidéotron\AVCntxtR.dll
0x00d00000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x00d20000 0x10000 5.03.0000.0198 C:\Program Files\MagicISO\misosh.dll
0x621a0000 0x1d000 8.00.0000.0080 C:\Program Files\AVG\AVG8\avgse.dll
0x6bd10000 0x10000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\msohevi.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 1024
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe
0x10000000 0x5000 8.00.0000.0080 C:\WINDOWS\system32\avgrsstx.dll
0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x011c0000 0x3b000 1.07.0017.0000 C:\WINDOWS\system32\WgaLogon.dll
0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
Volume in drive C is PRESARIO
Volume Serial Number is D017-A7F0
Directory of C:\WINDOWS\system
05/07/1998 12:04 PM 52,736 hpsysdrv.exe
1 File(s) 52,736 bytes
0 Dir(s) 110,877,552,640 bytes free
Volume in drive C is PRESARIO
Volume Serial Number is D017-A7F0
Directory of C:\WINDOWS\system32
08/10/2004 12:00 AM 6,144 csrss.exe
1 File(s) 6,144 bytes
0 Dir(s) 110,877,552,640 bytes free
Contenu de Downloaded Program Files
Volume in drive C is PRESARIO
Volume Serial Number is D017-A7F0
Directory of C:\WINDOWS\Downloaded Program Files
06/16/2008 11:47 AM <DIR> .
06/16/2008 11:47 AM <DIR> ..
08/31/2005 12:00 AM 65 desktop.ini
03/24/2008 07:33 PM 1,527,056 FP_AX_CAB_INSTALLER.exe
02/12/2007 10:10 AM 302,184 IDrop.ocx
02/12/2007 10:24 AM 114,792 IDropENU.dll
03/24/2008 07:18 PM 247 swflash.inf
04/29/2008 08:49 AM 456,768 wlscBase.dll
04/29/2008 08:52 AM 320 wlscBase.inf
7 File(s) 2,401,432 bytes
Total Files Listed:
7 File(s) 2,401,432 bytes
2 Dir(s) 110,877,552,640 bytes free
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"="C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe:*:Enabled:SketchUp Application"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Compaq_Administrator\\My Documents\\Azureus Downloads\\Azureus\\Azureus.exe"="C:\\Documents and Settings\\Compaq_Administrator\\My Documents\\Azureus Downloads\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 12:33:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bd,7d,1a,14,26,1f,88,67,cd,9c,9f,24,68,e8,bf,51,13,c1,a8,c4,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:4d,be,82,83,c8,07,a0,d7,cd,5a,04,bb,51,45,5a,2c,7d,32,43,7f,95,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d5,61,a5,37,3c,f5,61,a9,d6,f5,fb,47,d6,42,4e,39,27,8f,ea,94,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bd,7d,1a,14,26,1f,88,67,cd,9c,9f,24,68,e8,bf,51,13,c1,a8,c4,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:4d,be,82,83,c8,07,a0,d7,cd,5a,04,bb,51,45,5a,2c,7d,32,43,7f,95,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d5,61,a5,37,3c,f5,61,a9,d6,f5,fb,47,d6,42,4e,39,27,8f,ea,94,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1431799-5D7A-CD8F-AD75-BDF8562E09A8}]
"iaanldhmghkfgoahck"=hex:6b,61,6e,66,61,6d,64,66,69,6e,6b,67,63,63,6d,63,70,65,62,65,6c,..
"hagibhgeehdcchhm"=hex:6b,61,6d,66,6c,6c,65,65,68,66,66,61,61,68,6a,6a,6d,63,6d,68,6e,..
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
644 - RPS.exe
808 - avgwdsvc.exe
844 - VideotronSA.exe
876 - rundll32.exe
904 - PDAgent.exe
1000 - csrss.exe
1024 - winlogon.exe
1096 - services.exe
1108 - lsass.exe
1260 - svchost.exe
1368 - svchost.exe
1412 - svchost.exe
1492 - MsMpEng.exe
1532 - svchost.exe
1568 - svchost.exe
1644 - Fws.exe
1692 - avgtray.exe
1836 - explorer.exe
1856 - nvsvc32.exe
1896 - svchost.exe
2108 - dllhost.exe
2332 - msnmsgr.exe
2352 - mcrdsvc.exe
2384 - alg.exe
2536 - cmd.exe
2908 - VideotronSAComH
3244 - iexplore.exe
3352 - wmiprvse.exe
Total number of processes = 29
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806CE000 - \WINDOWS\system32\hal.dll
F7A9C000 - \WINDOWS\system32\KDCOM.DLL
F79AC000 - \WINDOWS\system32\BOOTVID.dll
F73B3000 - sptd.sys
F7A9E000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F739B000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F736D000 - ACPI.sys
F735C000 - pci.sys
F759C000 - ohci1394.sys
F75AC000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F75BC000 - isapnp.sys
F7B64000 - pciide.sys
F781C000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F7AA0000 - viaide.sys
F7AA2000 - intelide.sys
F75CC000 - MountMgr.sys
F733D000 - ftdisk.sys
F7AA4000 - dmload.sys
F7317000 - dmio.sys
F7824000 - PartMgr.sys
F75DC000 - VolSnap.sys
F72FF000 - atapi.sys
F72BC000 - ftsata2.sys
F75EC000 - disk.sys
F75FC000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F729C000 - fltMgr.sys
F728A000 - sr.sys
F760C000 - bb-run.sys
F761C000 - PxHelp20.sys
F7273000 - KSecDD.sys
F7260000 - WudfPf.sys
F724D000 - DefragFS.sys
F71C0000 - Ntfs.sys
F7193000 - NDIS.sys
F7178000 - Mup.sys
F764C000 - \SystemRoot\system32\DRIVERS\AmdK8.sys
F793C000 - \SystemRoot\system32\DRIVERS\aracpi.sys
F651B000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
F6507000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F7944000 - \SystemRoot\system32\DRIVERS\usbohci.sys
F64E4000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F794C000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F765C000 - \SystemRoot\system32\DRIVERS\imapi.sys
F766C000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F767C000 - \SystemRoot\system32\DRIVERS\redbook.sys
F64C1000 - \SystemRoot\system32\DRIVERS\ks.sys
F7954000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F647C000 - \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
F6385000 - \SystemRoot\system32\DRIVERS\HSX_DP.sys
F62CF000 - \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
F795C000 - \SystemRoot\System32\Drivers\Modem.SYS
F62AA000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
F7128000 - \SystemRoot\system32\DRIVERS\nvnetbus.sys
F625F000 - \SystemRoot\system32\DRIVERS\NVNRM.SYS
F6228000 - \SystemRoot\system32\DRIVERS\NVSNPU.SYS
F7124000 - \SystemRoot\system32\DRIVERS\arpolicy.sys
F6211000 - \SystemRoot\System32\Drivers\ezplay.sys
F7C1B000 - \SystemRoot\system32\DRIVERS\audstub.sys
F768C000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7120000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F61FA000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F769C000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F76AC000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F7964000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F61E9000 - \SystemRoot\system32\DRIVERS\psched.sys
F76BC000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F796C000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F7974000 - \SystemRoot\system32\DRIVERS\raspti.sys
F76CC000 - \SystemRoot\system32\DRIVERS\rp_skt32.sys
F6118000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F770C000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7984000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F798C000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F771C000 - \SystemRoot\system32\DRIVERS\rp_pkt32.sys
F6101000 - \SystemRoot\system32\DRIVERS\mcdbus.sys
F7AE8000 - \SystemRoot\system32\DRIVERS\swenum.sys
F60CD000 - \SystemRoot\system32\DRIVERS\update.sys
F688F000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F772C000 - \SystemRoot\system32\DRIVERS\NVENETFD.sys
F773C000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F774C000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7AEA000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F36BC000 - \SystemRoot\system32\drivers\RtkHDAud.sys
F369A000 - \SystemRoot\system32\drivers\portcls.sys
F776C000 - \SystemRoot\system32\drivers\drmk.sys
F7AF4000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7CD0000 - \SystemRoot\System32\Drivers\Null.SYS
F7AF6000 - \SystemRoot\System32\Drivers\Beep.SYS
F786C000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F7874000 - \SystemRoot\System32\drivers\vga.sys
F7AFA000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7AFC000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F787C000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7884000 - \SystemRoot\System32\Drivers\Npfs.SYS
F60C5000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F363F000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F35E7000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F35BF000 - \SystemRoot\system32\DRIVERS\netbt.sys
F359D000 - \SystemRoot\System32\drivers\afd.sys
F77AC000 - \SystemRoot\system32\DRIVERS\netbios.sys
F788C000 - \SystemRoot\System32\Drivers\StarOpen.SYS
F3572000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F3503000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F77CC000 - \SystemRoot\System32\Drivers\Fips.SYS
F34E2000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F77DC000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F789C000 - \SystemRoot\System32\Drivers\avgmfx86.sys
F3404000 - \SystemRoot\System32\Drivers\avgldx86.sys
F33E1000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F77FC000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F6099000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F780C000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F78BC000 - \SystemRoot\system32\DRIVERS\arhidfltr.sys
F78C4000 - \SystemRoot\system32\DRIVERS\usbprint.sys
F78CC000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
F78D4000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F6095000 - \SystemRoot\system32\DRIVERS\mouhid.sys
F78DC000 - \SystemRoot\system32\DRIVERS\point32.sys
F7B12000 - \SystemRoot\system32\DRIVERS\armoucfltr.sys
F6091000 - \SystemRoot\system32\DRIVERS\kbdhid.sys
F7B16000 - \SystemRoot\system32\DRIVERS\arkbcfltr.sys
F3379000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7B18000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F7A74000 - \SystemRoot\System32\drivers\Dxapi.sys
F78E4000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7C19000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
BA1B3000 - \SystemRoot\system32\drivers\wdmaud.sys
BA2D8000 - \SystemRoot\system32\drivers\sysaudio.sys
B9F57000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
B9EEC000 - \SystemRoot\system32\DRIVERS\atksgt.sys
B9E20000 - \SystemRoot\system32\DRIVERS\css-dvp.sys
B9CC7000 - \SystemRoot\System32\Drivers\HTTP.sys
F791C000 - \SystemRoot\system32\DRIVERS\lirsgt.sys
F7B14000 - \SystemRoot\System32\Drivers\MCSTRM.SYS
B9E08000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys
B9B85000 - \SystemRoot\system32\DRIVERS\srv.sys
F6149000 - \SystemRoot\system32\DRIVERS\secdrv.sys
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
B0976000 - \SystemRoot\system32\drivers\kmixer.sys
F7BBF000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 144
Liste des programmes installes
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Agent de service Vidéotron 1.5.13
Apple Mobile Device Support
Apple Software Update
Authentium AntiVirus SDK - 2
AutoCAD 2008 - English
AutoCAD 2008 - English
Autodesk DWF Viewer 7
AVG Free 8.0
Azureus Vuze
Cabos
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon i450
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Chainz 2: Relinked
Compaq Connections (remove only)
ConvertXtoDVD 2.1.14.223
Cradle Of Persia
Creative Photo Manager
Creative WebCam Center
Creative WebCam Instant Driver (1.03.02.0425)
Customer Experience Enhancement
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Director
Disc2Phone
DocProc
DocumentViewer
DVD Decrypter (Remove Only)
Easy Internet Sign-up
Easy Internet Sign-up
Enregistrement du produit WebCam Instant
Google SketchUp 6
Google SketchUp 6 Exporters
Google SketchUp LayOut 6
Google SketchUp Pro 6
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
HP Boot Optimizer
HP DVD Play 2.1
HP Update
HP Web Helper
HpSdpAppCoreApp
HPSystemDiagnostics
ichat Active X Chat Client
ichat ROOMS(TM) Client for Internet Explorer
ISEngineUpdate
iTunes
J2SE Runtime Environment 5.0 Update 10
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
LightScribe 1.4.105.1
Magic ISO Maker v5.4 (build 0248)
MagicDisc 2.5.79
Malwarebytes' Anti-Malware
Manuel d'utilisation de Creative WebCam Instant (Français)
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Web
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft IntelliPoint 5.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Nero 7 Ultra Edition
Nero Media Player
NVIDIA Drivers
Otto
PerfectDisk
Polly Pride™ Pet Detective
PPSDKRedistributables
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
Sandlot Games Client Services
Sandlot Games Client Services 1.2.2
Sansa Media Converter
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Services de sécurité Vidéotron
SightSpeed (remove only)
Sony Ericsson PC Suite 1.20.224
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB953356)
Update Rollup 2 for Windows XP Media Center Edition 2005
VBA (2627.01)
Virtual Villagers® - The Secret City
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
XoftSpySE
Volume in drive C is PRESARIO
Volume Serial Number is D017-A7F0
Directory of C:\Program Files
06/16/2008 11:52 AM <DIR> .
06/16/2008 11:52 AM <DIR> ..
08/14/2007 11:28 PM <DIR> Absolute Video Converter
03/03/2008 05:51 PM <DIR> Adobe
03/03/2008 05:51 PM <DIR> Apple Software Update
03/16/2007 09:14 AM <DIR> Ares
06/09/2008 10:28 AM <DIR> AutoCAD 2008
01/18/2008 09:11 PM <DIR> Autodesk
05/10/2008 12:31 PM <DIR> AVG
08/16/2007 02:29 PM <DIR> Azada
04/05/2008 12:25 PM <DIR> Azureus
02/27/2007 10:59 PM <DIR> BFG
03/04/2008 03:16 PM <DIR> CA
03/16/2007 09:20 AM <DIR> Cabos
11/20/2007 12:47 PM <DIR> Canon
06/16/2008 11:52 AM <DIR> CCleaner
06/09/2008 10:14 AM <DIR> Common Files
09/11/2006 09:38 PM <DIR> Compaq Connections
09/11/2006 09:15 PM <DIR> CONEXANT
02/14/2008 01:08 PM <DIR> Cradle Of Persia
08/28/2007 04:29 PM <DIR> Creative
02/23/2007 03:43 PM <DIR> Disc2Phone
06/15/2008 08:55 PM <DIR> Dofus
06/09/2007 01:26 PM <DIR> DVD Decrypter
08/14/2007 11:28 PM <DIR> DVD Shrink
03/23/2008 03:25 PM <DIR> DVDXCopyInternational
03/28/2007 11:01 AM <DIR> EnglishOtto
05/11/2008 12:28 PM <DIR> Escape the Museum
01/27/2007 02:26 PM <DIR> Eye Games
05/05/2008 03:35 PM <DIR> Google
03/08/2008 03:36 PM <DIR> HP
06/09/2007 02:28 PM <DIR> ImTOO
03/01/2008 11:33 PM 2,166 INSTALL.LOG
08/03/2007 05:45 PM <DIR> InterMute
06/12/2008 03:06 AM <DIR> Internet Explorer
03/10/2008 12:01 PM <DIR> iPod
03/10/2008 12:01 PM <DIR> iTunes
03/27/2008 09:46 AM <DIR> Java
05/05/2008 01:23 PM <DIR> Leroy Merlin
03/14/2007 05:30 PM <DIR> Macrogaming
01/21/2008 11:23 AM <DIR> MagicDisc
01/18/2008 05:30 PM <DIR> MagicISO
06/11/2008 02:04 PM <DIR> Malwarebytes' Anti-Malware
08/31/2007 12:23 PM <DIR> Maxis
03/28/2007 11:01 AM <DIR> Messenger
06/05/2008 08:42 AM <DIR> Messenger Plus! Live
05/09/2007 10:50 PM <DIR> Microsoft CAPICOM 2.1.0.2
01/20/2008 06:36 PM <DIR> Microsoft Expression
11/14/2005 09:06 PM <DIR> microsoft frontpage
07/02/2007 05:23 PM <DIR> Microsoft IntelliPoint
06/09/2008 10:11 AM <DIR> Microsoft Office
01/17/2008 02:38 PM <DIR> Microsoft SQL Server Compact Edition
01/20/2008 02:49 PM <DIR> Microsoft Visual Studio
05/05/2008 12:10 PM <DIR> Microsoft Visual Studio 8
05/29/2008 12:30 AM <DIR> Microsoft Works
01/20/2008 02:48 PM <DIR> Microsoft.NET
03/03/2008 05:51 PM <DIR> Movie Collection
11/14/2005 09:07 PM <DIR> Movie Maker
01/20/2008 02:49 PM <DIR> MSBuild
11/14/2005 09:07 PM <DIR> MSN
11/14/2005 09:07 PM <DIR> MSN Gaming Zone
06/10/2008 09:51 AM <DIR> MSXML 6.0
03/28/2007 11:01 AM <DIR> music_now
01/12/2008 01:52 PM <DIR> Neoact
09/08/2007 06:44 PM <DIR> Nero
11/14/2005 09:07 PM <DIR> NetMeeting
06/14/2007 03:04 AM <DIR> Outlook Express
05/06/2008 11:17 AM <DIR> Panicware
01/03/2007 05:29 PM <DIR> Quicken
03/10/2008 11:59 AM <DIR> QuickTime
03/04/2008 03:16 PM <DIR> Raxco
09/28/2007 08:24 AM <DIR> Real
12/30/2006 07:57 PM <DIR> Rhapsody
12/25/2007 05:59 PM <DIR> SanDisk
06/15/2008 09:02 PM <DIR> Shockwave.com
01/27/2007 01:30 PM <DIR> SightSpeed
02/02/2007 08:59 AM <DIR> Sonic
02/23/2007 03:38 PM <DIR> Sony Ericsson
03/04/2008 03:16 PM <DIR> Vidéotron
12/09/2007 09:47 AM <DIR> vso
05/05/2008 04:52 PM <DIR> Webroot
05/05/2008 03:39 PM <DIR> Windows Defender
02/27/2008 04:01 AM <DIR> Windows Live
05/08/2008 05:10 PM <DIR> Windows Live Safety Center
10/04/2007 01:50 PM <DIR> Windows Media Connect 2
03/03/2008 05:52 PM <DIR> Windows Media Player
11/14/2005 09:07 PM <DIR> Windows NT
11/14/2005 09:08 PM <DIR> Windows Plus
04/09/2007 08:34 AM <DIR> WinRAR
11/14/2005 09:08 PM <DIR> xerox
06/17/2008 09:48 AM <DIR> XoftSpySE
05/28/2008 10:16 PM <DIR> Yahoo!
05/05/2008 01:14 PM <DIR> Zylom Games
1 File(s) 2,166 bytes
92 Dir(s) 110,877,159,424 bytes free
Volume in drive C is PRESARIO
Volume Serial Number is D017-A7F0
Directory of C:\Program Files\common files
06/09/2008 10:14 AM <DIR> .
06/09/2008 10:14 AM <DIR> ..
02/18/2008 09:46 AM <DIR> Adobe
09/08/2007 06:45 PM <DIR> Ahead
09/04/2007 07:33 PM <DIR> Apple
12/25/2007 05:59 PM <DIR> ArcSoft
03/04/2008 03:16 PM <DIR> Authentium
06/09/2008 10:29 AM <DIR> Autodesk Shared
11/20/2007 12:45 PM <DIR> Canon
06/09/2008 10:11 AM <DIR> DESIGNER
05/28/2007 11:51 AM <DIR> Hewlett-Packard
03/08/2008 03:45 PM <DIR> HP
09/10/2007 11:54 AM <DIR> InstallShield
05/09/2008 10:34 PM <DIR> iS3
09/11/2006 08:59 PM <DIR> Java
12/31/2006 01:08 PM <DIR> LightScribe
09/11/2006 09:30 PM <DIR> LS Getting Started
06/09/2008 10:11 AM <DIR> Microsoft Shared
03/03/2008 05:52 PM <DIR> Motive
11/14/2005 09:06 PM <DIR> MSSoap
03/11/2008 11:06 PM <DIR> ODBC
05/01/2008 09:31 AM <DIR> Real
05/10/2008 02:23 PM <DIR> Sandlot Shared
03/30/2008 01:28 AM <DIR> Scanner
11/14/2005 09:06 PM <DIR> Services
11/14/2005 09:06 PM <DIR> SpeechEngines
12/30/2006 07:18 PM <DIR> Symantec Shared
01/20/2008 02:56 PM <DIR> System
05/12/2008 08:32 AM <DIR> Teleca Shared
05/01/2008 09:32 AM <DIR> xing shared
0 File(s) 0 bytes
30 Dir(s) 110,877,155,328 bytes free
c:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.1.9\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\InstMsiA.Exe
c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\InstMsiW.Exe
c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\Setup.Exe
c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
c:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\Installers\flipwords-setup.exe_cache
c:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\Installers\flipwords-setup.exe_filedata
c:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\Installers\SetupGamesClient.exe
c:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\Installers\SetupGamesClient.exe_filedata
c:\Documents and Settings\Compaq_Administrator\Application Data\Azureus\plugins\azemp\azmplay.exe
c:\Documents and Settings\Compaq_Administrator\Application Data\Real\Update\setup\schedule.exe
c:\Documents and Settings\Compaq_Administrator\Application Data\Real\Update\setup\setup.exe
c:\Documents and Settings\Compaq_Administrator\Application Data\Real\Update\setup\data~0\RealPlayer11GOLD.exe
c:\Documents and Settings\Compaq_Administrator\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\AcDelTree.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Setup.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\msi\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Common Files\Autodesk Shared\ACHELP.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Common Files\Autodesk Shared\mtstack16.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Common Files\Autodesk Shared\PLU26.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Common Files\Autodesk Shared\WSCOMMCNTR1.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Common Files\Autodesk Shared\AcDwgFilter\ACDWGFILTERIMP16.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Common Files\Autodesk Shared\AcShellEx\ACLAUNCHER.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Common Files\Autodesk Shared\Service\ADSKNETSRV.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\ACGGE.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\ACSIGNAPPLY.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\ADDPLWIZ.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\ADMIGRATOR.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\ADREFMAN.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\ADSUBAWARE.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\DWGCHECKSTANDARDS.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\HPSETUP.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\PC3EXE.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\SENDDMP.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\SFXFE32.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\SLIDELIB.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\STYEXE.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\STYSHWIZ.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\Express\ALIAS.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\Express\DUMPSHX.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\Express\LSPSURF.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\Locked\ACAD.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\mdac_typ.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\CADManager\Setup.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\CADManager\Program Files\Autodesk\CAD Manager Tools\AdPM.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\CADManager\Program Files\Autodesk\CAD Manager Tools\CMControl.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\CADManagerControl\CMControl.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\DirectX\DXSETUP.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\dotnetfx.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1028\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1029\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1031\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1034\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1036\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1038\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1040\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1041\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1042\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1043\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1045\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1046\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1049\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1053\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\2052\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\nlm\Setup.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\nlm\Program Files\Autodesk Network License Manager\adskflex.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\nlm\Program Files\Autodesk Network License Manager\lmgrd.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\nlm\Program Files\Autodesk Network License Manager\lmtools.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\nlm\Program Files\Autodesk Network License Manager\lmutil.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\NSA\Setup.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\NSA\Program Files\NLM\NLA\enu\ACD2008NLA.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\SAMreport-Lite\SAMreport.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\VBA\pFiles\Common\MSShared\Vba\Vba6\link.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\VBA\pFiles\MSOffice\Office10\makecert.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\VBA\pFiles\MSOffice\Office10\selfcert.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\m
excute le Tue 06/17/2008 à 12:32:35.51
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->6/17/2008 12:32:32
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->6/17/2008 12:32:32
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->6/17/2008 12:32:02
C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-1781D844.pf -->6/17/2008 12:31:40
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->6/17/2008 12:31:31
C:\WINDOWS\prefetch\AVGCMGR.EXE-1D29CBA8.pf -->6/17/2008 12:23:00
C:\WINDOWS\prefetch\RUNDLL32.EXE-3B3584BA.pf -->6/17/2008 12:13:33
C:\WINDOWS\prefetch\RUNDLL32.EXE-2514F699.pf -->6/17/2008 12:03:55
C:\WINDOWS\prefetch\RUNDLL32.EXE-2899CD9A.pf -->6/17/2008 12:02:45
C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf -->6/17/2008 12:02:30
C:\WINDOWS\System32\drivers\mbamcatchme.sys -->6/10/2008 19:02:44
C:\WINDOWS\System32\drivers\mbam.sys -->6/10/2008 19:02:40
C:\WINDOWS\System32\drivers\avgldx86.sys -->5/10/2008 12:32:05
C:\WINDOWS\System32\drivers\avgmfx86.sys -->5/10/2008 12:32:04
C:\WINDOWS\System32\drivers\rmcast.sys -->5/8/2008 8:28:49
C:\WINDOWS\System32\drivers\bthport.sys -->4/14/2008 7:01:02
C:\WINDOWS\System32\drivers\rp_skt32.sys -->3/4/2008 16:19:02
C:\WINDOWS\System32\iyvu9_32.dll -->11/27/2008 19:14:34
C:\WINDOWS\System32\iacenc.dll -->11/27/2008 19:14:34
C:\WINDOWS\System32\nvapps.xml -->6/16/2008 17:37:24
C:\WINDOWS\System32\wpa.dbl -->6/16/2008 10:24:55
C:\WINDOWS\System32\FNTCACHE.DAT -->6/10/2008 9:08:39
C:\WINDOWS\System32\MRT.exe -->5/29/2008 19:35:11
C:\WINDOWS\System32\avgrsstx.dll -->5/10/2008 12:32:08
C:\WINDOWS\System32\SDRemoveDB.db -->5/10/2008 9:48:50
C:\WINDOWS\System32\quartz.dll -->5/7/2008 0:55:40
C:\WINDOWS\System32\gyychaln.ini -->5/4/2008 17:12:55
C:\WINDOWS\System32\gyychaln.tmp -->5/4/2008 17:02:02
C:\WINDOWS\System32\keys.txt -->5/2/2008 0:28:12
C:\WINDOWS\System32\rmoc3260.dll -->5/1/2008 9:31:45
C:\WINDOWS\System32\pndx5032.dll -->5/1/2008 9:31:35
C:\WINDOWS\System32\pndx5016.dll -->5/1/2008 9:31:35
C:\WINDOWS\System32\pncrt.dll -->5/1/2008 9:31:30
C:\WINDOWS\System32\mshtml.dll -->4/23/2008 22:16:30
C:\WINDOWS\System32\wininet.dll -->4/23/2008 0:16:29
C:\WINDOWS\System32\webcheck.dll -->4/23/2008 0:16:29
C:\WINDOWS\System32\urlmon.dll -->4/23/2008 0:16:29
C:\WINDOWS\System32\url.dll -->4/23/2008 0:16:28
C:\WINDOWS\System32\pngfilt.dll -->4/23/2008 0:16:28
C:\WINDOWS\System32\occache.dll -->4/23/2008 0:16:28
C:\WINDOWS\System32\mstime.dll -->4/23/2008 0:16:28
C:\WINDOWS\System32\msrating.dll -->4/23/2008 0:16:28
C:\WINDOWS\WindowsUpdate.log -->6/17/2008 10:10:43
C:\WINDOWS\QTFont.qfn -->6/16/2008 17:51:07
C:\WINDOWS\0.log -->6/16/2008 17:39:05
C:\WINDOWS\wiadebug.log -->6/16/2008 17:37:11
C:\WINDOWS\wiaservc.log -->6/16/2008 17:37:10
C:\WINDOWS\bootstat.dat -->6/16/2008 17:35:56
C:\WINDOWS\FreedomInstallScript.log -->6/16/2008 13:15:55
C:\WINDOWS\SchedLgU.Txt -->6/16/2008 13:07:21
C:\WINDOWS\KB950759-IE7.log -->6/16/2008 12:47:04
C:\WINDOWS\updspapi.log -->6/16/2008 12:47:02
C:\WINDOWS\system.ini -->6/16/2008 9:53:51
C:\WINDOWS\NeroDigital.ini -->6/11/2008 13:56:53
C:\WINDOWS\win.ini -->6/10/2008 10:07:32
C:\WINDOWS\QTFont.for -->6/9/2008 10:25:25
C:\WINDOWS\BMd32494c3.txt -->5/10/2008 11:31:21
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 1836
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x78050000 0xd0000 7.00.6000.16674 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x78000000 0x45000 7.00.6000.16674 C:\WINDOWS\system32\iertutil.dll
0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x55df0000 0xd000 17.01.0051.0000 C:\WINDOWS\system32\AcSignIcon.dll
0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
0x5d360000 0xe000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL
0x661c0000 0x21d000 12.00.6211.1000 C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
0x68ef0000 0xf1000 12.00.6211.1000 C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL
0x68ff0000 0x7000 12.00.6211.1000 C:\Program Files\Microsoft Office\Office12\GrooveNew.DLL
0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL
0x65e30000 0x37000 12.00.6211.1000 C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
0x01100000 0x127000 7.00.6000.16674 C:\WINDOWS\system32\urlmon.dll
0x74980000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WINDOW~4\MpShHook.dll
0x7c420000 0x87000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll
0x42ef0000 0x5cd000 7.00.6000.16674 C:\WINDOWS\system32\ieframe.dll
0x55fe0000 0x52000 17.01.0051.0000 C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
0x76b20000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x42e40000 0x3c000 7.00.6000.16674 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x7d1e0000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x10000000 0x16f000 6.14.0010.11034 C:\WINDOWS\system32\nview.dll
0x66b40000 0x17f000 12.00.6211.1000 C:\Program Files\Microsoft Office\Office12\GrooveMisc.dll
0x14070000 0x1b000 11.00.5721.5145 C:\WINDOWS\system32\wmpshell.dll
0x02a90000 0x1b9000 2.00.0000.0008 C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll
0x026c0000 0xe000 7.10.3077.0000 C:\WINDOWS\system32\MFC71ENU.DLL
0x55ee0000 0x1b000 17.01.0051.0000 C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
0x026f0000 0x5b000 8.01.0000.0000 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\wmvcore.dll
0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL
0x02df0000 0x15000 6.14.0010.8208 C:\WINDOWS\system32\nvwddi.dll
0x02680000 0x14000 2.07.0002.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
0x03230000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
0x02d70000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x03740000 0x63000 1.03.0011.0000 C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll
0x02da0000 0x28000 1.03.0004.0000 C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrguil.dll
0x03d90000 0xc000 1.01.0000.0341 C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtensionRes.dll
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x02600000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x79000000 0x46000 2.00.50727.1433 C:\WINDOWS\system32\MSCOREE.DLL
0x60610000 0x6000 2.00.50727.1433 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
0x79e70000 0x58f000 2.00.50727.1433 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
0x03e30000 0xe1000 12.00.6211.1000 C:\Program Files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
0x60050000 0x1b000 6.00.0000.19305 C:\Program Files\Vidéotron\Services de sécurité Vidéotron\AVCntxtR.dll
0x00d00000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x00d20000 0x10000 5.03.0000.0198 C:\Program Files\MagicISO\misosh.dll
0x621a0000 0x1d000 8.00.0000.0080 C:\Program Files\AVG\AVG8\avgse.dll
0x6bd10000 0x10000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\msohevi.dll
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 1024
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x80000 \??\C:\WINDOWS\system32\winlogon.exe
0x10000000 0x5000 8.00.0000.0080 C:\WINDOWS\system32\avgrsstx.dll
0x5d090000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74320000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x17000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x011c0000 0x3b000 1.07.0017.0000 C:\WINDOWS\system32\WgaLogon.dll
0x76fd0000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 0xc5000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
Volume in drive C is PRESARIO
Volume Serial Number is D017-A7F0
Directory of C:\WINDOWS\system
05/07/1998 12:04 PM 52,736 hpsysdrv.exe
1 File(s) 52,736 bytes
0 Dir(s) 110,877,552,640 bytes free
Volume in drive C is PRESARIO
Volume Serial Number is D017-A7F0
Directory of C:\WINDOWS\system32
08/10/2004 12:00 AM 6,144 csrss.exe
1 File(s) 6,144 bytes
0 Dir(s) 110,877,552,640 bytes free
Contenu de Downloaded Program Files
Volume in drive C is PRESARIO
Volume Serial Number is D017-A7F0
Directory of C:\WINDOWS\Downloaded Program Files
06/16/2008 11:47 AM <DIR> .
06/16/2008 11:47 AM <DIR> ..
08/31/2005 12:00 AM 65 desktop.ini
03/24/2008 07:33 PM 1,527,056 FP_AX_CAB_INSTALLER.exe
02/12/2007 10:10 AM 302,184 IDrop.ocx
02/12/2007 10:24 AM 114,792 IDropENU.dll
03/24/2008 07:18 PM 247 swflash.inf
04/29/2008 08:49 AM 456,768 wlscBase.dll
04/29/2008 08:52 AM 320 wlscBase.inf
7 File(s) 2,401,432 bytes
Total Files Listed:
7 File(s) 2,401,432 bytes
2 Dir(s) 110,877,552,640 bytes free
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"="C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe:*:Enabled:SketchUp Application"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Compaq_Administrator\\My Documents\\Azureus Downloads\\Azureus\\Azureus.exe"="C:\\Documents and Settings\\Compaq_Administrator\\My Documents\\Azureus Downloads\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 12:33:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bd,7d,1a,14,26,1f,88,67,cd,9c,9f,24,68,e8,bf,51,13,c1,a8,c4,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:4d,be,82,83,c8,07,a0,d7,cd,5a,04,bb,51,45,5a,2c,7d,32,43,7f,95,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d5,61,a5,37,3c,f5,61,a9,d6,f5,fb,47,d6,42,4e,39,27,8f,ea,94,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bd,7d,1a,14,26,1f,88,67,cd,9c,9f,24,68,e8,bf,51,13,c1,a8,c4,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:4d,be,82,83,c8,07,a0,d7,cd,5a,04,bb,51,45,5a,2c,7d,32,43,7f,95,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d5,61,a5,37,3c,f5,61,a9,d6,f5,fb,47,d6,42,4e,39,27,8f,ea,94,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1431799-5D7A-CD8F-AD75-BDF8562E09A8}]
"iaanldhmghkfgoahck"=hex:6b,61,6e,66,61,6d,64,66,69,6e,6b,67,63,63,6d,63,70,65,62,65,6c,..
"hagibhgeehdcchhm"=hex:6b,61,6d,66,6c,6c,65,65,68,66,66,61,61,68,6a,6a,6d,63,6d,68,6e,..
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Process list by traversal of KiWaitListHead
4 - System
644 - RPS.exe
808 - avgwdsvc.exe
844 - VideotronSA.exe
876 - rundll32.exe
904 - PDAgent.exe
1000 - csrss.exe
1024 - winlogon.exe
1096 - services.exe
1108 - lsass.exe
1260 - svchost.exe
1368 - svchost.exe
1412 - svchost.exe
1492 - MsMpEng.exe
1532 - svchost.exe
1568 - svchost.exe
1644 - Fws.exe
1692 - avgtray.exe
1836 - explorer.exe
1856 - nvsvc32.exe
1896 - svchost.exe
2108 - dllhost.exe
2332 - msnmsgr.exe
2352 - mcrdsvc.exe
2384 - alg.exe
2536 - cmd.exe
2908 - VideotronSAComH
3244 - iexplore.exe
3352 - wmiprvse.exe
Total number of processes = 29
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806CE000 - \WINDOWS\system32\hal.dll
F7A9C000 - \WINDOWS\system32\KDCOM.DLL
F79AC000 - \WINDOWS\system32\BOOTVID.dll
F73B3000 - sptd.sys
F7A9E000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F739B000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F736D000 - ACPI.sys
F735C000 - pci.sys
F759C000 - ohci1394.sys
F75AC000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F75BC000 - isapnp.sys
F7B64000 - pciide.sys
F781C000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F7AA0000 - viaide.sys
F7AA2000 - intelide.sys
F75CC000 - MountMgr.sys
F733D000 - ftdisk.sys
F7AA4000 - dmload.sys
F7317000 - dmio.sys
F7824000 - PartMgr.sys
F75DC000 - VolSnap.sys
F72FF000 - atapi.sys
F72BC000 - ftsata2.sys
F75EC000 - disk.sys
F75FC000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F729C000 - fltMgr.sys
F728A000 - sr.sys
F760C000 - bb-run.sys
F761C000 - PxHelp20.sys
F7273000 - KSecDD.sys
F7260000 - WudfPf.sys
F724D000 - DefragFS.sys
F71C0000 - Ntfs.sys
F7193000 - NDIS.sys
F7178000 - Mup.sys
F764C000 - \SystemRoot\system32\DRIVERS\AmdK8.sys
F793C000 - \SystemRoot\system32\DRIVERS\aracpi.sys
F651B000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
F6507000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F7944000 - \SystemRoot\system32\DRIVERS\usbohci.sys
F64E4000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F794C000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F765C000 - \SystemRoot\system32\DRIVERS\imapi.sys
F766C000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F767C000 - \SystemRoot\system32\DRIVERS\redbook.sys
F64C1000 - \SystemRoot\system32\DRIVERS\ks.sys
F7954000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F647C000 - \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
F6385000 - \SystemRoot\system32\DRIVERS\HSX_DP.sys
F62CF000 - \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
F795C000 - \SystemRoot\System32\Drivers\Modem.SYS
F62AA000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
F7128000 - \SystemRoot\system32\DRIVERS\nvnetbus.sys
F625F000 - \SystemRoot\system32\DRIVERS\NVNRM.SYS
F6228000 - \SystemRoot\system32\DRIVERS\NVSNPU.SYS
F7124000 - \SystemRoot\system32\DRIVERS\arpolicy.sys
F6211000 - \SystemRoot\System32\Drivers\ezplay.sys
F7C1B000 - \SystemRoot\system32\DRIVERS\audstub.sys
F768C000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7120000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F61FA000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F769C000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F76AC000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F7964000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F61E9000 - \SystemRoot\system32\DRIVERS\psched.sys
F76BC000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F796C000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F7974000 - \SystemRoot\system32\DRIVERS\raspti.sys
F76CC000 - \SystemRoot\system32\DRIVERS\rp_skt32.sys
F6118000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F770C000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7984000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F798C000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F771C000 - \SystemRoot\system32\DRIVERS\rp_pkt32.sys
F6101000 - \SystemRoot\system32\DRIVERS\mcdbus.sys
F7AE8000 - \SystemRoot\system32\DRIVERS\swenum.sys
F60CD000 - \SystemRoot\system32\DRIVERS\update.sys
F688F000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F772C000 - \SystemRoot\system32\DRIVERS\NVENETFD.sys
F773C000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F774C000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7AEA000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F36BC000 - \SystemRoot\system32\drivers\RtkHDAud.sys
F369A000 - \SystemRoot\system32\drivers\portcls.sys
F776C000 - \SystemRoot\system32\drivers\drmk.sys
F7AF4000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7CD0000 - \SystemRoot\System32\Drivers\Null.SYS
F7AF6000 - \SystemRoot\System32\Drivers\Beep.SYS
F786C000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F7874000 - \SystemRoot\System32\drivers\vga.sys
F7AFA000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7AFC000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F787C000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7884000 - \SystemRoot\System32\Drivers\Npfs.SYS
F60C5000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F363F000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F35E7000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F35BF000 - \SystemRoot\system32\DRIVERS\netbt.sys
F359D000 - \SystemRoot\System32\drivers\afd.sys
F77AC000 - \SystemRoot\system32\DRIVERS\netbios.sys
F788C000 - \SystemRoot\System32\Drivers\StarOpen.SYS
F3572000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F3503000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F77CC000 - \SystemRoot\System32\Drivers\Fips.SYS
F34E2000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F77DC000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F789C000 - \SystemRoot\System32\Drivers\avgmfx86.sys
F3404000 - \SystemRoot\System32\Drivers\avgldx86.sys
F33E1000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F77FC000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F6099000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F780C000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F78BC000 - \SystemRoot\system32\DRIVERS\arhidfltr.sys
F78C4000 - \SystemRoot\system32\DRIVERS\usbprint.sys
F78CC000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
F78D4000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F6095000 - \SystemRoot\system32\DRIVERS\mouhid.sys
F78DC000 - \SystemRoot\system32\DRIVERS\point32.sys
F7B12000 - \SystemRoot\system32\DRIVERS\armoucfltr.sys
F6091000 - \SystemRoot\system32\DRIVERS\kbdhid.sys
F7B16000 - \SystemRoot\system32\DRIVERS\arkbcfltr.sys
F3379000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7B18000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F7A74000 - \SystemRoot\System32\drivers\Dxapi.sys
F78E4000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7C19000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
BA1B3000 - \SystemRoot\system32\drivers\wdmaud.sys
BA2D8000 - \SystemRoot\system32\drivers\sysaudio.sys
B9F57000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
B9EEC000 - \SystemRoot\system32\DRIVERS\atksgt.sys
B9E20000 - \SystemRoot\system32\DRIVERS\css-dvp.sys
B9CC7000 - \SystemRoot\System32\Drivers\HTTP.sys
F791C000 - \SystemRoot\system32\DRIVERS\lirsgt.sys
F7B14000 - \SystemRoot\System32\Drivers\MCSTRM.SYS
B9E08000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys
B9B85000 - \SystemRoot\system32\DRIVERS\srv.sys
F6149000 - \SystemRoot\system32\DRIVERS\secdrv.sys
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
B0976000 - \SystemRoot\system32\drivers\kmixer.sys
F7BBF000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 144
Liste des programmes installes
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player 11
Agent de service Vidéotron 1.5.13
Apple Mobile Device Support
Apple Software Update
Authentium AntiVirus SDK - 2
AutoCAD 2008 - English
AutoCAD 2008 - English
Autodesk DWF Viewer 7
AVG Free 8.0
Azureus Vuze
Cabos
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon i450
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Chainz 2: Relinked
Compaq Connections (remove only)
ConvertXtoDVD 2.1.14.223
Cradle Of Persia
Creative Photo Manager
Creative WebCam Center
Creative WebCam Instant Driver (1.03.02.0425)
Customer Experience Enhancement
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Director
Disc2Phone
DocProc
DocumentViewer
DVD Decrypter (Remove Only)
Easy Internet Sign-up
Easy Internet Sign-up
Enregistrement du produit WebCam Instant
Google SketchUp 6
Google SketchUp 6 Exporters
Google SketchUp LayOut 6
Google SketchUp Pro 6
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
HP Boot Optimizer
HP DVD Play 2.1
HP Update
HP Web Helper
HpSdpAppCoreApp
HPSystemDiagnostics
ichat Active X Chat Client
ichat ROOMS(TM) Client for Internet Explorer
ISEngineUpdate
iTunes
J2SE Runtime Environment 5.0 Update 10
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
LightScribe 1.4.105.1
Magic ISO Maker v5.4 (build 0248)
MagicDisc 2.5.79
Malwarebytes' Anti-Malware
Manuel d'utilisation de Creative WebCam Instant (Français)
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Expression Web
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft IntelliPoint 5.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Nero 7 Ultra Edition
Nero Media Player
NVIDIA Drivers
Otto
PerfectDisk
Polly Pride™ Pet Detective
PPSDKRedistributables
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
RPS Ad Blocker
RPS AntiFraud
RPS AntiSpyware
RPS AntiVirus
RPS App Detector
RPS AsRealtime
RPS Backup
RPS Burn
RPS Diagnostic Utility
RPS Firewall
RPS ParentalControl
RPS Performance Tool
RPS PopupBlocker
RPS Privacy Manager
RPS RpsCore
RPS Security Cleanup
RPS Zip
Sandlot Games Client Services
Sandlot Games Client Services 1.2.2
Sansa Media Converter
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Services de sécurité Vidéotron
SightSpeed (remove only)
Sony Ericsson PC Suite 1.20.224
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB953356)
Update Rollup 2 for Windows XP Media Center Edition 2005
VBA (2627.01)
Virtual Villagers® - The Secret City
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
XoftSpySE
Volume in drive C is PRESARIO
Volume Serial Number is D017-A7F0
Directory of C:\Program Files
06/16/2008 11:52 AM <DIR> .
06/16/2008 11:52 AM <DIR> ..
08/14/2007 11:28 PM <DIR> Absolute Video Converter
03/03/2008 05:51 PM <DIR> Adobe
03/03/2008 05:51 PM <DIR> Apple Software Update
03/16/2007 09:14 AM <DIR> Ares
06/09/2008 10:28 AM <DIR> AutoCAD 2008
01/18/2008 09:11 PM <DIR> Autodesk
05/10/2008 12:31 PM <DIR> AVG
08/16/2007 02:29 PM <DIR> Azada
04/05/2008 12:25 PM <DIR> Azureus
02/27/2007 10:59 PM <DIR> BFG
03/04/2008 03:16 PM <DIR> CA
03/16/2007 09:20 AM <DIR> Cabos
11/20/2007 12:47 PM <DIR> Canon
06/16/2008 11:52 AM <DIR> CCleaner
06/09/2008 10:14 AM <DIR> Common Files
09/11/2006 09:38 PM <DIR> Compaq Connections
09/11/2006 09:15 PM <DIR> CONEXANT
02/14/2008 01:08 PM <DIR> Cradle Of Persia
08/28/2007 04:29 PM <DIR> Creative
02/23/2007 03:43 PM <DIR> Disc2Phone
06/15/2008 08:55 PM <DIR> Dofus
06/09/2007 01:26 PM <DIR> DVD Decrypter
08/14/2007 11:28 PM <DIR> DVD Shrink
03/23/2008 03:25 PM <DIR> DVDXCopyInternational
03/28/2007 11:01 AM <DIR> EnglishOtto
05/11/2008 12:28 PM <DIR> Escape the Museum
01/27/2007 02:26 PM <DIR> Eye Games
05/05/2008 03:35 PM <DIR> Google
03/08/2008 03:36 PM <DIR> HP
06/09/2007 02:28 PM <DIR> ImTOO
03/01/2008 11:33 PM 2,166 INSTALL.LOG
08/03/2007 05:45 PM <DIR> InterMute
06/12/2008 03:06 AM <DIR> Internet Explorer
03/10/2008 12:01 PM <DIR> iPod
03/10/2008 12:01 PM <DIR> iTunes
03/27/2008 09:46 AM <DIR> Java
05/05/2008 01:23 PM <DIR> Leroy Merlin
03/14/2007 05:30 PM <DIR> Macrogaming
01/21/2008 11:23 AM <DIR> MagicDisc
01/18/2008 05:30 PM <DIR> MagicISO
06/11/2008 02:04 PM <DIR> Malwarebytes' Anti-Malware
08/31/2007 12:23 PM <DIR> Maxis
03/28/2007 11:01 AM <DIR> Messenger
06/05/2008 08:42 AM <DIR> Messenger Plus! Live
05/09/2007 10:50 PM <DIR> Microsoft CAPICOM 2.1.0.2
01/20/2008 06:36 PM <DIR> Microsoft Expression
11/14/2005 09:06 PM <DIR> microsoft frontpage
07/02/2007 05:23 PM <DIR> Microsoft IntelliPoint
06/09/2008 10:11 AM <DIR> Microsoft Office
01/17/2008 02:38 PM <DIR> Microsoft SQL Server Compact Edition
01/20/2008 02:49 PM <DIR> Microsoft Visual Studio
05/05/2008 12:10 PM <DIR> Microsoft Visual Studio 8
05/29/2008 12:30 AM <DIR> Microsoft Works
01/20/2008 02:48 PM <DIR> Microsoft.NET
03/03/2008 05:51 PM <DIR> Movie Collection
11/14/2005 09:07 PM <DIR> Movie Maker
01/20/2008 02:49 PM <DIR> MSBuild
11/14/2005 09:07 PM <DIR> MSN
11/14/2005 09:07 PM <DIR> MSN Gaming Zone
06/10/2008 09:51 AM <DIR> MSXML 6.0
03/28/2007 11:01 AM <DIR> music_now
01/12/2008 01:52 PM <DIR> Neoact
09/08/2007 06:44 PM <DIR> Nero
11/14/2005 09:07 PM <DIR> NetMeeting
06/14/2007 03:04 AM <DIR> Outlook Express
05/06/2008 11:17 AM <DIR> Panicware
01/03/2007 05:29 PM <DIR> Quicken
03/10/2008 11:59 AM <DIR> QuickTime
03/04/2008 03:16 PM <DIR> Raxco
09/28/2007 08:24 AM <DIR> Real
12/30/2006 07:57 PM <DIR> Rhapsody
12/25/2007 05:59 PM <DIR> SanDisk
06/15/2008 09:02 PM <DIR> Shockwave.com
01/27/2007 01:30 PM <DIR> SightSpeed
02/02/2007 08:59 AM <DIR> Sonic
02/23/2007 03:38 PM <DIR> Sony Ericsson
03/04/2008 03:16 PM <DIR> Vidéotron
12/09/2007 09:47 AM <DIR> vso
05/05/2008 04:52 PM <DIR> Webroot
05/05/2008 03:39 PM <DIR> Windows Defender
02/27/2008 04:01 AM <DIR> Windows Live
05/08/2008 05:10 PM <DIR> Windows Live Safety Center
10/04/2007 01:50 PM <DIR> Windows Media Connect 2
03/03/2008 05:52 PM <DIR> Windows Media Player
11/14/2005 09:07 PM <DIR> Windows NT
11/14/2005 09:08 PM <DIR> Windows Plus
04/09/2007 08:34 AM <DIR> WinRAR
11/14/2005 09:08 PM <DIR> xerox
06/17/2008 09:48 AM <DIR> XoftSpySE
05/28/2008 10:16 PM <DIR> Yahoo!
05/05/2008 01:14 PM <DIR> Zylom Games
1 File(s) 2,166 bytes
92 Dir(s) 110,877,159,424 bytes free
Volume in drive C is PRESARIO
Volume Serial Number is D017-A7F0
Directory of C:\Program Files\common files
06/09/2008 10:14 AM <DIR> .
06/09/2008 10:14 AM <DIR> ..
02/18/2008 09:46 AM <DIR> Adobe
09/08/2007 06:45 PM <DIR> Ahead
09/04/2007 07:33 PM <DIR> Apple
12/25/2007 05:59 PM <DIR> ArcSoft
03/04/2008 03:16 PM <DIR> Authentium
06/09/2008 10:29 AM <DIR> Autodesk Shared
11/20/2007 12:45 PM <DIR> Canon
06/09/2008 10:11 AM <DIR> DESIGNER
05/28/2007 11:51 AM <DIR> Hewlett-Packard
03/08/2008 03:45 PM <DIR> HP
09/10/2007 11:54 AM <DIR> InstallShield
05/09/2008 10:34 PM <DIR> iS3
09/11/2006 08:59 PM <DIR> Java
12/31/2006 01:08 PM <DIR> LightScribe
09/11/2006 09:30 PM <DIR> LS Getting Started
06/09/2008 10:11 AM <DIR> Microsoft Shared
03/03/2008 05:52 PM <DIR> Motive
11/14/2005 09:06 PM <DIR> MSSoap
03/11/2008 11:06 PM <DIR> ODBC
05/01/2008 09:31 AM <DIR> Real
05/10/2008 02:23 PM <DIR> Sandlot Shared
03/30/2008 01:28 AM <DIR> Scanner
11/14/2005 09:06 PM <DIR> Services
11/14/2005 09:06 PM <DIR> SpeechEngines
12/30/2006 07:18 PM <DIR> Symantec Shared
01/20/2008 02:56 PM <DIR> System
05/12/2008 08:32 AM <DIR> Teleca Shared
05/01/2008 09:32 AM <DIR> xing shared
0 File(s) 0 bytes
30 Dir(s) 110,877,155,328 bytes free
c:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.1.9\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\InstMsiA.Exe
c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\InstMsiW.Exe
c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\Setup.Exe
c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
c:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\Installers\flipwords-setup.exe_cache
c:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\Installers\flipwords-setup.exe_filedata
c:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\Installers\SetupGamesClient.exe
c:\Documents and Settings\All Users\Application Data\WildTangent\My HP Game Console\Downloads\Installers\SetupGamesClient.exe_filedata
c:\Documents and Settings\Compaq_Administrator\Application Data\Azureus\plugins\azemp\azmplay.exe
c:\Documents and Settings\Compaq_Administrator\Application Data\Real\Update\setup\schedule.exe
c:\Documents and Settings\Compaq_Administrator\Application Data\Real\Update\setup\setup.exe
c:\Documents and Settings\Compaq_Administrator\Application Data\Real\Update\setup\data~0\RealPlayer11GOLD.exe
c:\Documents and Settings\Compaq_Administrator\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\AcDelTree.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Setup.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\msi\WindowsInstaller-KB893803-v2-x86.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Common Files\Autodesk Shared\ACHELP.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Common Files\Autodesk Shared\mtstack16.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Common Files\Autodesk Shared\PLU26.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Common Files\Autodesk Shared\WSCOMMCNTR1.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Common Files\Autodesk Shared\AcDwgFilter\ACDWGFILTERIMP16.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Common Files\Autodesk Shared\AcShellEx\ACLAUNCHER.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Common Files\Autodesk Shared\Service\ADSKNETSRV.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\ACGGE.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\ACSIGNAPPLY.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\ADDPLWIZ.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\ADMIGRATOR.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\ADREFMAN.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\ADSUBAWARE.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\DWGCHECKSTANDARDS.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\HPSETUP.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\PC3EXE.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\SENDDMP.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\SFXFE32.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\SLIDELIB.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\STYEXE.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\STYSHWIZ.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\Express\ALIAS.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\Express\DUMPSHX.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\Express\LSPSURF.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\Program Files\Root\Locked\ACAD.EXE
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\mdac_typ.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\CADManager\Setup.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\CADManager\Program Files\Autodesk\CAD Manager Tools\AdPM.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\CADManager\Program Files\Autodesk\CAD Manager Tools\CMControl.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\CADManagerControl\CMControl.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\DirectX\DXSETUP.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\dotnetfx.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1028\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1029\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1031\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1034\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1036\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1038\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1040\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1041\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1042\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1043\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1045\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1046\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1049\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\1053\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\dotnetfx\2052\langpack.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\nlm\Setup.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\nlm\Program Files\Autodesk Network License Manager\adskflex.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\nlm\Program Files\Autodesk Network License Manager\lmgrd.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\nlm\Program Files\Autodesk Network License Manager\lmtools.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\nlm\Program Files\Autodesk Network License Manager\lmutil.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\NSA\Setup.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\NSA\Program Files\NLM\NLA\enu\ACD2008NLA.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\SAMreport-Lite\SAMreport.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\VBA\pFiles\Common\MSShared\Vba\Vba6\link.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\VBA\pFiles\MSOffice\Office10\makecert.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\music Melanie\programe ecole\a graver\autocad\support\VBA\pFiles\MSOffice\Office10\selfcert.exe
c:\Documents and Settings\Compaq_Administrator\Desktop\m
Télécharges SDFix sur ton bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
--->Double clique sur SDFix.exe et choisis "Install" .
Puis une fois l'instale faite ,redémarre en mode sans échec .
Comment aller en Mode sans échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
--->Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .
Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .
Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
Postes ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse ...
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
--->Double clique sur SDFix.exe et choisis "Install" .
Puis une fois l'instale faite ,redémarre en mode sans échec .
Comment aller en Mode sans échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
--->Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .
Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .
Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
Postes ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse ...
[b]SDFix: Version 1.194 [/b]
Run by Compaq_Administrator on Tue 06/17/2008 at 02:20 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 14:33:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bd,7d,1a,14,26,1f,88,67,cd,9c,9f,24,68,e8,bf,51,13,c1,a8,c4,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:4d,be,82,83,c8,07,a0,d7,cd,5a,04,bb,51,45,5a,2c,7d,32,43,7f,95,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d5,61,a5,37,3c,f5,61,a9,d6,f5,fb,47,d6,42,4e,39,27,8f,ea,94,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bd,7d,1a,14,26,1f,88,67,cd,9c,9f,24,68,e8,bf,51,13,c1,a8,c4,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:4d,be,82,83,c8,07,a0,d7,cd,5a,04,bb,51,45,5a,2c,7d,32,43,7f,95,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d5,61,a5,37,3c,f5,61,a9,d6,f5,fb,47,d6,42,4e,39,27,8f,ea,94,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1431799-5D7A-CD8F-AD75-BDF8562E09A8}]
"iaanldhmghkfgoahck"=hex:6b,61,6e,66,61,6d,64,66,69,6e,6b,67,63,63,6d,63,70,65,62,65,6c,..
"hagibhgeehdcchhm"=hex:6b,61,6d,66,6c,6c,65,65,68,66,66,61,61,68,6a,6a,6d,63,6d,68,6e,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"="C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe:*:Enabled:SketchUp Application"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Compaq_Administrator\\My Documents\\Azureus Downloads\\Azureus\\Azureus.exe"="C:\\Documents and Settings\\Compaq_Administrator\\My Documents\\Azureus Downloads\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Sat 30 Dec 2006 211 A.SHR --- "C:\BOOT.BAK"
Thu 12 Jul 2007 8 ..SHR --- "C:\WINDOWS\system32\0AA18D2AF8.sys"
Sun 4 May 2008 1,483,755 A.SH. --- "C:\WINDOWS\system32\gyychaln.tmp"
Thu 12 Jul 2007 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 4 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 21 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT15.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT15.tmp"
Thu 23 Aug 2007 1,301 ...HR --- "C:\Documents and Settings\Compaq_Administrator\Application Data\SecuROM\UserData\securom_v7_01.bak"
Fri 19 Jan 2007 11,116 A.SH. --- "C:\Documents and Settings\Compaq_Administrator\My Documents\My Music\License Backup\drmv2key.bak"
[b]Finished![/b]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:26 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.videotron.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://compaq-consumer.my.aol.ca/?icid=desktop
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
Run by Compaq_Administrator on Tue 06/17/2008 at 02:20 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 14:33:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bd,7d,1a,14,26,1f,88,67,cd,9c,9f,24,68,e8,bf,51,13,c1,a8,c4,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:4d,be,82,83,c8,07,a0,d7,cd,5a,04,bb,51,45,5a,2c,7d,32,43,7f,95,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d5,61,a5,37,3c,f5,61,a9,d6,f5,fb,47,d6,42,4e,39,27,8f,ea,94,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:bd,7d,1a,14,26,1f,88,67,cd,9c,9f,24,68,e8,bf,51,13,c1,a8,c4,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:4d,be,82,83,c8,07,a0,d7,cd,5a,04,bb,51,45,5a,2c,7d,32,43,7f,95,..
"d0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:55,d5,61,a5,37,3c,f5,61,a9,d6,f5,fb,47,d6,42,4e,39,27,8f,ea,94,..
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B1431799-5D7A-CD8F-AD75-BDF8562E09A8}]
"iaanldhmghkfgoahck"=hex:6b,61,6e,66,61,6d,64,66,69,6e,6b,67,63,63,6d,63,70,65,62,65,6c,..
"hagibhgeehdcchhm"=hex:6b,61,6d,66,6c,6c,65,65,68,66,66,61,61,68,6a,6a,6d,63,6d,68,6e,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"="C:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe:*:Enabled:SketchUp Application"
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"="C:\\Program Files\\SightSpeed\\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Compaq_Administrator\\My Documents\\Azureus Downloads\\Azureus\\Azureus.exe"="C:\\Documents and Settings\\Compaq_Administrator\\My Documents\\Azureus Downloads\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Sat 30 Dec 2006 211 A.SHR --- "C:\BOOT.BAK"
Thu 12 Jul 2007 8 ..SHR --- "C:\WINDOWS\system32\0AA18D2AF8.sys"
Sun 4 May 2008 1,483,755 A.SH. --- "C:\WINDOWS\system32\gyychaln.tmp"
Thu 12 Jul 2007 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 4 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 21 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT15.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT15.tmp"
Thu 23 Aug 2007 1,301 ...HR --- "C:\Documents and Settings\Compaq_Administrator\Application Data\SecuROM\UserData\securom_v7_01.bak"
Fri 19 Jan 2007 11,116 A.SH. --- "C:\Documents and Settings\Compaq_Administrator\My Documents\My Music\License Backup\drmv2key.bak"
[b]Finished![/b]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:26 PM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSAComHandler.exe
C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.videotron.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.videotron.ca
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://compaq-consumer.my.aol.ca/?icid=desktop
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN
O4 - HKLM\..\Run: [Services de sécurité Vidéotron] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Vidéotron\Services de sécurité Vidéotron\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe
O23 - Service: Services de sécurité Vidéotron Coupe-feu (RP_FWS) - Vidéotron - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\Fws.exe
Bon ...
souligne>Télécharges GenProc (de Jean-Chretien1 et Narco4) sur ton bureau (et pas ailleur !) </souligne>:
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
!!Déconnectes toi et fermes tes application en cours !!
Dézippes (extraire tout) le dossier : double-clique sur GenProc.bat et laisses faire...
Postes le contenu du rapport qui s'ouvre .
Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
IMPORTANT : postes le rapport et ne fait rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .
souligne>Télécharges GenProc (de Jean-Chretien1 et Narco4) sur ton bureau (et pas ailleur !) </souligne>:
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
!!Déconnectes toi et fermes tes application en cours !!
Dézippes (extraire tout) le dossier : double-clique sur GenProc.bat et laisses faire...
Postes le contenu du rapport qui s'ouvre .
Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
IMPORTANT : postes le rapport et ne fait rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .
