Keylogger ou pas?

Logiciel & apps Logiciel Général
1

Bonjour/bonsoir à tous, je souhaiterai sollicité votre aide,j’ai téléchargé un logiciel de conversion de format de vidéo il y a une heure de ça et en l’installant,rien ne s’est passé et je n’ai remarqué qu’après la faible taille de l’exécutable (~700ko) c’est pourquoi je redoute grandement la présence d’un KeyLogger sur mon PC.
En recherchant un peu sur internet, j’ai compris qu’il fallait faire un scan avec HiJackThis et le soumettre ici afin que quelqu’un de plus “calé” que moi m’éclaire de ses lumières.Le voilà ce rapport: (J’ai un petit presentiment sur la ligne en gras/italique/souligné.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:10, on 06/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spupdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ask.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.tropal.net…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

Ps:Si je dois formater, j’ai deux partitions,je format les deux n’est-ce pas?

Je me tiens prêt à formater,merci d’avance pour votre aide.
Amicalement,Kelnis.
Edité le 06/08/2009 à 22:14

2

Salut Kelnis

fais ceci et dans l ordre

  1. télécharges --> Malwarebytes (mbam)

==>Malwarebytes (mbam)

installes + mise a jour
et
Redémarre en “Mode sans échec”

tapote sur la touche F8 jusqu’à l’affichage du menu des options avancées de Windows, et sélectionne “Mode sans échec”.
Choisis ta session habituelle

Lances–> Malwarebytes (MBAM)
==> Puis vas dans l’onglet “Recherche”, coche “Exécuter un examen complet” puis “Rechercher”
==> Sélectionnes tes disques durs" puis clique sur “Lancer l’examen”
==> A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
==> Suppression des éléments détectés --> cliques sur Supprimer la sélection==>Important à faire
=> S’il t’ es demandé de redémarrer, clique sur "oui "

aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici

  1. Désactive ton Antivirus => Avast dans ton cas

Télécharge Toolbar-S&D (de la Team IDN)[b] sur ton Bureau.

==>Toolbar-S&D

voir si changement==>http://www.commentcamarche.net/faq/sujet-9685-supprimer-les-barres-d-outils-toolbars-indesirables

==>Double clique l’icône ToolBar S&D sur le bureau
==>Sous Vista, faire un clic droit et “Exécuter en tant qu’administrateur” (Elévation des privilèges), puis -> Continuer.
==>Choisi F pour français et valide
==>Au menu principal de ToolBar S&D choisi [/b]l’option 1 (Recherche)[b]
==>Le menu Démarrer et les icônes vont disparaîtrent, c’est normal
==>La recherche s’effectue, cela peut prendre plusieurs minutes, ne touche à rien.
==>Une fois l’analyse terminée, le rapport de recherche s’ouvre dans le Bloc-Note. (Dans le cas où le rapport ne s’ouvre pas, ce dernier se trouve sur C:\TB.txt)

Copier/coller le rapport

[/b]Réactive ton Antivirus et antispyware[b]

télécharge [/b]GenProc [b]

==>GenProc

double-clique sur GenProc.exe et poste le contenu du rapport qui s’ouvre

réponds oui quand cette fenêtre s ouvre

=>http://i31.tinypic.com/116l4ll.png

  1. Télécharge [/b]Random’s System Information Tool (RSIT)[b] par random/random et sauvegarde-le sur ton Bureau.

==>Random’s System Information Tool (RSIT)

==> Double-clique sur RSIT.exe afin de lancer RSIT.
==> Clique sur Continue à l’écran Disclaimer.
==> Si l’outil HijackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur, RSIT le téléchargera et tu devras accepter la licence.
==>Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront.

==> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

3

Je fais ça de suite, je poste le rapport dès que tout est fait.Merci d’avance.

4

Voici le 1er rapport.

Malwarebytes’ Anti-Malware 1.40
Version de la base de données: 2572
Windows 5.1.2600 Service Pack 3 (Safe Mode)

06/08/2009 23:38:27
mbam-log-2009-08-06 (23-38-27).txt

Type de recherche: Examen complet (C:|D:|)
Eléments examinés: 129600
Temps écoulé: 10 minute(s), 36 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Le second (désolé de ne pas éditer :s)

-----------\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2130 @ 1.86GHz )
BIOS : Ver 1.00PARTTBL
USER : adrien ( Administrator )
BOOT : Fail-safe with network boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090806-0] 4.8.1335 (Activated)
C:\ (Local Disk) - NTFS - Total:48 Go (Free:38 Go)
D:\ (Local Disk) - NTFS - Total:100 Go (Free:11 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)

“C:\ToolBar SD” ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 06/08/2009|23:42 )

-----------\ Recherche de Fichiers / Dossiers …

[Service] ASKUpgrade
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\AskSplash.exe
C:\Program Files\AskBarDis\bar\bin\AskTBApp.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
C:\DOCUME~1\adrien\LOCALS~1\Temp\nsf528.tmp
C:\DOCUME~1\adrien\LOCALS~1\Temp\nsh4.tmp
C:\DOCUME~1\adrien\LOCALS~1\Temp\nsk7C.tmp
C:\DOCUME~1\adrien\LOCALS~1\Temp\nsnC.tmp
C:\DOCUME~1\adrien\LOCALS~1\Temp\nst8.tmp

-----------\ Extensions

(adrien) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload
(adrien) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://www.ask.com/?o=13928&l=dis
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
“Default_Search_URL”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
“Start Page”=“http://www.tropal.net/

--------------------\ Recherche d’autres infections

Aucune autre infection trouvée !

1 - “C:\ToolBar SD\TB_1.txt” - 06/08/2009|23:43 - Option : [1]

-----------\ Fin du rapport a 23:43:07,12

Le 3ème (il y a surement des choses inutiles mais je préfère tout mettre)

Rapport GenProc 2.611 [1] - 06/08/2009 à 23:47:20
@ Windows XP Service Pack 3 - Mode sans echec
@ Mozilla Firefox (3.0.13) [Navigateur par défaut]

Etape 1/ Télécharge :

  • CCleaner www.ccleaner.com… (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur “Options”, “Avancé” et décoche la case “Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”. Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

  • Toolbar-S&D eric.71.mespages.googlepages.com… (Team IDN) sur ton Bureau.

Redémarre en mode sans échec comme indiqué ici www.pcloisirs.eu… ; Choisis ta session courante *** adrien *** (pour retrouver le rapport, clique sur le raccourci “Rapport GenProc[1]” sur ton bureau).

Etape 2/

Lance Toolbar-S&D situé sur le Bureau. Tape sur “2” puis valide en appuyant sur “Entrée”. Ne ferme pas la fenêtre lors de la suppression.

Etape 3/

Lance CCleaner : “Nettoyeur”/“lancer le nettoyage” et c’est tout.

Etape 4/

Redémarre normalement et poste, dans la même réponse :

  • Le contenu du rapport TB.txt situé dans C:\ ;
  • Un nouveau rapport HijackThis tinyurl.com… ;
  • Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n’as pas pu faire…) ainsi que l’évolution de la situation.

~~ Arguments de la procédure ~~

Détections [1] GenProc 2.611 06/08/2009 à 23:47:40

Toolbar:le 06/08/2009 à 23:47:48 “C:\Program Files\AskBarDis”

Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

~~ Fin à 23:47:59 ~~

5

Voici le rapport Log:

Logfile of random’s system information tool 1.06 (written by random/random)
Run by adrien at 2009-08-06 23:51:19
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 40 GB (80%) free of 50 GB
Total RAM: 1014 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:22, on 06/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\sndrec32.exe
C:\Documents and Settings\adrien\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\adrien.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ask.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.tropal.net…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\RunOnce: [Malwarebytes’ Anti-Malware] C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU…\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe


End of file - 4408 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
Megaupload Toolbar - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [2008-08-04 1947080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [2008-08-04 1947080]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“QlbCtrl”=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-12-06 202032]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-12 827392]
“IgfxTray”=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
“HotKeysCmds”=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
“Persistence”=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
“avast!”=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“Malwarebytes’ Anti-Malware”=C:\Program Files\Malwarebytes’ Anti-Malware\mbamgui.exe [2009-08-03 419088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“uTorrent”=C:\Program Files\uTorrent\uTorrent.exe [2009-07-15 288048]
“msnmsgr”=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
“Skype”=C:\Program Files\Skype\Phone\Skype.exe [2009-06-26 25604904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2009-07-15 288048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”=“C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger”
“C:\Program Files\uTorrent\uTorrent.exe”=“C:\Program Files\uTorrent\uTorrent.exe::Enabled:µTorrent"
“C:\Program Files\Skype\Phone\Skype.exe”="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”=“C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger”

======List of files/folders created in the last 1 months======

2009-08-06 23:51:19 ----D---- C:\rsit
2009-08-06 23:47:20 ----D---- C:\Genproc
2009-08-06 23:42:39 ----A---- C:\TB.txt
2009-08-06 23:42:08 ----D---- C:\ToolBar SD
2009-08-06 23:26:54 ----D---- C:\WINDOWS\CSC
2009-08-06 23:26:49 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-06 23:22:21 ----D---- C:\Documents and Settings\adrien\Application Data\Malwarebytes
2009-08-06 23:22:15 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2009-08-06 23:22:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-06 22:08:39 ----D---- C:\Documents and Settings\adrien\Application Data\Media Player Classic
2009-08-06 22:07:13 ----D---- C:\Program Files\Combined Community Codec Pack
2009-08-06 21:44:52 ----D---- C:\Program Files\Trend Micro
2009-08-06 21:39:08 ----D---- C:\Program Files\Flyos
2009-08-06 21:37:10 ----D---- C:\Documents and Settings\adrien\Application Data\Broad Intelligence
2009-08-06 21:26:29 ----D---- C:\Program Files\MediaCoder PSP Edition
2009-08-06 21:22:47 ----D---- C:\Documents and Settings\adrien\Application Data\vlc
2009-08-06 21:06:26 ----HD---- C:\WINDOWS\PIF
2009-08-06 20:53:34 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-08-06 20:53:30 ----HDC---- C:\WINDOWS$NtUninstallMSCompPackV1$
2009-08-06 20:53:13 ----D---- C:\Program Files\Windows Media Connect 2
2009-08-06 20:51:59 ----D---- C:\WINDOWS\system32\LogFiles
2009-08-06 20:51:51 ----HDC---- C:\WINDOWS$NtUninstallWudf01000$
2009-08-06 20:51:08 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-07-26 13:21:43 ----A---- C:\WINDOWS\DIIUnin.exe
2009-07-26 13:19:47 ----D---- C:\Program Files\Diablo II
2009-07-22 17:37:52 ----D---- C:\Diablo II Français
2009-07-21 02:25:38 ----A---- C:\WINDOWS\MegaManager.INI
2009-07-18 11:42:56 ----D---- C:\Documents and Settings\adrien\Application Data\skypePM
2009-07-18 11:34:18 ----D---- C:\Documents and Settings\adrien\Application Data\Skype
2009-07-18 11:34:02 ----D---- C:\Program Files\Fichiers communs\Skype
2009-07-18 11:34:00 ----RD---- C:\Program Files\Skype
2009-07-18 11:33:53 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-07-16 13:46:01 ----D---- C:\Program Files\DofusBeta
2009-07-16 10:27:31 ----D---- C:\WINDOWS\pss
2009-07-15 16:27:44 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2009-07-15 16:27:44 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2009-07-15 16:27:44 ----AT---- C:\WINDOWS\system32\SIntf16.dll
2009-07-15 15:58:10 ----D---- C:\Documents and Settings\adrien\Application Data\DAEMON Tools Pro
2009-07-15 15:58:10 ----D---- C:\Documents and Settings\adrien\Application Data\DAEMON Tools
2009-07-15 15:56:45 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-07-15 15:56:40 ----D---- C:\Program Files\DAEMON Tools Lite
2009-07-15 15:53:42 ----D---- C:\Documents and Settings\adrien\Application Data\DAEMON Tools Lite
2009-07-15 15:39:03 ----SH---- C:\WINDOWS\S223849B3.tmp
2009-07-15 15:38:56 ----D---- C:\Program Files\SlySoft
2009-07-15 13:14:15 ----D---- C:\Program Files\AskSearch
2009-07-15 13:14:14 ----D---- C:\Program Files\AskBarDis
2009-07-15 13:14:10 ----D---- C:\Program Files\uTorrent
2009-07-15 13:13:15 ----D---- C:\Documents and Settings\adrien\Application Data\uTorrent
2009-07-15 12:37:12 ----D---- C:\Program Files\Microsoft
2009-07-15 12:36:54 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-15 12:36:29 ----D---- C:\Program Files\Windows Live
2009-07-15 12:32:31 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-07-15 11:36:11 ----D---- C:\Documents and Settings\adrien\Application Data\dvdcss
2009-07-14 15:42:54 ----D---- C:\Program Files\Foxit Software
2009-07-14 15:42:54 ----D---- C:\Documents and Settings\adrien\Application Data\Foxit
2009-07-14 01:08:40 ----D---- C:\Documents and Settings\adrien\Application Data\WinRAR
2009-07-14 01:04:18 ----D---- C:\Program Files\WinRAR
2009-07-14 00:07:21 ----D---- C:\Documents and Settings\adrien\Application Data\Megaupload
2009-07-14 00:07:07 ----D---- C:\Documents and Settings\All Users\Application Data\Megaupload
2009-07-14 00:07:07 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2009-07-14 00:07:06 ----D---- C:\Program Files\MegauploadToolbar
2009-07-14 00:07:06 ----D---- C:\Documents and Settings\adrien\Application Data\MegauploadToolbar
2009-07-14 00:07:06 ----D---- C:\Documents and Settings\adrien\Application Data\EmailNotifier
2009-07-14 00:06:51 ----D---- C:\Program Files\Megaupload
2009-07-13 16:31:38 ----D---- C:\Documents and Settings\adrien\Application Data\Adobe
2009-07-13 10:33:16 ----D---- C:\Program Files\Might and Magic VI
2009-07-13 10:33:06 ----A---- C:\WINDOWS\IsUn040c.exe
2009-07-13 00:46:47 ----A---- C:\WINDOWS\system32\h323log.txt
2009-07-13 00:44:35 ----A---- C:\WINDOWS\system32\usbui.dll
2009-07-13 00:43:12 ----A---- C:\WINDOWS\imsins.BAK
2009-07-13 00:43:08 ----SHD---- C:\WINDOWS\Installer
2009-07-13 00:43:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-13 00:43:07 ----D---- C:\Program Files\Fichiers communs\ODBC
2009-07-13 00:43:07 ----A---- C:\WINDOWS\ODBCINST.INI
2009-07-13 00:43:00 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
2009-07-13 00:42:59 ----RD---- C:\Program Files
2009-07-13 00:42:59 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-07-13 00:42:59 ----D---- C:\Program Files\Fichiers communs
2009-07-13 00:42:55 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-07-13 00:42:54 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-07-13 00:42:54 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-07-13 00:42:50 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-07-13 00:42:50 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-07-13 00:42:50 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-07-13 00:42:50 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-07-13 00:42:50 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-07-13 00:42:50 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-07-13 00:42:50 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-07-13 00:42:49 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-07-13 00:42:49 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-07-13 00:42:48 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-07-13 00:42:48 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-07-13 00:42:48 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-07-13 00:42:45 ----A---- C:\WINDOWS\system32\irclass.dll
2009-07-13 00:42:44 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-07-13 00:42:44 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-07-13 00:42:44 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-07-13 00:42:44 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-07-13 00:42:42 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-07-13 00:42:42 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-07-13 00:42:41 ----A---- C:\WINDOWS\system32\batt.dll
2009-07-13 00:42:41 ----A---- C:\WINDOWS\notepad.exe
2009-07-13 00:42:40 ----A---- C:\WINDOWS\system32\storprop.dll
2009-07-13 00:42:32 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-07-13 00:42:28 ----RA---- C:\WINDOWS\SET8.tmp
2009-07-13 00:42:26 ----RA---- C:\WINDOWS\SET4.tmp
2009-07-13 00:42:24 ----RA---- C:\WINDOWS\SET3.tmp
2009-07-13 00:42:18 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-13 00:42:18 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-13 00:42:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-13 00:41:49 ----A---- C:\WINDOWS\setuplog.txt
2009-07-13 00:41:46 ----D---- C:\Documents and Settings
2009-07-13 00:41:45 ----SHD---- C:\System Volume Information
2009-07-13 00:40:52 ----SH---- C:\boot.ini
2009-07-13 00:33:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-13 00:33:37 ----RSD---- C:\WINDOWS\Fonts
2009-07-13 00:33:37 ----RD---- C:\WINDOWS\Web
2009-07-13 00:33:37 ----HD---- C:\WINDOWS\inf
2009-07-13 00:33:37 ----D---- C:\WINDOWS\WinSxS
2009-07-13 00:33:37 ----D---- C:\WINDOWS\twain_32
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Temp
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\wins
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\wbem
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\usmt
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\spool
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\ShellExt
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\Setup
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\ras
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\oobe
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\npp
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\mui
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\inetsrv
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\IME
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\icsxml
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\ias
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\fr-fr
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\fr
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\export
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\drivers
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\dhcp
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\config
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\3com_dmi
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\3076
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\2052
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1054
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1042
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1041
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1037
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1036
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1033
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1031
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1028
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1025
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system
2009-07-13 00:33:37 ----D---- C:\WINDOWS\security
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Resources
2009-07-13 00:33:37 ----D---- C:\WINDOWS\repair
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Provisioning
2009-07-13 00:33:37 ----D---- C:\WINDOWS\PeerNet
2009-07-13 00:33:37 ----D---- C:\WINDOWS\pchealth
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Network Diagnostic
2009-07-13 00:33:37 ----D---- C:\WINDOWS\mui
2009-07-13 00:33:37 ----D---- C:\WINDOWS\msapps
2009-07-13 00:33:37 ----D---- C:\WINDOWS\msagent
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Media
2009-07-13 00:33:37 ----D---- C:\WINDOWS\L2Schemas
2009-07-13 00:33:37 ----D---- C:\WINDOWS\java
2009-07-13 00:33:37 ----D---- C:\WINDOWS\ime
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Help
2009-07-13 00:33:37 ----D---- C:\WINDOWS\ehome
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Driver Cache
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Debug
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Cursors
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Connection Wizard
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Config
2009-07-13 00:33:37 ----D---- C:\WINDOWS\AppPatch
2009-07-13 00:33:37 ----D---- C:\WINDOWS\addins
2009-07-13 00:33:37 ----D---- C:\WINDOWS
2009-07-12 23:25:16 ----D---- C:\Program Files\Dofus
2009-07-12 23:25:16 ----D---- C:\Documents and Settings\adrien\Application Data\Macromedia
2009-07-12 23:14:25 ----D---- C:\Documents and Settings\adrien\Application Data\Mozilla
2009-07-12 23:14:19 ----D---- C:\Program Files\Mozilla Firefox
2009-07-12 23:12:14 ----A---- C:\WINDOWS\BricoPackUninst.cmd
2009-07-12 23:11:09 ----A---- C:\WINDOWS\BricoPackUninst.txt
2009-07-12 23:11:09 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd
2009-07-12 23:10:53 ----D---- C:\WINDOWS\BricoPacks
2009-07-12 23:10:22 ----SHD---- C:\RECYCLER
2009-07-12 23:10:11 ----D---- C:\Program Files\VideoLAN
2009-07-12 23:09:40 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2009-07-12 23:09:40 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2009-07-12 23:09:40 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-07-12 23:09:40 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-07-12 23:09:39 ----D---- C:\Program Files\Alwil Software
2009-07-12 23:08:34 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-07-12 23:06:50 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-07-12 23:05:56 ----D---- C:\Program Files\Broadcom
2009-07-12 23:05:56 ----A---- C:\WINDOWS\system32\bcmwlcoi.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igxprd32.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\iglicd32.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igldev32.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxtray.exe
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxress.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxpph.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxpers.exe
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxext.exe
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxexps.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxdo.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxdev.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxCoIn_v4764.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\hkcmd.exe
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\hccutils.dll
2009-07-12 23:05:05 ----D---- C:\WINDOWS\system32\Lang
2009-07-12 23:05:05 ----A---- C:\WINDOWS\system32\igxpun.exe
2009-07-12 23:05:05 ----A---- C:\WINDOWS\system32\difxapi.dll
2009-07-12 23:04:24 ----A---- C:\WINDOWS\system32\SynTPCo4.dll
2009-07-12 23:04:24 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2009-07-12 23:04:24 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2009-07-12 23:04:24 ----A---- C:\WINDOWS\system32\SynCOM.dll
2009-07-12 23:04:23 ----D---- C:\Program Files\Synaptics
2009-07-12 23:02:58 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-07-12 23:02:56 ----HDC---- C:\WINDOWS$NtUninstallWdf01005$
2009-07-12 23:02:39 ----A---- C:\WINDOWS\system32\wdfcoinstaller01005.dll
2009-07-12 23:02:39 ----A---- C:\WINDOWS\system32\BttnCmns_64.dll
2009-07-12 23:02:39 ----A---- C:\WINDOWS\system32\BttnCmns.dll
2009-07-12 23:02:39 ----A---- C:\WINDOWS\system32\BttnCmn.dll
2009-07-12 23:01:52 ----D---- C:\Program Files\Hewlett-Packard
2009-07-12 23:01:48 ----D---- C:\Program Files\Fichiers communs\InstallShield
2009-07-12 23:00:22 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-12 23:00:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-12 23:00:21 ----D---- C:\Program Files\Intel
2009-07-12 23:00:21 ----A---- C:\WINDOWS\system32\CSVer.dll
2009-07-12 23:00:12 ----D---- C:\Intel
2009-07-12 23:00:04 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-12 23:00:01 ----D---- C:\Program Files\NetWaiting
2009-07-12 23:00:00 ----D---- C:\Documents and Settings\adrien\Application Data\InstallShield
2009-07-12 22:59:57 ----D---- C:\Program Files\CONEXANT
2009-07-12 22:59:34 ----D---- C:\swsetup
2009-07-12 22:58:52 ----D---- C:\Documents and Settings\adrien\Application Data\Identities
2009-07-12 22:58:51 ----HD---- C:\Program Files\Uninstall Information
2009-07-12 22:58:45 ----SD---- C:\Documents and Settings\adrien\Application Data\Microsoft
2009-07-12 22:58:45 ----ASH---- C:\Documents and Settings\adrien\Application Data\desktop.ini
2009-07-12 22:57:44 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-12 22:57:42 ----SD---- C:\WINDOWS\system32\Microsoft
2009-07-12 22:57:42 ----D---- C:\WINDOWS\Prefetch
2009-07-12 22:57:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-12 22:54:13 ----D---- C:\WINDOWS\system32\xircom
2009-07-12 22:54:13 ----D---- C:\Program Files\xerox
2009-07-12 22:54:13 ----D---- C:\Program Files\microsoft frontpage
2009-07-12 22:53:59 ----D---- C:\DELL
2009-07-12 22:53:47 ----A---- C:\WINDOWS\control.ini
2009-07-12 22:53:47 ----A---- C:\AUTOEXEC.BAT
2009-07-12 22:53:37 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-12 22:53:33 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-07-12 22:52:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-12 22:52:40 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-12 22:52:40 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-07-12 22:52:33 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-07-12 22:52:29 ----HD---- C:\Program Files\WindowsUpdate
2009-07-12 22:52:25 ----D---- C:\Program Files\Services en ligne
2009-07-12 22:52:09 ----D---- C:\WINDOWS\system32\DirectX
2009-07-12 22:52:03 ----A---- C:\WINDOWS\system32\atrace.dll
2009-07-12 22:52:00 ----A---- C:\WINDOWS\system32\desktop.ini
2009-07-12 22:52:00 ----A---- C:\WINDOWS\desktop.ini
2009-07-12 22:51:53 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-07-12 22:51:52 ----D---- C:\Program Files\Fichiers communs\Services
2009-07-12 22:51:52 ----A---- C:\WINDOWS\system32\acctres.dll
2009-07-12 22:51:49 ----SD---- C:\WINDOWS\Tasks
2009-07-12 22:51:49 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-07-12 22:51:48 ----D---- C:\Program Files\Fichiers communs\MSSoap
2009-07-12 22:51:44 ----D---- C:\WINDOWS\srchasst
2009-07-12 22:51:43 ----D---- C:\WINDOWS\system32\Macromed
2009-07-12 22:51:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-07-12 22:51:40 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-07-12 22:51:40 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-07-12 22:51:40 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\wups.dll
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-07-12 22:51:38 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-07-12 22:51:38 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-07-12 22:51:34 ----D---- C:\Program Files\Movie Maker
2009-07-12 22:51:16 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-07-12 22:51:16 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-07-12 22:51:16 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-07-12 22:51:16 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-07-12 22:51:12 ----D---- C:\WINDOWS\system32\Restore
2009-07-12 22:51:12 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-07-12 22:51:12 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-07-12 22:51:12 ----A---- C:\WINDOWS\system32\srclient.dll
2009-07-12 22:51:12 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-07-12 22:51:12 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-07-12 22:51:11 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-07-12 22:51:11 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-07-12 22:51:11 ----A---- C:\WINDOWS\system32\ils.dll
2009-07-12 22:51:10 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-07-12 22:51:10 ----A---- C:\WINDOWS\system32\msconf.dll
2009-07-12 22:51:10 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-07-12 22:51:07 ----D---- C:\Program Files\NetMeeting
2009-07-12 22:51:07 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-07-12 22:51:07 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-07-12 22:51:06 ----A---- C:\WINDOWS\system32\inetres.dll
2009-07-12 22:51:06 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-07-12 22:51:04 ----D---- C:\Program Files\Outlook Express
2009-07-12 22:51:04 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-07-12 22:51:04 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-07-12 22:51:04 ----A---- C:\WINDOWS\system32\mstask.dll
2009-07-12 22:51:03 ----A---- C:\WINDOWS\system32\isign32.dll
2009-07-12 22:51:03 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-07-12 22:51:03 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-07-12 22:51:03 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-07-12 22:50:57 ----D---- C:\Program Files\Fichiers communs\System
2009-07-12 22:50:52 ----D---- C:\Program Files\Internet Explorer
2009-07-12 22:50:12 ----D---- C:\Program Files\ComPlus Applications
2009-07-12 22:50:10 ----A---- C:\WINDOWS\vbaddin.ini
2009-07-12 22:50:10 ----A---- C:\WINDOWS\vb.ini
2009-07-12 22:50:05 ----D---- C:\WINDOWS\Registration
2009-07-12 22:49:57 ----D---- C:\Program Files\Windows Media Player
2009-07-12 22:49:57 ----D---- C:\Program Files\Online Services
2009-07-12 22:49:50 ----D---- C:\Program Files\Messenger
2009-07-12 22:49:46 ----D---- C:\Program Files\MSN Gaming Zone
2009-07-12 22:49:46 ----A---- C:\WINDOWS\system32\write.exe
2009-07-12 22:49:38 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-07-12 22:49:38 ----A---- C:\WINDOWS\system32\hticons.dll
2009-07-12 22:49:38 ----A---- C:\WINDOWS\system32\avwav.dll
2009-07-12 22:49:37 ----A---- C:\WINDOWS\system32\winchat.exe
2009-07-12 22:49:37 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-07-12 22:49:37 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-07-12 22:49:31 ----A---- C:\WINDOWS\system32\getuname.dll
2009-07-12 22:49:31 ----A---- C:\WINDOWS\system32\charmap.exe
2009-07-12 22:49:31 ----A---- C:\WINDOWS\system32\calc.exe
2009-07-12 22:49:30 ----A---- C:\WINDOWS\system32\winmine.exe
2009-07-12 22:49:30 ----A---- C:\WINDOWS\system32\sol.exe
2009-07-12 22:49:30 ----A---- C:\WINDOWS\system32\reset.exe
2009-07-12 22:49:30 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-07-12 22:49:30 ----A---- C:\WINDOWS\system32\freecell.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\tskill.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\tscon.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\shadow.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\regini.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\msg.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\logoff.exe
2009-07-12 22:49:28 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-07-12 22:49:28 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-07-12 22:49:23 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-07-12 22:49:10 ----D---- C:\Program Files\MSN
2009-07-12 22:49:09 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-07-12 22:49:09 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-07-12 22:49:08 ----D---- C:\Program Files\Windows NT
2009-07-12 22:49:08 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-07-12 22:49:08 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-07-12 22:49:07 ----A---- C:\WINDOWS\system32\spider.exe
2009-07-12 22:49:07 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-07-12 22:49:07 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-07-12 22:49:06 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-07-12 22:49:06 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-07-12 22:49:06 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-07-12 22:49:05 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-07-12 22:49:05 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-07-12 22:49:04 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-07-12 22:49:04 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-07-12 22:49:04 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-07-12 22:49:04 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-07-12 22:49:04 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-07-12 22:49:04 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-07-12 22:49:04 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-07-12 22:49:03 ----D---- C:\WINDOWS\system32\MsDtc
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-07-12 22:49:02 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-07-12 22:49:02 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-07-12 22:49:02 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-07-12 22:49:02 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-07-12 22:49:02 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-07-12 22:49:01 ----D---- C:\WINDOWS\system32\Com
2009-07-12 22:49:01 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-07-12 22:49:01 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-07-12 22:49:01 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-07-12 22:49:01 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-07-12 22:49:01 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-07-12 22:49:01 ----A---- C:\WINDOWS\system32\colbact.dll
2009-07-12 22:49:00 ----A---- C:\WINDOWS\system32\stclient.dll
2009-07-12 22:49:00 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-07-12 22:49:00 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-07-12 22:49:00 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-07-12 22:49:00 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-07-12 22:49:00 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-07-12 22:48:59 ----A---- C:\WINDOWS\system32\comuid.dll
2009-07-12 22:48:59 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-07-12 22:48:59 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-07-12 22:48:58 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-07-12 22:48:53 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-07-12 22:48:52 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-07-12 22:48:52 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-07-12 22:48:52 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-08-06 21:25:26 ----A---- C:\WINDOWS\win.ini
2009-08-06 21:06:37 ----A---- C:\WINDOWS\system.ini
2009-07-12 23:12:14 ----A---- C:\WINDOWS\system32\uxtheme.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-07-12 1294200]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-01-12 201856]
R3 usbehci;Pilote miniport de contrôleur d’hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
S1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
S3 ax6s0utu;ax6s0utu; C:\WINDOWS\system32\drivers\ax6s0utu.sys []
S3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
S3 CrystalSysInfo;CrystalSysInfo; ??\C:\Program Files\MediaCoder PSP Edition\SysInfo.sys []
S3 EnumHook2;Enumerate Global Windows Service 2; ??\C:\WINDOWS\system32\drivers\dHook.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-08-22 594432]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-21 988800]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-21 209664]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
S3 mbr;mbr; ??\C:\DOCUME~1\adrien\LOCALS~1\Temp\mbr.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-21 730112]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2006-10-08 23856]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-05 144688]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Et le Info:

info.txt logfile of random’s system information tool 1.06 2009-08-06 23:51:24

======Uninstall list======

–>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin–>C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Archiveur WinRAR–>C:\Program Files\WinRAR\uninstall.exe
Ask Toolbar–>“C:\Program Files\AskBarDis\unins000.exe”
Assistant de connexion Windows Live–>MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
avast! Antivirus–>C:\Program Files\Alwil Software\Avast4\aswRunDll.exe “C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll”,RunSetup
Carte réseau local sans fil 802.11 Broadcom–>“C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe” verbose /rootkey=“Software\Broadcom\802.11\UninstallInfo” /rootdir=“C:\Program Files\Broadcom\Broadcom 802.11\Driver”
Choice Guard–>MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CloneCD–>“C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe” /D=“C:\Program Files\SlySoft\CloneCD”
Combined Community Codec Pack 2008-09-21 16:18–>“C:\Program Files\Combined Community Codec Pack\unins000.exe”
Conexant HD Audio–>C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -Icpv30A5a.inf
Diablo II–>C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Dofus 1.27.0–>C:\Program Files\Dofus\uninstall.exe
DofusBeta 1.27.0–>C:\Program Files\DofusBeta\uninstall.exe
Foxit Reader–>C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
HDAUDIO Soft Data Fax Modem with SmartCP–>C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_SprtHD5m\UIU32m.exe -U -ISprtHD5m.inf
HijackThis 2.0.2–>“C:\Program Files\Trend Micro\HijackThis\HijackThis.exe” /uninstall
HP Quick Launch Buttons 6.40 B2–>C:\Program Files\InstallShield Installation Information{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x040c -removeonly uninst
Installation Windows Live–>C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live–>MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel® Graphics Media Accelerator Driver–>C:\WINDOWS\system32\igxpun.exe -uninstall
Keylogger Detector–>MsiExec.exe /I{D24F284E-5542-4B39-803C-EEA9449A179E}
Malwarebytes’ Anti-Malware–>“C:\Program Files\Malwarebytes’ Anti-Malware\unins000.exe”
MediaCoder PSP Edition–>C:\Program Files\MediaCoder PSP Edition\uninst.exe
Mega Manager–>C:\Program Files\InstallShield Installation Information{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Megaupload Toolbar–>C:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft Compression Client Pack 1.0 for Windows XP–>“C:\WINDOWS$NtUninstallMSCompPackV1$\spuninst\spuninst.exe”
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5–>“C:\WINDOWS$NtUninstallWdf01005$\spuninst\spuninst.exe”
Microsoft User-Mode Driver Framework Feature Pack 1.0–>“C:\WINDOWS$NtUninstallWudf01000$\spuninst\spuninst.exe”
Might and Magic® VI–>C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Might and Magic VI\Uninst.isu"
Mozilla Firefox (3.0.13)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT–>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NetWaiting–>C:\Program Files\InstallShield Installation Information{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly
Outil de téléchargement Windows Live–>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pack Vista Inspirat 2 1.0–>C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Segoe UI–>MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype web features–>MsiExec.exe /I{8B53527D-BBB2-43A5-91D7-9ED772FD737F}
Skype™ 4.1–>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Synaptics Pointing Device Driver–>rundll32.exe “C:\Program Files\Synaptics\SynTP\SynISDLL.dll”,standAloneUninstall
VLC media player 1.0.1–>C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call–>MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform–>MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger–>MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090806-0]

======System event log======

Computer Name: AD
Event Code: 15007
Message: La réservation de l’espace de nom identifié par le préfixe d’URL *:2869… a été correctement ajoutée.

Record Number: 5
Source Name: HTTP
Time Written: 20090712225227.000000+120
Event Type: Informations
User:

Computer Name: AD
Event Code: 3260
Message: Cet ordinateur a correctement été joint au workgroup ‘MSHOME’.

Record Number: 4
Source Name: Workstation
Time Written: 20090712224845.000000+120
Event Type: Informations
User:

Computer Name: AD
Event Code: 6011
Message: Le nom NetBIOS et le nom de l’hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers AD.

Record Number: 3
Source Name: EventLog
Time Written: 20090712224656.000000+120
Event Type: Informations
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: Le service d’Enregistrement d’événement a démarré.

Record Number: 2
Source Name: EventLog
Time Written: 20090713004153.000000+120
Event Type: Informations
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090713004153.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: AD
Event Code: 1000
Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés.
Les données d’enregistrement contiennent les nouvelles valeurs d’index
assignées à ce service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20090712225000.000000+120
Event Type: Informations
User:

Computer Name: AD
Event Code: 1000
Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés.
Les données d’enregistrement contiennent les nouvelles valeurs d’index
assignées à ce service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20090712224957.000000+120
Event Type: Informations
User:

Computer Name: AD
Event Code: 1000
Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés.
Les données d’enregistrement contiennent les nouvelles valeurs d’index
assignées à ce service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20090712224739.000000+120
Event Type: Informations
User:

Computer Name: AD
Event Code: 1000
Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés.
Les données d’enregistrement contiennent les nouvelles valeurs d’index
assignées à ce service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20090712224708.000000+120
Event Type: Informations
User:

Computer Name: AD
Event Code: 1000
Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés.
Les données d’enregistrement contiennent les nouvelles valeurs d’index
assignées à ce service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20090712224707.000000+120
Event Type: Informations
User:

======Environment variables======

“ComSpec”=%SystemRoot%\system32\cmd.exe
“Path”=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
“windir”=%SystemRoot%
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“PROCESSOR_ARCHITECTURE”=x86
“PROCESSOR_LEVEL”=6
“PROCESSOR_IDENTIFIER”=x86 Family 6 Model 14 Stepping 12, GenuineIntel
“PROCESSOR_REVISION”=0e0c
“NUMBER_OF_PROCESSORS”=2
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“SAFEBOOT_OPTION”=NETWORK

-----------------EOF-----------------

6

re

Désactive ton Antivirus avant le scan :

==> Double clique sur l’icône ToolBar S&D sur le bureau

==>Choisi F pour français et valide
==>Au menu principal de ToolBar S&D choisi l’option 2 (Suppression)
==>Le menu démarrer et les icônes vont à nouveau disparaître… c’est normal.
-==>Le nettoyage va prendre quelques minutes…
==>Une fois l’opération terminée, le rapport de nettoyage s’ouvre

Copier/coller le rapport

Réactive ton Antivirus

7

Je n’arrive pas a désactiver Avast en mode sans échec :s. Tu aurais une idée?
Je peux le faire en mode normal?
Sinon je le désinstalle.
J’ai réussi à avoir l’icône il me dit 0 service sur 0 d’active , c’est bon non?
Edité le 07/08/2009 à 01:05

8

Voilà le dernier rapport il met que l’antivirus est activé pourtant il ne l’est pas… Le mode sans échec est obligatoire?

-----------\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2130 @ 1.86GHz )
BIOS : Ver 1.00PARTTBL
USER : adrien ( Administrator )
BOOT : Fail-safe with network boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090806-1] 4.8.1335 (Activated)
C:\ (Local Disk) - NTFS - Total:48 Go (Free:38 Go)
D:\ (Local Disk) - NTFS - Total:100 Go (Free:11 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)

“C:\ToolBar SD” ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 07/08/2009| 1:06 )

-----------\ SUPPRESSION

Supprime! - [Service] ASKUpgrade
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\DOCUME~1\adrien\LOCALS~1\Temp\nsf528.tmp
Supprime! - C:\DOCUME~1\adrien\LOCALS~1\Temp\nsh4.tmp
Supprime! - C:\DOCUME~1\adrien\LOCALS~1\Temp\nsk7C.tmp
Supprime! - C:\DOCUME~1\adrien\LOCALS~1\Temp\nsnC.tmp
Supprime! - C:\DOCUME~1\adrien\LOCALS~1\Temp\nst8.tmp
Supprime! - C:\Program Files\AskBarDis

-----------\ Recherche de Fichiers / Dossiers …

-----------\ Extensions

(adrien) - {991A772A-BA13-4c1d-A9EF-F897F31DEC7D} => megaupload
(adrien) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Local Page”=“C:\WINDOWS\system32\blank.htm”
“Start Page”=“http://www.ask.com/?o=13928&l=dis
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Default_Page_URL”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
“Default_Search_URL”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
“Start Page”=“http://www.msn.com/

--------------------\ Recherche d’autres infections

Aucune autre infection trouvée !

1 - “C:\ToolBar SD\TB_1.txt” - 06/08/2009|23:43 - Option : [1]
2 - “C:\ToolBar SD\TB_2.txt” - 07/08/2009| 1:07 - Option : [2]

-----------\ Fin du rapport a 1:07:29,48
Edité le 07/08/2009 à 01:10

9

Salut

Je ne t ai pas demandé de faire Toolbar en mode sans echec et de plus en mode sans echec il n y a pas lieu de le désactiver

tu fais seulement en mode sans Echec quand je te le demande

Ok Toolbar à fait son Boulot

  1. telecharge et installes FileHippo

==>FileHippo

laisse toi guider pour les mises à jour il t indique le chemin ( Explorer,etc)
prends tout sauf les versions " béta" a moins que tu veuilles les essayer

  1. Telecharge et installes Ccleaner ==>ne l installes pas si tu l as déja

==>Ccleaner

Une fois sur le bureau, clic sur l’install de CCleaner.
-> Mais avant de cliquer sur le bouton “installer”, décoche toutes les “options supplémentaires”.(install de la barre yahoo,etc…)

–>Ensuite, clique sur “Options”, “Avancé” et décoche la case
–>“Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”.
–>Clique sur l’onglet “Nettoyeur” puis sur “Lancer le Nettoyage”.
–> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.

Accepte la sauvegarde, de la BDR (base de registre )qu’il propose .
Je te conseille de le repasser au moins deux fois,(ou + jusqu’à qu’il ne trouve plus d’erreurs.)

Redémarres ton Pc-

  1. poste un nouveau log RSIT
10

Voilà le log

Logfile of random’s system information tool 1.06 (written by random/random)
Run by adrien at 2009-08-07 11:45:07
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 40 GB (79%) free of 50 GB
Total RAM: 1014 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:11, on 07/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\adrien\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\adrien.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.daemon-search.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
O4 - HKCU…\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [FileHippo.com] “C:\Program Files\FileHippo.com\UpdateChecker.exe” /background
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe


End of file - 4724 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
Megaupload Toolbar - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [2008-08-04 1947080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [2008-08-04 1947080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“QlbCtrl”=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-12-06 202032]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-01-12 827392]
“IgfxTray”=C:\WINDOWS\system32\igfxtray.exe [2007-01-13 131072]
“HotKeysCmds”=C:\WINDOWS\system32\hkcmd.exe [2007-01-13 163840]
“Persistence”=C:\WINDOWS\system32\igfxpers.exe [2007-01-13 135168]
“avast!”=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
“CloneCDTray”=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-30 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“uTorrent”=C:\Program Files\uTorrent\uTorrent.exe [2009-07-15 288048]
“msnmsgr”=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
“Skype”=C:\Program Files\Skype\Phone\Skype.exe [2009-06-26 25604904]
FileHippo.com”=C:\Program Files\FileHippo.com\UpdateChecker.exe [2009-07-27 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-30 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2009-07-15 288048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-01-13 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”=“C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger”
“C:\Program Files\uTorrent\uTorrent.exe”=“C:\Program Files\uTorrent\uTorrent.exe::Enabled:µTorrent"
“C:\Program Files\Skype\Phone\Skype.exe”="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”=“C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger”

======List of files/folders created in the last 1 months======

2009-08-07 11:42:21 ----D---- C:\Program Files\DAEMON Tools Lite
2009-08-07 11:28:48 ----D---- C:\Program Files\CCleaner
2009-08-07 11:25:59 ----D---- C:\Program Files\FileHippo.com
2009-08-07 11:24:20 ----RSD---- C:\WINDOWS\assembly
2009-08-07 11:23:51 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-06 23:51:19 ----D---- C:\rsit
2009-08-06 23:47:20 ----D---- C:\Genproc
2009-08-06 23:42:39 ----A---- C:\TB.txt
2009-08-06 23:42:08 ----D---- C:\ToolBar SD
2009-08-06 23:26:54 ----SHD---- C:\WINDOWS\CSC
2009-08-06 23:22:21 ----D---- C:\Documents and Settings\adrien\Application Data\Malwarebytes
2009-08-06 23:22:15 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2009-08-06 23:22:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-06 22:08:39 ----D---- C:\Documents and Settings\adrien\Application Data\Media Player Classic
2009-08-06 22:07:13 ----D---- C:\Program Files\Combined Community Codec Pack
2009-08-06 21:44:52 ----D---- C:\Program Files\Trend Micro
2009-08-06 21:39:08 ----D---- C:\Program Files\Flyos
2009-08-06 21:37:10 ----D---- C:\Documents and Settings\adrien\Application Data\Broad Intelligence
2009-08-06 21:26:29 ----D---- C:\Program Files\MediaCoder PSP Edition
2009-08-06 21:22:47 ----D---- C:\Documents and Settings\adrien\Application Data\vlc
2009-08-06 21:06:26 ----HD---- C:\WINDOWS\PIF
2009-08-06 20:53:34 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-08-06 20:53:30 ----HDC---- C:\WINDOWS$NtUninstallMSCompPackV1$
2009-08-06 20:53:13 ----D---- C:\Program Files\Windows Media Connect 2
2009-08-06 20:51:59 ----D---- C:\WINDOWS\system32\LogFiles
2009-08-06 20:51:51 ----HDC---- C:\WINDOWS$NtUninstallWudf01000$
2009-08-06 20:51:08 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-07-26 13:21:43 ----A---- C:\WINDOWS\DIIUnin.exe
2009-07-26 13:19:47 ----D---- C:\Program Files\Diablo II
2009-07-22 17:37:52 ----D---- C:\Diablo II Français
2009-07-21 02:25:38 ----A---- C:\WINDOWS\MegaManager.INI
2009-07-18 11:42:56 ----D---- C:\Documents and Settings\adrien\Application Data\skypePM
2009-07-18 11:34:18 ----D---- C:\Documents and Settings\adrien\Application Data\Skype
2009-07-18 11:34:02 ----D---- C:\Program Files\Fichiers communs\Skype
2009-07-18 11:34:00 ----RD---- C:\Program Files\Skype
2009-07-18 11:33:53 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-07-16 13:46:01 ----D---- C:\Program Files\DofusBeta
2009-07-16 10:27:31 ----D---- C:\WINDOWS\pss
2009-07-15 16:27:44 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2009-07-15 16:27:44 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2009-07-15 16:27:44 ----AT---- C:\WINDOWS\system32\SIntf16.dll
2009-07-15 15:58:10 ----D---- C:\Documents and Settings\adrien\Application Data\DAEMON Tools Pro
2009-07-15 15:58:10 ----D---- C:\Documents and Settings\adrien\Application Data\DAEMON Tools
2009-07-15 15:56:45 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-07-15 15:53:42 ----D---- C:\Documents and Settings\adrien\Application Data\DAEMON Tools Lite
2009-07-15 15:39:03 ----SH---- C:\WINDOWS\S223849B3.tmp
2009-07-15 15:38:56 ----D---- C:\Program Files\SlySoft
2009-07-15 13:14:15 ----D---- C:\Program Files\AskSearch
2009-07-15 13:14:10 ----D---- C:\Program Files\uTorrent
2009-07-15 13:13:15 ----D---- C:\Documents and Settings\adrien\Application Data\uTorrent
2009-07-15 12:37:12 ----D---- C:\Program Files\Microsoft
2009-07-15 12:36:54 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-15 12:36:29 ----D---- C:\Program Files\Windows Live
2009-07-15 12:32:31 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-07-15 11:36:11 ----D---- C:\Documents and Settings\adrien\Application Data\dvdcss
2009-07-14 15:42:54 ----D---- C:\Program Files\Foxit Software
2009-07-14 15:42:54 ----D---- C:\Documents and Settings\adrien\Application Data\Foxit
2009-07-14 01:08:40 ----D---- C:\Documents and Settings\adrien\Application Data\WinRAR
2009-07-14 01:04:18 ----D---- C:\Program Files\WinRAR
2009-07-14 00:07:21 ----D---- C:\Documents and Settings\adrien\Application Data\Megaupload
2009-07-14 00:07:07 ----D---- C:\Documents and Settings\All Users\Application Data\Megaupload
2009-07-14 00:07:07 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2009-07-14 00:07:06 ----D---- C:\Program Files\MegauploadToolbar
2009-07-14 00:07:06 ----D---- C:\Documents and Settings\adrien\Application Data\MegauploadToolbar
2009-07-14 00:07:06 ----D---- C:\Documents and Settings\adrien\Application Data\EmailNotifier
2009-07-14 00:06:51 ----D---- C:\Program Files\Megaupload
2009-07-13 16:31:38 ----D---- C:\Documents and Settings\adrien\Application Data\Adobe
2009-07-13 10:33:16 ----D---- C:\Program Files\Might and Magic VI
2009-07-13 10:33:06 ----A---- C:\WINDOWS\IsUn040c.exe
2009-07-13 00:46:47 ----A---- C:\WINDOWS\system32\h323log.txt
2009-07-13 00:44:35 ----A---- C:\WINDOWS\system32\usbui.dll
2009-07-13 00:43:08 ----SHD---- C:\WINDOWS\Installer
2009-07-13 00:43:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-13 00:43:07 ----D---- C:\Program Files\Fichiers communs\ODBC
2009-07-13 00:43:07 ----A---- C:\WINDOWS\ODBCINST.INI
2009-07-13 00:43:00 ----D---- C:\Program Files\Fichiers communs\SpeechEngines
2009-07-13 00:42:59 ----RD---- C:\Program Files
2009-07-13 00:42:59 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-07-13 00:42:59 ----D---- C:\Program Files\Fichiers communs
2009-07-13 00:42:55 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-07-13 00:42:54 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-07-13 00:42:54 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-07-13 00:42:52 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-07-13 00:42:50 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-07-13 00:42:50 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-07-13 00:42:50 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-07-13 00:42:50 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-07-13 00:42:50 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-07-13 00:42:50 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-07-13 00:42:50 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-07-13 00:42:49 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-07-13 00:42:49 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-07-13 00:42:48 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-07-13 00:42:48 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-07-13 00:42:48 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-07-13 00:42:47 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-07-13 00:42:45 ----A---- C:\WINDOWS\system32\irclass.dll
2009-07-13 00:42:44 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-07-13 00:42:44 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-07-13 00:42:44 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-07-13 00:42:44 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-07-13 00:42:42 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-07-13 00:42:42 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-07-13 00:42:41 ----A---- C:\WINDOWS\system32\batt.dll
2009-07-13 00:42:41 ----A---- C:\WINDOWS\notepad.exe
2009-07-13 00:42:40 ----A---- C:\WINDOWS\system32\storprop.dll
2009-07-13 00:42:32 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-07-13 00:42:28 ----RA---- C:\WINDOWS\SET8.tmp
2009-07-13 00:42:26 ----RA---- C:\WINDOWS\SET4.tmp
2009-07-13 00:42:24 ----RA---- C:\WINDOWS\SET3.tmp
2009-07-13 00:42:18 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-13 00:42:18 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-13 00:42:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-13 00:41:46 ----D---- C:\Documents and Settings
2009-07-13 00:41:45 ----SHD---- C:\System Volume Information
2009-07-13 00:40:52 ----SH---- C:\boot.ini
2009-07-13 00:33:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-13 00:33:37 ----RSD---- C:\WINDOWS\Fonts
2009-07-13 00:33:37 ----RD---- C:\WINDOWS\Web
2009-07-13 00:33:37 ----HD---- C:\WINDOWS\inf
2009-07-13 00:33:37 ----D---- C:\WINDOWS\WinSxS
2009-07-13 00:33:37 ----D---- C:\WINDOWS\twain_32
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Temp
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\wins
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\wbem
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\usmt
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\spool
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\ShellExt
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\Setup
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\ras
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\oobe
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\npp
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\mui
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\inetsrv
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\IME
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\icsxml
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\ias
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\fr-fr
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\fr
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\export
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\drivers
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\dhcp
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\config
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\3com_dmi
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\3076
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\2052
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1054
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1042
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1041
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1037
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1036
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1033
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1031
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1028
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32\1025
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system32
2009-07-13 00:33:37 ----D---- C:\WINDOWS\system
2009-07-13 00:33:37 ----D---- C:\WINDOWS\security
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Resources
2009-07-13 00:33:37 ----D---- C:\WINDOWS\repair
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Provisioning
2009-07-13 00:33:37 ----D---- C:\WINDOWS\PeerNet
2009-07-13 00:33:37 ----D---- C:\WINDOWS\pchealth
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Network Diagnostic
2009-07-13 00:33:37 ----D---- C:\WINDOWS\mui
2009-07-13 00:33:37 ----D---- C:\WINDOWS\msapps
2009-07-13 00:33:37 ----D---- C:\WINDOWS\msagent
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Media
2009-07-13 00:33:37 ----D---- C:\WINDOWS\L2Schemas
2009-07-13 00:33:37 ----D---- C:\WINDOWS\java
2009-07-13 00:33:37 ----D---- C:\WINDOWS\ime
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Help
2009-07-13 00:33:37 ----D---- C:\WINDOWS\ehome
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Driver Cache
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Debug
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Cursors
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Connection Wizard
2009-07-13 00:33:37 ----D---- C:\WINDOWS\Config
2009-07-13 00:33:37 ----D---- C:\WINDOWS\AppPatch
2009-07-13 00:33:37 ----D---- C:\WINDOWS\addins
2009-07-13 00:33:37 ----D---- C:\WINDOWS
2009-07-12 23:25:16 ----D---- C:\Program Files\Dofus
2009-07-12 23:25:16 ----D---- C:\Documents and Settings\adrien\Application Data\Macromedia
2009-07-12 23:14:25 ----D---- C:\Documents and Settings\adrien\Application Data\Mozilla
2009-07-12 23:14:19 ----D---- C:\Program Files\Mozilla Firefox
2009-07-12 23:12:14 ----A---- C:\WINDOWS\BricoPackUninst.cmd
2009-07-12 23:11:09 ----A---- C:\WINDOWS\BricoPackUninst.txt
2009-07-12 23:11:09 ----A---- C:\WINDOWS\BricoPackFoldersDelete.cmd
2009-07-12 23:10:53 ----D---- C:\WINDOWS\BricoPacks
2009-07-12 23:10:22 ----SHD---- C:\RECYCLER
2009-07-12 23:10:11 ----D---- C:\Program Files\VideoLAN
2009-07-12 23:09:40 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2009-07-12 23:09:40 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2009-07-12 23:09:40 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-07-12 23:09:40 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-07-12 23:09:39 ----D---- C:\Program Files\Alwil Software
2009-07-12 23:08:34 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-07-12 23:06:50 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-07-12 23:05:56 ----D---- C:\Program Files\Broadcom
2009-07-12 23:05:56 ----A---- C:\WINDOWS\system32\bcmwlcoi.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igxprd32.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\iglicd32.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igldev32.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxtray.exe
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxress.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxpph.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxpers.exe
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxext.exe
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxexps.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxdo.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxdev.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxCoIn_v4764.dll
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\hkcmd.exe
2009-07-12 23:05:06 ----A---- C:\WINDOWS\system32\hccutils.dll
2009-07-12 23:05:05 ----D---- C:\WINDOWS\system32\Lang
2009-07-12 23:05:05 ----A---- C:\WINDOWS\system32\igxpun.exe
2009-07-12 23:05:05 ----A---- C:\WINDOWS\system32\difxapi.dll
2009-07-12 23:04:24 ----A---- C:\WINDOWS\system32\SynTPCo4.dll
2009-07-12 23:04:24 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2009-07-12 23:04:24 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2009-07-12 23:04:24 ----A---- C:\WINDOWS\system32\SynCOM.dll
2009-07-12 23:04:23 ----D---- C:\Program Files\Synaptics
2009-07-12 23:02:58 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-07-12 23:02:56 ----HDC---- C:\WINDOWS$NtUninstallWdf01005$
2009-07-12 23:02:39 ----A---- C:\WINDOWS\system32\wdfcoinstaller01005.dll
2009-07-12 23:02:39 ----A---- C:\WINDOWS\system32\BttnCmns_64.dll
2009-07-12 23:02:39 ----A---- C:\WINDOWS\system32\BttnCmns.dll
2009-07-12 23:02:39 ----A---- C:\WINDOWS\system32\BttnCmn.dll
2009-07-12 23:01:52 ----D---- C:\Program Files\Hewlett-Packard
2009-07-12 23:01:48 ----D---- C:\Program Files\Fichiers communs\InstallShield
2009-07-12 23:00:22 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-12 23:00:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-12 23:00:21 ----D---- C:\Program Files\Intel
2009-07-12 23:00:21 ----A---- C:\WINDOWS\system32\CSVer.dll
2009-07-12 23:00:12 ----D---- C:\Intel
2009-07-12 23:00:04 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-12 23:00:01 ----D---- C:\Program Files\NetWaiting
2009-07-12 23:00:00 ----D---- C:\Documents and Settings\adrien\Application Data\InstallShield
2009-07-12 22:59:57 ----D---- C:\Program Files\CONEXANT
2009-07-12 22:59:34 ----D---- C:\swsetup
2009-07-12 22:58:52 ----D---- C:\Documents and Settings\adrien\Application Data\Identities
2009-07-12 22:58:51 ----HD---- C:\Program Files\Uninstall Information
2009-07-12 22:58:45 ----SD---- C:\Documents and Settings\adrien\Application Data\Microsoft
2009-07-12 22:58:45 ----ASH---- C:\Documents and Settings\adrien\Application Data\desktop.ini
2009-07-12 22:57:44 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-12 22:57:42 ----SD---- C:\WINDOWS\system32\Microsoft
2009-07-12 22:57:42 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-07-12 22:57:42 ----D---- C:\WINDOWS\Prefetch
2009-07-12 22:54:13 ----D---- C:\WINDOWS\system32\xircom
2009-07-12 22:54:13 ----D---- C:\Program Files\xerox
2009-07-12 22:54:13 ----D---- C:\Program Files\microsoft frontpage
2009-07-12 22:53:59 ----D---- C:\DELL
2009-07-12 22:53:47 ----A---- C:\WINDOWS\control.ini
2009-07-12 22:53:47 ----A---- C:\AUTOEXEC.BAT
2009-07-12 22:53:33 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-07-12 22:52:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-12 22:52:40 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-12 22:52:40 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-07-12 22:52:33 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-07-12 22:52:29 ----HD---- C:\Program Files\WindowsUpdate
2009-07-12 22:52:25 ----D---- C:\Program Files\Services en ligne
2009-07-12 22:52:09 ----D---- C:\WINDOWS\system32\DirectX
2009-07-12 22:52:03 ----A---- C:\WINDOWS\system32\atrace.dll
2009-07-12 22:52:00 ----A---- C:\WINDOWS\system32\desktop.ini
2009-07-12 22:52:00 ----A---- C:\WINDOWS\desktop.ini
2009-07-12 22:51:53 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-07-12 22:51:52 ----D---- C:\Program Files\Fichiers communs\Services
2009-07-12 22:51:52 ----A---- C:\WINDOWS\system32\acctres.dll
2009-07-12 22:51:49 ----SD---- C:\WINDOWS\Tasks
2009-07-12 22:51:49 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-07-12 22:51:48 ----D---- C:\Program Files\Fichiers communs\MSSoap
2009-07-12 22:51:44 ----D---- C:\WINDOWS\srchasst
2009-07-12 22:51:43 ----D---- C:\WINDOWS\system32\Macromed
2009-07-12 22:51:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-07-12 22:51:40 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-07-12 22:51:40 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-07-12 22:51:40 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\wups.dll
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-07-12 22:51:39 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-07-12 22:51:38 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-07-12 22:51:38 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-07-12 22:51:34 ----D---- C:\Program Files\Movie Maker
2009-07-12 22:51:16 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-07-12 22:51:16 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-07-12 22:51:16 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-07-12 22:51:16 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-07-12 22:51:12 ----D---- C:\WINDOWS\system32\Restore
2009-07-12 22:51:12 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-07-12 22:51:12 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-07-12 22:51:12 ----A---- C:\WINDOWS\system32\srclient.dll
2009-07-12 22:51:12 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-07-12 22:51:12 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-07-12 22:51:11 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-07-12 22:51:11 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-07-12 22:51:11 ----A---- C:\WINDOWS\system32\ils.dll
2009-07-12 22:51:10 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-07-12 22:51:10 ----A---- C:\WINDOWS\system32\msconf.dll
2009-07-12 22:51:10 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-07-12 22:51:07 ----D---- C:\Program Files\NetMeeting
2009-07-12 22:51:07 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-07-12 22:51:07 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-07-12 22:51:06 ----A---- C:\WINDOWS\system32\inetres.dll
2009-07-12 22:51:06 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-07-12 22:51:04 ----D---- C:\Program Files\Outlook Express
2009-07-12 22:51:04 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-07-12 22:51:04 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-07-12 22:51:04 ----A---- C:\WINDOWS\system32\mstask.dll
2009-07-12 22:51:03 ----A---- C:\WINDOWS\system32\isign32.dll
2009-07-12 22:51:03 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-07-12 22:51:03 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-07-12 22:51:03 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-07-12 22:50:57 ----D---- C:\Program Files\Fichiers communs\System
2009-07-12 22:50:52 ----D---- C:\Program Files\Internet Explorer
2009-07-12 22:50:12 ----D---- C:\Program Files\ComPlus Applications
2009-07-12 22:50:10 ----A---- C:\WINDOWS\vbaddin.ini
2009-07-12 22:50:10 ----A---- C:\WINDOWS\vb.ini
2009-07-12 22:50:05 ----D---- C:\WINDOWS\Registration
2009-07-12 22:49:57 ----D---- C:\Program Files\Windows Media Player
2009-07-12 22:49:57 ----D---- C:\Program Files\Online Services
2009-07-12 22:49:50 ----D---- C:\Program Files\Messenger
2009-07-12 22:49:46 ----D---- C:\Program Files\MSN Gaming Zone
2009-07-12 22:49:46 ----A---- C:\WINDOWS\system32\write.exe
2009-07-12 22:49:38 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-07-12 22:49:38 ----A---- C:\WINDOWS\system32\hticons.dll
2009-07-12 22:49:38 ----A---- C:\WINDOWS\system32\avwav.dll
2009-07-12 22:49:37 ----A---- C:\WINDOWS\system32\winchat.exe
2009-07-12 22:49:37 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-07-12 22:49:37 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-07-12 22:49:31 ----A---- C:\WINDOWS\system32\getuname.dll
2009-07-12 22:49:31 ----A---- C:\WINDOWS\system32\charmap.exe
2009-07-12 22:49:31 ----A---- C:\WINDOWS\system32\calc.exe
2009-07-12 22:49:30 ----A---- C:\WINDOWS\system32\winmine.exe
2009-07-12 22:49:30 ----A---- C:\WINDOWS\system32\sol.exe
2009-07-12 22:49:30 ----A---- C:\WINDOWS\system32\reset.exe
2009-07-12 22:49:30 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-07-12 22:49:30 ----A---- C:\WINDOWS\system32\freecell.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\tskill.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\tscon.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\shadow.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\regini.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\msg.exe
2009-07-12 22:49:29 ----A---- C:\WINDOWS\system32\logoff.exe
2009-07-12 22:49:28 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-07-12 22:49:28 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-07-12 22:49:23 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-07-12 22:49:10 ----D---- C:\Program Files\MSN
2009-07-12 22:49:09 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-07-12 22:49:09 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-07-12 22:49:08 ----D---- C:\Program Files\Windows NT
2009-07-12 22:49:08 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-07-12 22:49:08 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-07-12 22:49:07 ----A---- C:\WINDOWS\system32\spider.exe
2009-07-12 22:49:07 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-07-12 22:49:07 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-07-12 22:49:06 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-07-12 22:49:06 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-07-12 22:49:06 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-07-12 22:49:05 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-07-12 22:49:05 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-07-12 22:49:04 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-07-12 22:49:04 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-07-12 22:49:04 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-07-12 22:49:04 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-07-12 22:49:04 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-07-12 22:49:04 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-07-12 22:49:04 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-07-12 22:49:03 ----D---- C:\WINDOWS\system32\MsDtc
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-07-12 22:49:03 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-07-12 22:49:02 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-07-12 22:49:02 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-07-12 22:49:02 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-07-12 22:49:02 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-07-12 22:49:02 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-07-12 22:49:01 ----D---- C:\WINDOWS\system32\Com
2009-07-12 22:49:01 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-07-12 22:49:01 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-07-12 22:49:01 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-07-12 22:49:01 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-07-12 22:49:01 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-07-12 22:49:01 ----A---- C:\WINDOWS\system32\colbact.dll
2009-07-12 22:49:00 ----A---- C:\WINDOWS\system32\stclient.dll
2009-07-12 22:49:00 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-07-12 22:49:00 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-07-12 22:49:00 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-07-12 22:49:00 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-07-12 22:49:00 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-07-12 22:48:59 ----A---- C:\WINDOWS\system32\comuid.dll
2009-07-12 22:48:59 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-07-12 22:48:59 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-07-12 22:48:58 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-07-12 22:48:53 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-07-12 22:48:52 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-07-12 22:48:52 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-07-12 22:48:52 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-08-06 21:25:26 ----A---- C:\WINDOWS\win.ini
2009-08-06 21:06:37 ----A---- C:\WINDOWS\system.ini
2009-07-12 23:12:14 ----A---- C:\WINDOWS\system32\uxtheme.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-07-12 1294200]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-08-22 594432]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-21 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-21 209664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-01-13 5672032]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-01-12 201856]
R3 usbehci;Pilote miniport de contrôleur d’hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-21 730112]
S3 CrystalSysInfo;CrystalSysInfo; ??\C:\Program Files\MediaCoder PSP Edition\SysInfo.sys []
S3 EnumHook2;Enumerate Global Windows Service 2; ??\C:\WINDOWS\system32\drivers\dHook.sys []
S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mbr;mbr; ??\C:\DOCUME~1\adrien\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
R2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2006-10-08 23856]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-05 144688]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

11

Salut

  1. Télécharge OTMoveIt3 (de Old_Timer) sur le bureau :

==>OTMovelt
Double-clique sur OTMoveIt3.exe sur le bureau

  • Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée

  • Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved

  • Clique sur MoveIt! pour lancer la suppression.
  • Ferme OTMoveIt3

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTMoveIt qui se trouve dans C:_OTMoveIt\MovedFiles.

  1. Télécharge Winsockxpfix

sur ton bureau sans l executer au cas tu en aurai besoin aprés

==>Winsockxpfix
ensuite

Désactives ton antivirus

Télécharge Combofix

==>Combofix

==>sur ton Bureau(et pas ailleurs) et renomme le avant qu’il vienne sur ton bureau.
pour ce faire fait un clic droit sur Combofix.exe ,choisis “enregistrer la cible du lien sous…” et renomme le en==>Kelnis.exe
==> et pour l’emplacement choisis ton bureau et cliques sur “enregistrer”
Fermez toutes les fenêtres ouvertes

Double clique==> Kelnis.exe ==>(Fichier renommé)
Tapes sur la touche1 pour démarrer le scan et suis les instructions indiquées par combofix.
Lorsque le scan sera terminé, un rapport apparaîtra. Copie/colle ce rapport ici même.
==>Le rapport se trouve également ici : C:\Combofix.txt
==> tu ne devras pas cliquer dans la fenêtre de Combofix pendant l’analyse ; ceci provoquerait le blocage du programme.

Réactives ton antivirus et antispyware

PS
si ta connexion internet n’est plus active après le redémarrage

Fait un double clic sur le fichier de WinsockXPFix
clique sur “Fix” au cas faudra faire une réparation manuelle

12

Voici le rapport
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\program files\asksearch\bin\DefaultSearch.dll unregistered successfully.
c:\program files\asksearch\bin\DefaultSearch.dll moved successfully.
C:\Program Files\AskSearch\bin moved successfully.
C:\Program Files\AskSearch moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{C94E154B-1459-4A47-966B-4B843BEFC7DB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{C94E154B-1459-4A47-966B-4B843BEFC7DB}\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\adrien\LOCALS~1\Temp\etilqs_1WGCEWido0bvGhRqcfUt scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5d8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\cziw935w.default\Cache_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\cziw935w.default\Cache_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\cziw935w.default\Cache_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\cziw935w.default\Cache_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\adrien\Local Settings\Application Data\Mozilla\Firefox\Profiles\cziw935w.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 08072009_165138

13

Et voici le second

ComboFix 09-08-06.01 - adrien 07/08/2009 17:01.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.635 [GMT 2:00]
Running from: c:\documents and settings\adrien\Bureau\kelnis.exe
AV: avast! antivirus 4.8.1335 [VPS 090806-1] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 )))))))))))))))))))))))))))))))
.

2009-08-07 14:51 . 2009-08-07 14:51 -------- d-----w- C:_OTMoveIt
2009-08-07 09:42 . 2009-08-07 14:53 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-08-07 09:28 . 2009-08-07 09:34 -------- d-----w- c:\program files\CCleaner
2009-08-07 09:25 . 2009-08-07 09:25 -------- d-----w- c:\program files\FileHippo.com
2009-08-06 21:51 . 2009-08-06 21:51 -------- d-----w- C:\rsit
2009-08-06 21:47 . 2009-08-06 21:47 -------- d-----w- C:\Genproc
2009-08-06 21:42 . 2009-08-06 23:07 -------- d-----w- C:\ToolBar SD
2009-08-06 21:22 . 2009-08-06 21:22 -------- d-----w- c:\documents and settings\adrien\Application Data\Malwarebytes
2009-08-06 21:22 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-06 21:22 . 2009-08-06 21:22 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware
2009-08-06 21:22 . 2009-08-06 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-06 21:22 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-06 20:08 . 2009-08-06 20:08 -------- d-----w- c:\documents and settings\adrien\Application Data\Media Player Classic
2009-08-06 20:07 . 2009-08-06 20:07 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-08-06 19:44 . 2009-08-06 19:44 -------- d-----w- c:\program files\Trend Micro
2009-08-06 19:39 . 2009-08-06 19:39 2080 ----a-w- c:\windows\system32\drivers\dHook.sys
2009-08-06 19:39 . 2009-08-06 19:39 -------- d-----w- c:\program files\Flyos
2009-08-06 19:37 . 2009-08-06 19:37 -------- d-----w- c:\documents and settings\adrien\Application Data\Broad Intelligence
2009-08-06 19:26 . 2009-08-06 19:26 -------- d-----w- c:\program files\MediaCoder PSP Edition
2009-08-06 19:22 . 2009-08-07 13:41 -------- d-----w- c:\documents and settings\adrien\Application Data\vlc
2009-08-06 19:06 . 2009-08-06 19:06 -------- d–h--w- c:\windows\PIF
2009-08-06 18:53 . 2008-04-13 17:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-08-06 18:53 . 2009-08-06 18:56 -------- d-----w- c:\program files\Windows Media Connect 2
2009-08-06 18:51 . 2009-08-06 19:23 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-08-06 18:51 . 2009-08-06 18:51 -------- d-----w- c:\windows\system32\LogFiles
2009-07-26 11:21 . 2009-07-26 11:25 34548 ----a-w- c:\windows\DIIUnin.dat
2009-07-26 11:21 . 2009-07-26 11:21 2829 ----a-w- c:\windows\DIIUnin.pif
2009-07-26 11:21 . 2009-07-26 11:21 102400 ----a-w- c:\windows\DIIUnin.exe
2009-07-26 11:19 . 2009-07-27 16:22 -------- d-----w- c:\program files\Diablo II
2009-07-22 15:37 . 2009-07-23 19:23 -------- d-----w- C:\Diablo II Français
2009-07-18 09:42 . 2009-08-07 14:54 -------- d-----w- c:\documents and settings\adrien\Application Data\skypePM
2009-07-18 09:42 . 2009-07-18 09:42 56 —ha-w- c:\windows\system32\ezsidmv.dat
2009-07-18 09:34 . 2009-08-07 14:54 -------- d-----w- c:\documents and settings\adrien\Application Data\Skype
2009-07-18 09:34 . 2009-07-18 09:34 -------- d-----w- c:\program files\Fichiers communs\Skype
2009-07-18 09:34 . 2009-07-18 09:34 -------- d-----r- c:\program files\Skype
2009-07-18 09:33 . 2009-07-18 09:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-16 11:46 . 2009-07-20 08:54 -------- d-----w- c:\program files\DofusBeta
2009-07-16 08:28 . 2009-07-16 08:28 -------- d-s—w- c:\documents and settings\adrien\UserData
2009-07-15 14:27 . 2009-07-27 16:22 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-07-15 14:27 . 2009-07-27 16:22 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-07-15 14:27 . 2009-07-27 16:22 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-07-15 13:58 . 2009-07-15 13:58 -------- d-----w- c:\documents and settings\adrien\Application Data\DAEMON Tools Pro
2009-07-15 13:58 . 2009-07-15 13:58 -------- d-----w- c:\documents and settings\adrien\Application Data\DAEMON Tools
2009-07-15 13:56 . 2009-07-15 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-07-15 13:53 . 2009-08-07 09:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-15 13:53 . 2009-07-15 13:59 -------- d-----w- c:\documents and settings\adrien\Application Data\DAEMON Tools Lite
2009-07-15 13:38 . 2009-07-15 13:38 -------- d-----w- c:\program files\SlySoft
2009-07-15 11:14 . 2009-07-15 11:14 -------- d-----w- c:\program files\uTorrent
2009-07-15 11:13 . 2009-08-07 14:54 -------- d-----w- c:\documents and settings\adrien\Application Data\uTorrent
2009-07-15 10:38 . 2009-08-07 14:54 -------- d-----w- c:\documents and settings\adrien\Tracing
2009-07-15 10:37 . 2009-07-15 10:37 -------- d-----w- c:\program files\Microsoft
2009-07-15 10:36 . 2009-07-15 10:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-15 10:36 . 2009-07-15 10:37 -------- d-----w- c:\program files\Windows Live
2009-07-15 10:32 . 2009-07-15 10:32 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-07-15 09:36 . 2009-08-07 14:25 -------- d-----w- c:\documents and settings\adrien\Application Data\dvdcss
2009-07-14 13:42 . 2009-07-14 13:42 -------- d-----w- c:\program files\Foxit Software
2009-07-14 13:42 . 2009-07-14 13:42 -------- d-----w- c:\documents and settings\adrien\Application Data\Foxit
2009-07-13 23:07 . 2008-04-13 09:45 26368 -c–a-w- c:\windows\system32\dllcache\usbstor.sys
2009-07-13 22:07 . 2009-07-13 22:07 -------- d-----w- c:\documents and settings\adrien\Application Data\Megaupload
2009-07-13 22:07 . 2009-07-13 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Megaupload
2009-07-13 22:07 . 2009-07-13 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2009-07-13 22:07 . 2009-07-13 22:07 -------- d-----w- c:\documents and settings\adrien\Application Data\MegauploadToolbar
2009-07-13 22:07 . 2009-07-13 22:07 -------- d-----w- c:\documents and settings\adrien\Application Data\EmailNotifier
2009-07-13 22:07 . 2009-07-13 22:07 -------- d-----w- c:\program files\MegauploadToolbar
2009-07-13 22:06 . 2009-07-13 22:06 -------- d-----w- c:\program files\Megaupload
2009-07-13 08:33 . 2009-07-19 11:54 -------- d-----w- c:\program files\Might and Magic VI
2009-07-13 08:33 . 1997-05-29 14:26 316416 ----a-w- c:\windows\IsUn040c.exe
2009-07-13 08:33 . 2009-07-13 08:33 -------- d-----w- c:\documents and settings\adrien\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 14:57 . 2004-08-05 10:00 71686 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-07 14:57 . 2004-08-05 10:00 458886 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-28 09:19 . 2009-07-12 21:25 -------- d-----w- c:\program files\Dofus
2009-07-15 13:39 . 2009-07-15 13:39 24 --sh–w- c:\windows\S223849B3.tmp
2009-07-15 10:37 . 2009-07-12 21:12 12912 ----a-w- c:\documents and settings\adrien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-13 22:06 . 2009-07-12 21:00 -------- d–h--w- c:\program files\InstallShield Installation Information
2009-07-13 14:07 . 2009-07-12 20:53 86331 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-12 21:14 . 2009-07-12 21:14 0 ----a-w- c:\windows\nsreg.dat
2009-07-12 21:12 . 2009-07-12 21:12 64274 ----a-w- c:\windows\BricoPackUninst.cmd
2009-07-12 21:12 . 2009-07-12 21:11 6116 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-07-12 21:12 . 2008-04-13 17:33 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-07-12 21:10 . 2009-07-12 21:10 -------- d-----w- c:\program files\VideoLAN
2009-07-12 21:09 . 2009-07-12 21:09 -------- d-----w- c:\program files\Alwil Software
2009-07-12 21:06 . 2009-07-12 20:59 -------- d-----w- c:\program files\CONEXANT
2009-07-12 21:05 . 2009-07-12 21:05 -------- d-----w- c:\program files\Broadcom
2009-07-12 21:05 . 2009-07-12 21:05 87328 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-07-12 21:05 . 2009-07-12 21:05 1294200 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2009-07-12 21:04 . 2009-07-12 21:04 -------- d-----w- c:\program files\Synaptics
2009-07-12 21:04 . 2009-07-12 21:01 -------- d-----w- c:\program files\Fichiers communs\InstallShield
2009-07-12 21:03 . 2009-07-12 21:03 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2009-07-12 21:03 . 2009-07-12 21:03 0 —ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-12 21:02 . 2009-07-12 21:01 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-12 21:00 . 2009-07-12 21:00 -------- d-----w- c:\program files\Intel
2009-07-12 21:00 . 2009-07-12 21:00 -------- d-----w- c:\program files\NetWaiting
2009-07-12 21:00 . 2009-07-12 21:00 -------- d-----w- c:\documents and settings\adrien\Application Data\InstallShield
2009-07-12 20:54 . 2009-07-12 20:54 -------- d-----w- c:\program files\microsoft frontpage
2009-07-12 20:52 . 2009-07-12 20:52 -------- d-----w- c:\program files\Services en ligne
2009-07-12 20:50 . 2009-07-12 20:50 21892 ----a-w- c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2008-04-13 17:33 704512 3601E0109C765D5236EB42E663CF2681 c:\windows\system32\wininet.dll
[-] 2008-04-13 17:33 704512 3601E0109C765D5236EB42E663CF2681 c:\windows\system32\dllcache\wininet.dll

[-] 2008-04-13 17:34 979968 3EFE912DD25D2586E6A0341DB0A66F69 c:\windows\explorer.exe
[-] 2008-04-13 17:34 979968 3EFE912DD25D2586E6A0341DB0A66F69 c:\windows\system32\dllcache\explorer.exe

[-] 2008-04-13 17:34 102400 478B314098276163EDD8FCD47CC15BE5 c:\windows\system32\wuauclt.exe
[-] 2008-04-13 17:34 102400 478B314098276163EDD8FCD47CC15BE5 c:\windows\system32\dllcache\wuauclt.exe

[-] 2008-04-13 17:33 3507712 FF9357A06E893CF64FB002000235F6F6 c:\windows\system32\mshtml.dll
[-] 2008-04-13 17:33 3507712 FF9357A06E893CF64FB002000235F6F6 c:\windows\system32\dllcache\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“uTorrent”=“c:\program files\uTorrent\uTorrent.exe” [2009-07-15 288048]
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe” [2009-02-06 3885408]
“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2009-06-26 25604904]
FileHippo.com”=“c:\program files\FileHippo.com\UpdateChecker.exe” [2009-07-27 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“QlbCtrl”=“c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-12-06 202032]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2007-01-12 827392]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2007-01-13 131072]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2007-01-13 163840]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2007-01-13 135168]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-02-05 81000]
“CloneCDTray”=“c:\program files\SlySoft\CloneCD\CloneCDTray.exe” [2009-01-29 57344]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“c:\Program Files\Windows Live\Messenger\wlcsdk.exe”=
“c:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“c:\Program Files\uTorrent\uTorrent.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/07/2009 23:09 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/07/2009 23:09 20560]
R2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [12/07/2009 23:02 23856]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder PSP Edition\SysInfo.sys [25/09/2007 16:59 15152]
S3 EnumHook2;Enumerate Global Windows Service 2;c:\windows\system32\drivers\dHook.sys [06/08/2009 21:39 2080]
.
.
------- Supplementary Scan -------
.
uStart Page = www.daemon-search.com…
mWindow Title =
FF - ProfilePath - c:\documents and settings\adrien\Application Data\Mozilla\Firefox\Profiles\cziw935w.default
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.daemon-search.com…
FF - prefs.js: keyword.URL - toolbar.ask.com…
FF - component: c:\program files\Mozilla Firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2009-08-07 17:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
“OOBETimer”=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- DLLs Loaded Under Running Processes ---------------------

              • ‘lsass.exe’(780)
                c:\windows\system32\scecli.dll

              • ‘explorer.exe’(3760)
                c:\windows\system32\SHDOCVW.dll
                c:\windows\system32\ntshrui.dll
                c:\windows\system32\msi.dll
                c:\windows\system32\NETSHELL.dll
                c:\windows\system32\credui.dll
                c:\windows\system32\eappprxy.dll
                .
                Completion time: 2009-08-07 17:05
                ComboFix-quarantined-files.txt 2009-08-07 15:05

Pre-Run: 41 630 728 192 octets libres
Post-Run: 41 612 132 352 octets libres

197

14

Re

  1. Double-clique sur OTMoveIt3.exe sur le bureau

  • Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée

  • Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved

  1. telecharge ATF-Cleaner

==>ATF-Cleaner

fais un nettoyage

Tutoriel==>Tutoriel ATF-Cleaner

  1. poste un nouveau Log Hijackthis
J ai oublié une partie pour OTMovelt aprés le Copié/collé
  • Clique sur MoveIt! pour lancer la suppression.
  • Ferme OTMoveIt3

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTMoveIt qui se trouve dans C:_OTMoveIt\MovedFiles.

aprés tu fais ATF-Cleaner et hijackthis

15

le log hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:33, on 07/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.daemon-search.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
O4 - HKLM…\RunOnce: [OTMoveIt] C:\Documents and Settings\adrien\Bureau\OTMoveIt3.exe
O4 - HKCU…\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [FileHippo.com] “C:\Program Files\FileHippo.com\UpdateChecker.exe” /background
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe


End of file - 4739 bytes

16

Salut

Relance HijackThis et clique sur
=> Do a system scan only
puis, coches
les cases devant les lignes qui suivent

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

Fermes tes autres applications " sauf Hijackthis" ==>clique sur > Fix checked

  1. Mets à jour Explorer
    ==>Explorer 8

  2. Télécharger RevoUninstaller

=> RevoUninstaller

tutoriel

==>Tutoriel RevoUninstaller

désinstalles==>Megaupload

  1. change ta page dacceuil dans Explorer
    options internet et demare la tu as une case a remplir tu mets ta nouvelle page d’accueil ==>http://www.google.fr/ et tu valides

passe ccleaner et poste un dernier log hijackthis

17

Voilà le dernier log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:09, on 07/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
O4 - HKLM…\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{CB58DED6-4AF3-4080-9DF1-DEE72075169F}
O4 - HKLM…\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE “HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components” /v “NoIE4StubProcessing” /f
O4 - HKCU…\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe”
O4 - HKCU…\Run: [FileHippo.com] “C:\Program Files\FileHippo.com\UpdateChecker.exe” /background
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe


End of file - 4415 bytes

Tout est en ordre?

18

Salut

Bon je vois que tu n es pas décider de metter à jour==> Explorer pas la peine que je te le redemande une troisiéme fois

==> tu n as pas de firewall et au fil du temps il y a toujours quelque chose qui se rajoute

tu viens d installer quoi au vu de ces lignes

==>O4 - HKLM…\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{CB58DED6-4AF3-4080-9DF1-DEE72075169F}

Inconnu
O4 - HKLM…\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE “HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components” /v “NoIE4StubProcessing” /f

19

Je n’utilise pas IE alors je pensais pas utile de le mettre a jour , mais si il le faut je le ferais.
Pour les logiciel installé , je n’ai installé que des logiciel dont tu as posté les liens, c’est peu être les pilotes d’un périphérique?

20

salut

mets quand même à jour IE qui te sers pour tes mise à jour Windows et de temps en temps pour aller sur des sites ou je vais t envoyer plus tard

1)Relances Malwarebytes Analyse Compléte en mode Classique + suppression 's) de se que tu vas trouver peut être
poste le rapport

  1. Une Fois IE mis à jour et seulement là

tu te rends ici–> Bitdefender Online scanner –>Uniquement avec–> Explorer

–>Bitdefender Online scanner

–> fermes tes autres applications et désactives ton Anivirus Temporairement

En bas, à gauche de la fenêtre, cliquez sur ->Analyse en Ligne

Dans la fenêtre suivante, cliquez sur -> J’accepte

acceptez l’installation du “Contrôle ActiveX”

–> Une petite fenêtre s’ouvre, cliquez sur -> Installer
–> La fenêtre change encore, cliquez sur -> Démarrez l’analyse
–>Les signatures se chargent et BitDefender SCAN ONLINE démarre l’analyse
Une fois le scan terminé, dans cette fenêtre cliquez sur -> Cliquer pour exporter le rapport d’analyse
–> Choisir le -> Bureau (sur la gauche)

–> En > Type : choisir -> fichier HTML (*.html)
–> Cliques sur -> Enregistrer

N oublies pas de réactiver Ton Antivirus

  1. refais un GenProc et poste le rapport