Alors voici log.txt
Logfile of random’s system information tool 1.06 (written by random/random)
Run by ray at 2009-12-30 13:47:08
Microsoft® Windows Vista Édition Familiale Premium Service Pack 2
System drive C: has 340 GB (73%) free of 466 GB
Total RAM: 3070 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:26, on 30/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\system32\DllHost.exe
C:\Users\ray\AppData\Local\Temp_iu14D2N.tmp
C:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ray\Desktop\RSIT.exe
C:\Program Files\trend micro\ray.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.cherche.us…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.cherche.us…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.cherche.us…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.cherche.us…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.cherche.us…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.cherche.us…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.cherche.us…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.cherche.us…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.cherche.us…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = www.cherche.us…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM…\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM…\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM…\Run: [OsdMaestro] “C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe”
O4 - HKLM…\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM…\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM…\Run: [winternet] C:\Users\ray\winternet.exe
O4 - HKLM…\Run: [StartCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM…\Run: [Malwarebytes’ Anti-Malware] “C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr…
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE…
O8 - Extra context menu item: Recherche avec cherche.us - C:\Users\ray\scriptjava.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.org
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Google Update Service (gupdate1ca6448ad42c2a6) (gupdate1ca6448ad42c2a6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
End of file - 8050 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
C:\Windows\tasks\User_Feed_Synchronization-{F7559860-1AF1-4ACA-B212-E762F84498ED}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{EEE6C35B-6118-11DC-9C72-001320C79847} - []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Windows Defender”=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
“RtHDVCpl”=C:\Windows\RtHDVCpl.exe [2008-07-03 6266880]
“hpsysdrv”=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
“KBD”=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
“OsdMaestro”=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
“”= []
“Adobe ARM”=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
“avgnt”=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-11-12 209153]
“hpqSRMon”=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
“winternet”=C:\Users\ray\winternet.exe [2009-12-21 99328]
“StartCCC”=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-04 98304]
“Malwarebytes’ Anti-Malware”=C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe [2009-12-03 429392]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
“msnmsgr”=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
“WMPNSCFG”=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dragon NaturallySpeaking.lnk - C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“EnableLUA”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“BindDirectlyToPropertySetStorage”=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 months======
2009-12-30 13:47:08 ----D---- C:\rsit
2009-12-30 13:47:08 ----D---- C:\Program Files\trend micro
2009-12-30 13:05:05 ----A---- C:\Windows\system32\ff_vfw.dll
2009-12-30 13:05:04 ----D---- C:\Program Files\ffdshow
2009-12-29 18:42:08 ----D---- C:\Program Files\Corner-A
2009-12-29 17:21:18 ----D---- C:\Program Files\Common Files\Steinberg
2009-12-29 17:20:59 ----D---- C:\Users\ray\AppData\Roaming\Steinberg
2009-12-29 12:00:24 ----D---- C:\Users\ray\AppData\Roaming\Cool Record Edit Pro
2009-12-29 11:59:58 ----D---- C:\Program Files\Free Sound Recorder
2009-12-29 11:59:58 ----A---- C:\Windows\system32\msvcr70.dll
2009-12-29 11:39:51 ----D---- C:\Users\ray\AppData\Roaming\Audacity
2009-12-28 23:33:11 ----D---- C:\Users\ray\AppData\Roaming\OtakuSoftware
2009-12-28 18:58:02 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2009-12-28 04:35:43 ----D---- C:\ProgramData\WindowsSearch
2009-12-28 04:27:03 ----A---- C:\Windows\system32\uxtuneup.dll
2009-12-28 04:27:03 ----A---- C:\Windows\system32\TURegOpt.exe
2009-12-28 04:27:03 ----A---- C:\Windows\system32\authuitu.dll
2009-12-28 04:26:29 ----D---- C:\Program Files\TuneUp Utilities 2010
2009-12-28 04:25:52 ----SHD---- C:\ProgramData{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-28 03:21:36 ----D---- C:\Program Files\Microsoft Silverlight
2009-12-28 01:06:29 ----A---- C:\Windows\system32\2009-12-28-00-06-29.014-VBoxSVC.exe-4244.log
2009-12-27 22:25:39 ----D---- C:\Program Files\HighCriteria
2009-12-27 22:20:32 ----D---- C:\Users\ray\AppData\Roaming\Malwarebytes
2009-12-27 22:20:25 ----D---- C:\ProgramData\Malwarebytes
2009-12-27 22:20:23 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2009-12-26 20:07:10 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-26 20:07:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-24 02:57:14 ----D---- C:\Program Files\Microsoft Visual Studio
2009-12-24 02:57:14 ----D---- C:\Program Files\Common Files\DESIGNER
2009-12-24 02:56:35 ----D---- C:\Program Files\Microsoft.NET
2009-12-24 02:54:28 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-12-24 02:52:40 ----RHD---- C:\MSOCache
2009-12-23 21:01:02 ----HD---- C:\Windows\PIF
2009-12-23 19:49:32 ----D---- C:\Users\ray\AppData\Roaming\Canneverbe_Limited
2009-12-23 19:49:30 ----D---- C:\ProgramData\Canneverbe Limited
2009-12-15 02:20:21 ----D---- C:\ProgramData\InstallShield
2009-12-15 02:20:03 ----AD---- C:\ProgramData\TEMP
2009-12-15 02:19:42 ----D---- C:\Users\ray\AppData\Roaming\Nuance
2009-12-15 02:15:35 ----D---- C:\ProgramData\ScanSoft
2009-12-15 02:15:35 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2009-12-15 02:15:34 ----D---- C:\Program Files\Common Files\Nuance
2009-12-15 02:15:14 ----D---- C:\ProgramData\Nuance
2009-12-15 02:15:14 ----D---- C:\Program Files\Nuance
2009-12-14 23:28:00 ----D---- C:\temp
2009-12-14 01:50:35 ----RHD---- C:\Users\ray\AppData\Roaming\SecuROM
2009-12-14 01:50:34 ----A---- C:\Windows\system32\CmdLineExt.dll
2009-12-13 21:46:35 ----D---- C:\Program Files\7-Zip
2009-12-13 01:05:40 ----D---- C:\Program Files\K-Lite Codec Pack
2009-12-10 03:02:22 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-10 03:02:21 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 15:50:58 ----A---- C:\Windows\system32\javaws.exe
2009-12-09 15:50:58 ----A---- C:\Windows\system32\javaw.exe
2009-12-09 15:50:58 ----A---- C:\Windows\system32\java.exe
2009-12-09 12:03:21 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 12:03:20 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 12:03:20 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 12:03:19 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 12:03:19 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 12:03:19 ----A---- C:\Windows\system32\occache.dll
2009-12-09 12:03:19 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 12:03:19 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 12:03:19 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 12:03:18 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 12:03:18 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 12:03:18 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 12:03:18 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 12:03:18 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 12:03:18 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 12:03:18 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 12:03:18 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 12:03:18 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 12:03:18 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 12:03:08 ----A---- C:\Windows\system32\rastls.dll
2009-12-04 11:58:15 ----D---- C:\Users\ray\AppData\Roaming\ATI
2009-12-04 11:58:15 ----D---- C:\ProgramData\ATI
2009-12-04 11:56:47 ----D---- C:\Program Files\ATI Technologies
2009-12-04 11:56:45 ----D---- C:\Program Files\ATI
2009-12-04 11:56:13 ----D---- C:\ATI
2009-12-02 16:59:46 ----D---- C:\Users\ray\AppData\Roaming\Auslogics
======List of files/folders modified in the last 1 months======
2009-12-30 13:47:21 ----D---- C:\Windows\Prefetch
2009-12-30 13:47:13 ----D---- C:\Windows\Temp
2009-12-30 13:47:08 ----RD---- C:\Program Files
2009-12-30 13:05:05 ----D---- C:\Windows\System32
2009-12-30 13:01:36 ----D---- C:\WINDOWS
2009-12-30 13:00:02 ----D---- C:\Users\ray\AppData\Roaming\vlc
2009-12-30 12:43:23 ----D---- C:\Program Files\JDownloader
2009-12-30 12:35:13 ----D---- C:\Program Files\Mozilla Firefox
2009-12-30 10:24:45 ----D---- C:\Windows\inf
2009-12-30 10:24:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-29 17:21:18 ----D---- C:\Program Files\Common Files
2009-12-29 10:55:33 ----SHD---- C:\System Volume Information
2009-12-29 00:33:00 ----D---- C:\Windows\system32\Tasks
2009-12-28 05:38:04 ----SHD---- C:\Windows\Installer
2009-12-28 05:38:04 ----HD---- C:\Config.Msi
2009-12-28 05:38:03 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-28 05:38:00 ----D---- C:\Windows\system32\catroot
2009-12-28 05:37:37 ----D---- C:\Windows\system32\drivers
2009-12-28 05:34:36 ----D---- C:\Windows\system32\NDF
2009-12-28 04:35:43 ----HD---- C:\ProgramData
2009-12-28 04:26:08 ----D---- C:\ProgramData\TuneUp Software
2009-12-28 04:24:29 ----D---- C:\Windows\Tasks
2009-12-28 03:53:40 ----D---- C:\Windows\rescache
2009-12-28 03:43:10 ----SD---- C:\Users\ray\AppData\Roaming\Microsoft
2009-12-28 03:41:51 ----D---- C:\ProgramData\WildTangent
2009-12-28 03:19:47 ----D---- C:\Windows\winsxs
2009-12-28 03:13:58 ----D---- C:\Windows\system32\catroot2
2009-12-24 12:26:04 ----D---- C:\ProgramData\Microsoft Help
2009-12-24 12:23:53 ----RSD---- C:\Windows\assembly
2009-12-24 03:18:10 ----D---- C:\Program Files\OpenOffice.org 3
2009-12-24 03:03:19 ----D---- C:\Program Files\Common Files\System
2009-12-24 03:03:19 ----A---- C:\Windows\win.ini
2009-12-24 03:01:22 ----RSD---- C:\Windows\Fonts
2009-12-24 03:01:15 ----D---- C:\Program Files\Common Files\microsoft shared
2009-12-24 03:01:03 ----D---- C:\Program Files\Microsoft Works
2009-12-24 02:57:27 ----D---- C:\Program Files\MSBuild
2009-12-24 02:57:18 ----D---- C:\Program Files\Microsoft Office
2009-12-24 02:57:10 ----D---- C:\Windows\ShellNew
2009-12-24 02:56:35 ----SD---- C:\ProgramData\Microsoft
2009-12-23 20:57:36 ----D---- C:\Windows\Debug
2009-12-19 18:26:26 ----D---- C:\Program Files\Google
2009-12-16 18:22:13 ----D---- C:\Windows\system32\WDI
2009-12-15 02:20:02 ----D---- C:\Windows\Speech
2009-12-15 02:15:34 ----SD---- C:\Windows\Downloaded Program Files
2009-12-15 02:15:34 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-10 11:36:52 ----D---- C:\Windows\system32\migration
2009-12-10 11:36:51 ----D---- C:\Windows\system32\fr-FR
2009-12-10 11:36:51 ----D---- C:\Program Files\Windows Mail
2009-12-10 11:36:51 ----D---- C:\Program Files\Internet Explorer
2009-12-09 15:50:52 ----D---- C:\Program Files\Java
2009-12-04 12:17:08 ----D---- C:\Program Files\Hewlett-Packard
2009-12-04 11:52:11 ----D---- C:\ProgramData\NVIDIA
2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; ??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-11-12 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-11-12 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-11-12 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-11-04 5079040]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-07-03 2152088]
R3 MBAMProtector;MBAMProtector; ??\C:\Windows\system32\drivers\mbam.sys [2009-12-03 19160]
R3 MBAMSwissArmy;MBAMSwissArmy; ??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-12-03 38224]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-17 1040544]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; ??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 ainlm5dl;ainlm5dl; C:\Windows\system32\drivers\ainlm5dl.sys []
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d’horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-09-28 7168]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2009-12-17 99152]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2009-12-17 31824]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-12-07 131616]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-10-12 13312]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-11-04 172032]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-11-12 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-12 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-12 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-11-12 434945]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-03-17 73728]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes’ Anti-Malware\mbamservice.exe [2009-12-03 276816]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-11-12 1021256]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 gupdate1ca6448ad42c2a6;Google Update Service (gupdate1ca6448ad42c2a6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-13 133104]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-12-28 435016]
-----------------EOF-----------------
Et voici info.txt
info.txt logfile of random’s system information tool 1.06 2009-12-30 13:47:28
======Uninstall list======
–>“C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe”
–>“C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe”
–>“C:\Program Files\HP Games\Blasterball 3\Uninstall.exe”
–>“C:\Program Files\HP Games\Bricks of Egypt\Uninstall.exe”
–>“C:\Program Files\HP Games\Chicken Invaders 3 - Revenge of the Yolk\Uninstall.exe”
–>“C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe”
–>“C:\Program Files\HP Games\Crystal Maze\Uninstall.exe”
–>“C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe”
–>“C:\Program Files\HP Games\Diner Dash\Uninstall.exe”
–>“C:\Program Files\HP Games\FATE\Uninstall.exe”
–>“C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe”
–>“C:\Program Files\HP Games\Gem Shop\Uninstall.exe”
–>“C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe”
–>“C:\Program Files\HP Games\Jewel Quest\Uninstall.exe”
–>“C:\Program Files\HP Games\Magic Academy\Uninstall.exe”
–>“C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe”
–>“C:\Program Files\HP Games\My HP Game Console\Uninstall.exe”
–>“C:\Program Files\HP Games\Ocean Express\Uninstall.exe”
–>“C:\Program Files\HP Games\Peggle\Uninstall.exe”
–>“C:\Program Files\HP Games\Penguins!\Uninstall.exe”
–>“C:\Program Files\HP Games\Polar Bowler\Uninstall.exe”
–>“C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe”
–>“C:\Program Files\HP Games\Polar Golfer\Uninstall.exe”
–>“C:\Program Files\HP Games\Puzzle Express\Uninstall.exe”
–>“C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe”
–>“C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe”
–>“C:\Program Files\HP Games\Sudoku Quest\Uninstall.exe”
–>“C:\Program Files\HP Games\Super Granny\Uninstall.exe”
–>“C:\Program Files\HP Games\Tradewinds\Uninstall.exe”
–>“C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe”
–>“C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe”
2007 Microsoft Office Suite Service Pack 2 (SP2)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
2007 Microsoft Office Suite Service Pack 2 (SP2)–>msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)–>msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)–>msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
2007 Microsoft Office Suite Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
2007 Microsoft Office Suite Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
2007 Microsoft Office Suite Service Pack 2 (SP2)–>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
2007 Microsoft Office Suite Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
2007 Microsoft Office Suite Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
2007 Microsoft Office Suite Service Pack 2 (SP2)–>msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
2007 Microsoft Office Suite Service Pack 2 (SP2)–>msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
32 Bit HP CIO Components Installer–>MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}
7-Zip 4.65–>“C:\Program Files\7-Zip\Uninstall.exe”
Adobe Flash Player 10 Plugin–>C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX–>C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.2 - Français–>MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Assistant de connexion Windows Live–>MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.3.9 (Unicode)–>“C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe”
Avira AntiVir Premium–>C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Catalyst Control Center - Branding–>MsiExec.exe /I{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}
CCleaner–>“C:\Program Files\CCleaner\uninst.exe”
CDBurnerXP–>“C:\Program Files\CDBurnerXP\unins000.exe”
Dragon NaturallySpeaking 10–>MsiExec.exe /I{E7712E53-7A7F-46EB-AA13-70D5987D30F2}
ffdshow [rev 3171] [2009-12-24]–>“C:\Program Files\ffdshow\unins000.exe”
Google Chrome–>“C:\Program Files\Google\Chrome\Application\3.0.195.38\Installer\setup.exe” --uninstall --system-level
Google Update Helper–>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth–>MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466}
Hewlett-Packard Active Check–>MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check–>MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2–>“C:\Program Files\trend micro\HijackThis.exe” /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Experience Enhancements–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C8D47273-7A1A-4614-A3D8-263632D8A5ED}\setup.exe” -l0x9 -removeonly
HP Customer Feedback–>MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Customer Participation Program 12.0–>C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Easy Setup - Frontend–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}\setup.exe” -l0x9 -removeonly
HP Imaging Device Functions 12.0–>C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP On-Screen Cap/Num/Scroll Lock Indicator–>C:\Windows\system32\OsdRemove.exe
HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4–>C:\Program Files\HP\Digital Imaging{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}\setup\hpzscr01.exe -datfile hposcr30.dat -onestop -forcereboot
HP Photosmart Essential 3.5–>C:\Program Files\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In–>MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Smart Web Printing–>C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 12.0–>C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update–>MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
Installation Windows Live–>C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live–>MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Java™ 6 Update 17–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java™ SE Runtime Environment 6 Update 1–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JDownloader–>C:\Program Files\JDownloader\uninstall.exe
LightScribe System Software–>MsiExec.exe /X{7F10292C-A190-4176-A665-A1ED3478DF86}
Logiciel d’archivage WinRAR–>C:\Program Files\WinRAR\uninstall.exe
Malwarebytes’ Anti-Malware–>“C:\Program Files\Malwarebytes’ Anti-Malware\unins000.exe”
Microsoft .NET Framework 3.5 Language Pack SP1 - fra–>MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1–>c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1–>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard–>MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Access MUI (French) 2007–>MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007–>MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007–>MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007–>MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007–>MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)–>MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007–>“C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe” /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007–>MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007–>MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007–>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007–>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007–>MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007–>MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007–>MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007–>MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007–>MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight–>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053–>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148–>MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17–>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)–>msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra–>c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.6)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT–>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)–>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
My HP Games–>“C:\Program Files\HP Games\Uninstall.exe”
NVIDIA Drivers–>C:\Windows\system32\nvuninst.exe UninstallGUI
Outil de téléchargement Windows Live–>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Outils de diagnostic du matériel–>C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Picasa 3–>“C:\Program Files\Google\Picasa3\Uninstall.exe”
Python 2.5–>MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Realtek High Definition Audio Driver–>RtlUpd.exe -r -m -nrg2709
Security Update for 2007 Microsoft Office System (KB969559)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Shop for HP Supplies–>C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Solution de clavier multimédia amélioré–>C:\HP\KBD\Install.exe /u
TuneUp Utilities–>C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Update for 2007 Microsoft Office System (KB967642)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)–>C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb976884)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
Visual C++ Runtime for Dragon NaturallySpeaking–>MsiExec.exe /I{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}
VLC media player 1.0.3–>C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call–>MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform–>MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Messenger–>MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Player Firefox Plugin–>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AntiVir Desktop
AS: Lavasoft Ad-Watch Live!
AS: Windows Defender
AS: AntiVir Desktop
======System event log======
Computer Name: PC-de-ray
Event Code: 4385
Message: Windows Servicing a échoué lors de la modification de la mise à jour 968537-38_neutral_PACKAGE du package KB968537(Security Update) à létat Génération(Staging)
Record Number: 20248
Source Name: Microsoft-Windows-Servicing
Time Written: 20091110155334.000000-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-ray
Event Code: 4385
Message: Windows Servicing a échoué lors de la modification de la mise à jour 968537-37_neutral_PACKAGE du package KB968537(Security Update) à létat Génération(Staging)
Record Number: 20247
Source Name: Microsoft-Windows-Servicing
Time Written: 20091110155334.000000-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-ray
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB968537(Security Update) nest pas applicable à ce système.
Record Number: 20222
Source Name: Microsoft-Windows-Servicing
Time Written: 20091110155331.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-ray
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB968537(Security Update) nest pas applicable à ce système.
Record Number: 20221
Source Name: Microsoft-Windows-Servicing
Time Written: 20091110155331.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-ray
Event Code: 4374
Message: Windows Servicing a déterminé que ce package KB968537(Security Update) nest pas applicable à ce système.
Record Number: 20220
Source Name: Microsoft-Windows-Servicing
Time Written: 20091110155331.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
=====Application event log=====
Computer Name: PC-de-ray
Event Code: 11328
Message: Produit : TuneUp Utilities 2009 – Erreur 1328. Erreur lors de lapplication du programme correctif au fichier C:\Config.Msi\PT672B.tmp. Il a sans doute été mis à jour de manière différente et ne peut plus être modifié par ce programme correctif. Pour obtenir des informations complémentaires, contactez le revendeur de votre programme correctif. Erreur système : -1072807676
Record Number: 23545
Source Name: MsiInstaller
Time Written: 20091112141227.000000-000
Event Type: Erreur
User: PC-de-ray\ray
Computer Name: PC-de-ray
Event Code: 11328
Message: Produit : TuneUp Utilities 2009 – Erreur 1328. Erreur lors de lapplication du programme correctif au fichier C:\Config.Msi\PT672B.tmp. Il a sans doute été mis à jour de manière différente et ne peut plus être modifié par ce programme correctif. Pour obtenir des informations complémentaires, contactez le revendeur de votre programme correctif. Erreur système : -1072807676
Record Number: 23544
Source Name: MsiInstaller
Time Written: 20091112141227.000000-000
Event Type: Erreur
User: PC-de-ray\ray
Computer Name: PC-de-ray
Event Code: 11328
Message: Produit : TuneUp Utilities 2009 – Erreur 1328. Erreur lors de lapplication du programme correctif au fichier C:\Config.Msi\PT672B.tmp. Il a sans doute été mis à jour de manière différente et ne peut plus être modifié par ce programme correctif. Pour obtenir des informations complémentaires, contactez le revendeur de votre programme correctif. Erreur système : -1072807676
Record Number: 23543
Source Name: MsiInstaller
Time Written: 20091112141227.000000-000
Event Type: Erreur
User: PC-de-ray\ray
Computer Name: PC-de-ray
Event Code: 11328
Message: Produit : TuneUp Utilities 2009 – Erreur 1328. Erreur lors de lapplication du programme correctif au fichier C:\Config.Msi\PT672B.tmp. Il a sans doute été mis à jour de manière différente et ne peut plus être modifié par ce programme correctif. Pour obtenir des informations complémentaires, contactez le revendeur de votre programme correctif. Erreur système : -1072807676
Record Number: 23542
Source Name: MsiInstaller
Time Written: 20091112141227.000000-000
Event Type: Erreur
User: PC-de-ray\ray
Computer Name: PC-de-ray
Event Code: 11328
Message: Produit : TuneUp Utilities 2009 – Erreur 1328. Erreur lors de lapplication du programme correctif au fichier C:\Config.Msi\PT672B.tmp. Il a sans doute été mis à jour de manière différente et ne peut plus être modifié par ce programme correctif. Pour obtenir des informations complémentaires, contactez le revendeur de votre programme correctif. Erreur système : -1072807676
Record Number: 23541
Source Name: MsiInstaller
Time Written: 20091112141227.000000-000
Event Type: Erreur
User: PC-de-ray\ray
=====Security event log=====
Computer Name: LH-A20W9X6ES1KS
Event Code: 4647
Message: Fermeture de session initiée par lutilisateur :
Sujet :
ID de sécurité : S-1-5-21-1433072191-408657454-1380044806-500
Nom du compte : Administrator
Domaine du compte : LH-A20W9X6ES1KS
ID douverture de session : 0x32aab
Cet événement est généré lorsquune fermeture de session est initiée, mais que le nombre de références du jeton nétant pas zéro, la session ouverte ne peut pas être supprimée. Aucune autre activité initiée par lutilisateur ne peut se produire. Cet événement peut être interprété comme un événement de fermeture de session.
Record Number: 255
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080415031731.022000-000
Event Type: Succès de l’audit
User:
Computer Name: LH-A20W9X6ES1KS
Event Code: 4634
Message: Fermeture de session dun compte.
Sujet :
ID de sécurité : S-1-5-7
Nom du compte : ANONYMOUS LOGON
Domaine du compte : AUTORITE NT
ID du compte : 0x24487
Type douverture de session : 3
Cet événement est généré lorsquune session ouverte est supprimée. Il peut être associé à un événement douverture de session en utilisant la valeur ID douverture de session. Les ID douverture de session ne sont uniques quentre les redémarrages sur un même ordinateur.
Record Number: 254
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080415031728.931600-000
Event Type: Succès de l’audit
User:
Computer Name: LH-A20W9X6ES1KS
Event Code: 4616
Message: Lheure du système a été modifiée.
Sujet :
ID de sécurité : S-1-5-19
Nom du compte : SERVICE LOCAL
Domaine du compte : AUTORITE NT
ID douverture de session : 0x3e5
Informations sur le processus :
ID du processus : 0x468
Nom : C:\Windows\System32\svchost.exe
Heure précédente : 05:17:28 15/04/2008
Nouvelle heure : 05:17:28 15/04/2008
Cet événement est généré lorsque lheure du système est modifiée. Le changement régulier de lheure du système est une opération normale de la part du service de temps Windows qui sexécute avec des privilèges système. Mais, dautres modifications de lheure du système peuvent indiquer des tentatives de falsification de lordinateur.
Record Number: 253
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080415031728.619600-000
Event Type: Succès de l’audit
User:
Computer Name: LH-A20W9X6ES1KS
Event Code: 1100
Message: Le service denregistrement des événements a été arrêté.
Record Number: 252
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080415031728.838000-000
Event Type: Succès de l’audit
User:
Computer Name: LH-A20W9X6ES1KS
Event Code: 1102
Message: Le journal daudit a été effacé.
Objet :
ID de sécurité : S-1-5-21-1433072191-408657454-1380044806-500
Nom de compte : Administrator
Nom de domaine : LH-A20W9X6ES1KS
ID de connexion : 0x32aab
Record Number: 251
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080415031707.285942-000
Event Type: Succès de l’audit
User:
======Environment variables======
“ComSpec”=%SystemRoot%\system32\cmd.exe
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“Path”=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
“PROCESSOR_ARCHITECTURE”=x86
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“USERNAME”=SYSTEM
“windir”=%SystemRoot%
“PROCESSOR_LEVEL”=16
“PROCESSOR_IDENTIFIER”=x86 Family 16 Model 2 Stepping 2, AuthenticAMD
“PROCESSOR_REVISION”=0202
“NUMBER_OF_PROCESSORS”=3
“PLATFORM”=HPD
“PCBRAND”=Pavilion
“OnlineServices”=Online Services
-----------------EOF-----------------
pour c/windows:
* DLLCompare Log version()
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________
O^E says: “There were no files found :)”
6 items found: 6 files, 0 directories.
Total of file sizes: 1 009 696 bytes 986,03 K
Administrator Account = True
--------------------End log---------------------
et pour c windows/system32
- DLLCompare Log version()
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
O^E says: “There were no files found :)”
1 489 items found: 1 489 files, 0 directories.
Total of file sizes: 448 898 538 bytes 428,10 M
Administrator Account = True
--------------------End log---------------------