PC infecté, aidez-moi !

mou_yem · Janvier 4, 2010, 12:11

Salut,

j’ai des gros soucis avec Windows XP:

il est très très long au démarrage: déjà pour ouvrir ma session, et même après son ouverture mon bureau n’est pas exploitable (impossible de faire quoique ce soit) qu’après quelques minutes,
impossible de redémarrer ou d’éteindre le PC “normalement”: il reste fige sur “windows is shutting down”, même si je le laisse plusieurs minutes, ca fait que je suis obligé de l’éteindre manuellement a chaque fois.
si je lance plusieurs programmes simultanément c’est la panique a bord, il bug ! Alors que ma configuration PC n’est pas si pourrie que ca (processeur intel dual core 1.8, 3Go de Ram)

Ces problèmes sont nouveaux, ils ne sont apparus qu’il y a quelques jours… Après quelques scans en ligne (notamment Esest) 2 virus avaient été trouvés et supprimés, mais ces problèmes-la subsistent !

Merci pour votre aide.
@+

hautelfe · Janvier 4, 2010, 1:19

Salut,

Comment par retirer un à un les logiciels/fichiers dont tu ne te sers plus, et défragmente le disque dur.
Parfoit, cela aide, on ne sait jamais.

Si tu refais un scan, il y a encore des virus ?

cricri58 · Janvier 4, 2010, 4:05

Salut

Fais ceci,lis bien et surtout poste moi les rapports

1)télécharges --> Malwarebytes’ (mbam)

==>Malwarebytes’ (mbam)

installes + mise a jour

Lances–> Malwarebytes (MBAM)
==> Puis vas dans l’onglet “Recherche”, coche “Exécuter un examen complet” puis “Rechercher”
==> Sélectionnes tes disques durs" puis clique sur “Lancer lexamen”
==> A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport

==>Si MalwareBytes’ détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection

=> S’il t’ es demandé de redémarrer, clique sur "oui "

aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici

ensuite

telecharge ATF-Cleaner

==> ATF-Cleaner

fais un nettoyage

Tutoriel ==>[Tutoriel]www.dualforum.com…[/url] ATF-Cleaner ]( [url=http://www.dualforum.com/viewtopic15681.html)

ensuite

Télécharge Random’s System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

==>Random’s System Information Tool (RSIT)

==> Double-clique sur RSIT.exe afin de lancer RSIT.

==> Clique sur Continue à l’écran Disclaimer.
==> Si l’outil HijackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur, RSIT le téléchargera et tu devras accepter la licence.
==>Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront.

==> Poste le contenu delog.txt (<==qui sera affiché) ainsi que de info.txt (<==qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

cricri58
Edité le 04/01/2010 à 16:06

mou_yem · Janvier 4, 2010, 8:30

Salut,

j’avais deja MBAM sur mon PC. J’ai essaye de faire un scan mais au bout de 2H30 (alors qu’habituellement quand je l’utilisais le scan durait au maqximum a peine plus d’1 heure) il a eu un bugg, cependant il n’avait pas encore detecte d’infection.

J’ai effectue le nettoyage avec ATF Cleaner.

Enfin voici ci-dessous les 2 rapports de RSIT:

log.txt:

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Mourad at 2010-01-04 22:27:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (60%) free of 40 GB
Total RAM: 3063 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:33 PM, on 1/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson\ST330\service\st330service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\javaws.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Documents and Settings\Mourad\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mourad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM…\Run: [00PCTFW] “C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe” -s
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra ‘Tools’ menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com…
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - download.eset.com…
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} (Java Plug-in 1.6.0_10) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O17 - HKLM\System\CCS\Services\Tcpip…{33AFB313-4EC0-403E-A9F3-948279A1C833}: NameServer = 80.67.0.2 91.213.246.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Service Google Update (gupdate1c9c3c0e7640a00) (gupdate1c9c3c0e7640a00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Program Files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe
O23 - Service: VService - Unknown owner - C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe

–
End of file - 8250 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\defrag.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{894F263C-E34C-448D-AD66-4A9A7005FF4A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“avgnt”=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
“00PCTFW”=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2009-02-23 2652056]
“SunJavaUpdateSched”=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2009-03-02 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe ZTE Corporation\ZXDSL852 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics]
C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe [2009-05-09 557149]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLinkMonitor.exe]
C:\Program Files\D-Link\D-Link USB VoIP Adapter\DLinkMonitor.exe [2007-01-03 651264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-07-18 257440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Mourad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-23 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 169984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-08-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2009-04-10 17879552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
C:\WINDOWS\V0420Mon.exe [2007-04-30 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\Belkin\BLUETO~1\BTTray.exe [2005-08-24 577597]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KeyyoFax.lnk]
C:\PROGRA~1\KeyyoFax\KeyyoFax.exe [2007-10-25 540672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mourad^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-08-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mourad^Start Menu^Programs^Startup^Outil de notification Live Search.lnk]
C:\DOCUME~1\Mourad\APPLIC~1\MICROS~1\LIVESE~1\NOTIFI~1.EXE [2009-08-26 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=323
“NoDriveAutoRun”=67108863
“HonorAutoRunSetting”=0
“NoDrives”=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“HonorAutoRunSetting”=
“NoDriveAutoRun”=
“NoDriveTypeAutoRun”=
“NoDrives”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe”=“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe::Enabled:Yahoo! Messenger"
“C:\Program Files\Thomson\ST330\service\st330service.exe”="C:\Program Files\Thomson\ST330\service\st330service.exe::Enabled:ST330 service”
“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe::Enabled:hpqtra08.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe::Enabled:hpqste08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe::Enabled:hposid01.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe”="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe::Enabled:hpiscnapp.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe::Enabled:hpqkygrp.exe"
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”="C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call”
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Skype\Plugin Manager\skypePM.exe”="C:\Program Files\Skype\Plugin Manager\skypePM.exe::Enabled:Skype Extras Manager”
“C:\Program Files\ma-config.com\maconfservice.exe”=“C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice”
“C:\Program Files\Skype\Phone\Skype.exe”=“C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\MSN Messenger\livecall.exe”=“C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)"
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”="C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call”
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger”

======List of files/folders created in the last 1 months======

2010-01-04 22:27:16 ----D---- C:\rsit
2010-01-04 22:23:40 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-04 22:23:40 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-04 22:23:40 ----A---- C:\WINDOWS\system32\java.exe
2010-01-04 18:31:53 ----A---- C:\rapport.txt
2010-01-04 17:26:56 ----D---- C:\WINDOWS\CSC
2010-01-04 17:26:42 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-04 00:34:25 ----SHD---- C:\RECYCLER
2010-01-03 20:18:37 ----A---- C:\ComboFix.txt
2010-01-03 20:11:55 ----A---- C:\Boot.bak
2010-01-03 20:11:48 ----RASHD---- C:\cmdcons
2010-01-03 20:06:05 ----A---- C:\WINDOWS\zip.exe
2010-01-03 20:06:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-03 20:06:05 ----A---- C:\WINDOWS\SWSC.exe
2010-01-03 20:06:05 ----A---- C:\WINDOWS\SWREG.exe
2010-01-03 20:06:05 ----A---- C:\WINDOWS\sed.exe
2010-01-03 20:06:05 ----A---- C:\WINDOWS\PEV.exe
2010-01-03 20:06:05 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-03 20:06:05 ----A---- C:\WINDOWS\MBR.exe
2010-01-03 20:06:05 ----A---- C:\WINDOWS\grep.exe
2010-01-03 20:05:49 ----D---- C:\WINDOWS\ERDNT
2010-01-03 20:05:46 ----D---- C:\ComboFix
2010-01-03 20:05:36 ----D---- C:\Qoobox
2010-01-02 07:36:47 ----HD---- C:\WINDOWS\PIF
2010-01-02 07:20:48 ----RAD---- C:\autorun.inf
2010-01-02 07:15:18 ----A---- C:\UsbFix.txt
2010-01-02 06:57:52 ----D---- C:\UsbFix
2010-01-02 05:58:40 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2010-01-01 06:39:53 ----D---- C:\Program Files\OpenVPN
2009-12-29 13:43:01 ----A---- C:\resiplog.txt
2009-12-24 01:52:42 ----D---- C:\Program Files\Common Files\Skype
2009-12-23 18:56:54 ----D---- C:\Documents and Settings\Mourad\Application Data\RealTunnelv2
2009-12-21 00:33:32 ----D---- C:\Documents and Settings\All Users\Application Data\SolarWinds
2009-12-21 00:32:47 ----D---- C:\Program Files\SolarWinds
2009-12-20 23:35:20 ----A---- C:\WINDOWS\tftpdesk.INI
2009-12-20 23:16:19 ----A---- C:\WINDOWS\iun6002.exe
2009-12-20 23:16:17 ----D---- C:\Program Files\TFTP Desktop
2009-12-20 11:47:37 ----HDC---- C:\WINDOWS$NtUninstallKB976098-v2$
2009-12-20 11:47:32 ----HDC---- C:\WINDOWS$NtUninstallKB974318$
2009-12-20 11:47:05 ----HDC---- C:\WINDOWS$NtUninstallKB973687$
2009-12-20 11:46:59 ----HDC---- C:\WINDOWS$NtUninstallKB973904$
2009-12-20 11:46:50 ----HDC---- C:\WINDOWS$NtUninstallKB974392$

======List of files/folders modified in the last 1 months======

2010-01-04 22:25:15 ----D---- C:\WINDOWS\Prefetch
2010-01-04 22:24:32 ----D---- C:\Program Files\Java
2010-01-04 22:24:13 ----SHD---- C:\WINDOWS\Installer
2010-01-04 22:23:47 ----D---- C:\Config.Msi
2010-01-04 22:23:42 ----D---- C:\WINDOWS\Temp
2010-01-04 22:23:41 ----D---- C:\WINDOWS\system32
2010-01-04 22:01:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-04 21:59:45 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-04 19:12:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-04 19:07:47 ----D---- C:\Program Files\Mozilla Firefox
2010-01-04 17:26:56 ----D---- C:\WINDOWS
2010-01-04 07:41:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-04 07:41:13 ----D---- C:\WINDOWS\Debug
2010-01-04 07:17:20 ----RD---- C:\Program Files
2010-01-04 06:12:35 ----D---- C:\WINDOWS\system32\drivers
2010-01-04 06:01:38 ----SHD---- C:\System Volume Information
2010-01-04 06:01:38 ----D---- C:\WINDOWS\system32\Restore
2010-01-03 22:33:22 ----D---- C:\WINDOWS\BDOSCAN8
2010-01-03 22:29:51 ----D---- C:\Documents and Settings\Mourad\Application Data\Skype
2010-01-03 22:26:39 ----D---- C:\Documents and Settings\Mourad\Application Data\skypePM
2010-01-03 21:57:26 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-03 21:57:19 ----HD---- C:\WINDOWS\inf
2010-01-03 20:16:32 ----A---- C:\WINDOWS\system.ini
2010-01-03 20:16:03 ----D---- C:\Program Files\Common Files
2010-01-03 20:15:02 ----D---- C:\WINDOWS\AppPatch
2010-01-03 20:11:55 ----RASH---- C:\boot.ini
2010-01-02 13:23:59 ----D---- C:\Program Files\Real
2010-01-02 11:56:21 ----D---- C:\Program Files\Common Files\Real
2010-01-02 11:56:19 ----D---- C:\Documents and Settings\Mourad\Application Data\Real
2010-01-02 11:54:48 ----SD---- C:\Documents and Settings\Mourad\Application Data\Microsoft
2010-01-02 11:54:45 ----D---- C:\WINDOWS\WinSxS
2010-01-01 14:14:44 ----D---- C:\WINDOWS\system32\ias
2010-01-01 03:18:48 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2010-01-01 02:41:10 ----D---- C:\Program Files\ma-config.com
2010-01-01 01:34:16 ----D---- C:\Program Files\PC Tools Firewall Plus
2009-12-31 21:22:40 ----D---- C:\Program Files\Realtek
2009-12-31 21:22:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-31 21:14:23 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2009-12-31 20:29:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-30 21:19:56 ----D---- C:\Documents and Settings\Mourad\Application Data\vlc
2009-12-24 07:03:09 ----D---- C:\Program Files\Google Chrome
2009-12-24 01:52:43 ----RD---- C:\Program Files\Skype
2009-12-24 01:52:40 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-12-20 23:26:16 ----D---- C:\WINDOWS\network diagnostic
2009-12-20 11:49:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-20 11:47:31 ----HD---- C:\WINDOWS$hf_mig$
2009-12-20 11:47:24 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; ??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 pctgntdi;pctgntdi; ??\C:\WINDOWS\system32\drivers\pctgntdi.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-14 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-20 56816]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 PCTAppEvent;PCTAppEvent Driver; ??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys []
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2005-08-24 401152]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-08-24 30363]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-08-24 1341466]
R3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2005-08-24 30189]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-24 56648]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-04-14 5069312]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 pctplfw;pctplfw; ??\C:\WINDOWS\system32\drivers\pctplfw.sys []
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-04-30 130816]
R3 SFilter;PCTools Driver; C:\WINDOWS\system32\DRIVERS\pctfw.sys [2008-09-22 97408]
R3 ST330;ST330; C:\WINDOWS\system32\drivers\st330.sys [2009-04-30 30464]
R3 STBUS;STBUS; C:\WINDOWS\system32\drivers\stbus.sys [2009-04-30 12672]
R3 stppp;Speedtouch PPP Adapter Adapter; C:\WINDOWS\system32\DRIVERS\stppp.sys [2009-04-30 32000]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Bluetooth Serial Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 btnetBUs;Bluetooth PAN Bus Service; C:\WINDOWS\System32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-08-24 148040]
S3 catchme;catchme; ??\C:\DOCUME~1\Mourad\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver; C:\WINDOWS\system32\DRIVERS\CnxEtP.sys []
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver; C:\WINDOWS\system32\DRIVERS\CnxEtU.sys []
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver; C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys []
S3 DOSMEMIO;MEMIO; ??\G:\MEMIO.SYS []
S3 driverhardwarev2;driverhardwarev2; ??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 MBAMSwissArmy;MBAMSwissArmy; ??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mbr;mbr; ??\C:\DOCUME~1\Mourad\LOCALS~1\Temp\mbr.sys []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 slusbvip;SL3800 USB Driver; C:\WINDOWS\system32\DRIVERS\slusbvip.sys [2009-07-20 591832]
S3 SLVAD_simple;D-Link Virtual Audio Device; C:\WINDOWS\system32\drivers\slvad.sys [2009-07-20 85656]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2009-11-04 25984]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 V0420VID;Live! Cam Vista IM (VF0420); C:\WINDOWS\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-14 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-19 185089]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe [2005-08-24 258103]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe [2008-12-11 146800]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 st330service;SpeedTouch 330 Manager; C:\Program Files/Thomson/ST330/service/st330service.exe [2009-05-09 581632]
R2 VService;VService; C:\Program Files\D-Link\D-Link USB VoIP Adapter\VServ.exe [2007-01-02 105208]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate1c9c3c0e7640a00;Service Google Update (gupdate1c9c3c0e7640a00); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-23 133104]
S3 aspnet_state;Service d’état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-17 243056]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 SolarWinds TFTP Server;SolarWinds TFTP Server; C:\Program Files\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [2009-10-20 54272]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

- info.txt:

info.txt logfile of random’s system information tool 1.06 2010-01-04 22:27:34

======Uninstall list======

–>C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
–>C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
–>C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
–>C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
–>C:\WINDOWS\UNNeroVision.exe /UNINSTALL
–>C:\WINDOWS\UNRecode.exe /UNINSTALL
–>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer–>MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player 10 ActiveX–>C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin–>C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Français–>MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
ALTools Update–>“C:\Program Files\ESTsoft\ALUpdate\unins000.exe”
ALZip–>“C:\Program Files\ESTsoft\ALZip\unins000.exe”
Assistant de connexion Windows Live–>MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Avira AntiVir Personal - Free Antivirus–>C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Belkin Bluetooth Software–>MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
CCleaner (remove only)–>“C:\Program Files\CCleaner\uninst.exe”
CDex extraction audio–>“C:\Program Files\CDex_150\uninstall.exe”
Ciel Auto-entrepreneur Facile 1.30–>MsiExec.exe /I{AB8DD4C1-6237-455E-AF09-86296B3E3EE0}
ClocX (1.4)–>“C:\Program Files\ClocX\Uninstall.exe”
Creative Live! Cam Vista IM Driver (1.00.03.0000)–>C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0420.uns -unsext NT -plugin V0420Pin.dll -pluginres CtCamPin.crl
Critical Update for Windows Media Player 11 (KB959772)–>“C:\WINDOWS$NtUninstallKB959772_WM11$\spuninst\spuninst.exe”
Defraggler (remove only)–>“C:\Program Files\Defraggler\uninst.exe”
D-Link USB VoIP Adapter–>“C:\Program Files\D-Link\D-Link USB VoIP Adapter\setup.exe” /REMOVE
D-Link USB VoIP Adapter–>MsiExec.exe /X{0A7AB28D-E7DE-458A-9243-663DADDEE290}
EVEREST Home Edition v2.20–>“C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe”
Google Earth–>MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466}
Google Update Helper–>MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2–>“C:\Program Files\Trend Micro\HijackThis\HijackThis.exe” /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)–>C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)–>C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)–>“C:\WINDOWS$NtUninstallKB929399$\spuninst\spuninst.exe”
Hotfix for Windows Media Player 11 (KB939683)–>“C:\WINDOWS$NtUninstallKB939683$\spuninst\spuninst.exe”
Hotfix for Windows XP (KB952287)–>“C:\WINDOWS$NtUninstallKB952287$\spuninst\spuninst.exe”
Hotfix for Windows XP (KB961118)–>“C:\WINDOWS$NtUninstallKB961118$\spuninst\spuninst.exe”
Hotfix for Windows XP (KB970653-v3)–>“C:\WINDOWS$NtUninstallKB970653-v3$\spuninst\spuninst.exe”
Hotfix for Windows XP (KB976098-v2)–>“C:\WINDOWS$NtUninstallKB976098-v2$\spuninst\spuninst.exe”
HP Customer Participation Program 10.0–>C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3–>C:\Program Files\HP\Digital Imaging{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0–>C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5–>C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing–>C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0–>C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update–>MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Installation Windows Live–>C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live–>MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel® Graphics Media Accelerator Driver–>C:\WINDOWS\system32\igxpun.exe -uninstall
Java™ 6 Update 17–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Junk Mail filter update–>MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
jv16 PowerTools 1.3–>“C:\Program Files\jv16 PowerTools\unins000.exe”
Keyyo Softphone 2.0 release 1105c–>“C:\Program Files\Keyyo X-PRO\unins000.exe”
KeyyoFax 1.0–>C:\Program Files\KeyyoFax\uninst.exe
Ma-Config.com–>MsiExec.exe /X{18754BA4-4F0C-4E6E-888B-9496AFA05F43}
Malwarebytes’ Anti-Malware–>“C:\Program Files\Malwarebytes’ Anti-Malware\unins000.exe”
Microsoft .NET Framework 1.1 Security Update (KB953297)–>“C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe” “C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp”
Microsoft .NET Framework 1.1–>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1–>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA–>MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2–>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA–>MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2–>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra–>MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1–>C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1–>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard–>MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP–>“C:\WINDOWS$NtUninstallMSCompPackV1$\spuninst\spuninst.exe”
Microsoft User-Mode Driver Framework Feature Pack 1.0–>“C:\WINDOWS$NtUninstallWudf01000$\spuninst\spuninst.exe”
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053–>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148–>MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17–>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra–>C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.6)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRuntime Libraries–>MsiExec.exe /I{ECA2B21B-A180-4775-B93F-6E404E36A8CC}
MSVCRT–>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)–>MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Essentials–>MsiExec.exe /X{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}
neroxml–>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenOffice.org 3.1–>MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
Opera 10.01–>MsiExec.exe /X{4B296228-DF7C-43EA-8DED-76027355B219}
Outil de téléchargement Windows Live–>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PC Tools Firewall Plus 5.0–>C:\Program Files\PC Tools Firewall Plus\unins000.exe /LOG
REALTEK GbE & FE Ethernet PCI NIC Driver–>C:\Program Files\InstallShield Installation Information{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly
REALTEK GbE & FE Ethernet PCI-E NIC Driver–>C:\Program Files\InstallShield Installation Information{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe” -l0x9 -removeonly
Security Update for Windows Internet Explorer 8 (KB969897)–>“C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe”
Security Update for Windows Internet Explorer 8 (KB971961)–>“C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe”
Security Update for Windows Internet Explorer 8 (KB972260)–>“C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe”
Security Update for Windows Internet Explorer 8 (KB974455)–>“C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe”
Security Update for Windows Internet Explorer 8 (KB976325)–>“C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe”
Security Update for Windows Media Player (KB952069)–>“C:\WINDOWS$NtUninstallKB952069_WM9$\spuninst\spuninst.exe”
Security Update for Windows Media Player (KB954155)–>“C:\WINDOWS$NtUninstallKB954155_WM9$\spuninst\spuninst.exe”
Security Update for Windows Media Player (KB968816)–>“C:\WINDOWS$NtUninstallKB968816_WM9$\spuninst\spuninst.exe”
Security Update for Windows Media Player 11 (KB936782)–>“C:\WINDOWS$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe”
Security Update for Windows Media Player 11 (KB954154)–>“C:\WINDOWS$NtUninstallKB954154_WM11$\spuninst\spuninst.exe”
Security Update for Windows XP (KB923561)–>“C:\WINDOWS$NtUninstallKB923561$\spuninst\spuninst.exe”
Security Update for Windows XP (KB923789)–>C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)–>“C:\WINDOWS$NtUninstallKB938464-v2$\spuninst\spuninst.exe”
Security Update for Windows XP (KB941569)–>“C:\WINDOWS$NtUninstallKB941569$\spuninst\spuninst.exe”
Security Update for Windows XP (KB946648)–>“C:\WINDOWS$NtUninstallKB946648$\spuninst\spuninst.exe”
Security Update for Windows XP (KB950760)–>“C:\WINDOWS$NtUninstallKB950760$\spuninst\spuninst.exe”
Security Update for Windows XP (KB950762)–>“C:\WINDOWS$NtUninstallKB950762$\spuninst\spuninst.exe”
Security Update for Windows XP (KB950974)–>“C:\WINDOWS$NtUninstallKB950974$\spuninst\spuninst.exe”
Security Update for Windows XP (KB951066)–>“C:\WINDOWS$NtUninstallKB951066$\spuninst\spuninst.exe”
Security Update for Windows XP (KB951376-v2)–>“C:\WINDOWS$NtUninstallKB951376-v2$\spuninst\spuninst.exe”
Security Update for Windows XP (KB951748)–>“C:\WINDOWS$NtUninstallKB951748$\spuninst\spuninst.exe”
Security Update for Windows XP (KB952004)–>“C:\WINDOWS$NtUninstallKB952004$\spuninst\spuninst.exe”
Security Update for Windows XP (KB952954)–>“C:\WINDOWS$NtUninstallKB952954$\spuninst\spuninst.exe”
Security Update for Windows XP (KB954459)–>“C:\WINDOWS$NtUninstallKB954459$\spuninst\spuninst.exe”
Security Update for Windows XP (KB954600)–>“C:\WINDOWS$NtUninstallKB954600$\spuninst\spuninst.exe”
Security Update for Windows XP (KB955069)–>“C:\WINDOWS$NtUninstallKB955069$\spuninst\spuninst.exe”
Security Update for Windows XP (KB956572)–>“C:\WINDOWS$NtUninstallKB956572$\spuninst\spuninst.exe”
Security Update for Windows XP (KB956802)–>“C:\WINDOWS$NtUninstallKB956802$\spuninst\spuninst.exe”
Security Update for Windows XP (KB956803)–>“C:\WINDOWS$NtUninstallKB956803$\spuninst\spuninst.exe”
Security Update for Windows XP (KB956844)–>“C:\WINDOWS$NtUninstallKB956844$\spuninst\spuninst.exe”
Security Update for Windows XP (KB957097)–>“C:\WINDOWS$NtUninstallKB957097$\spuninst\spuninst.exe”
Security Update for Windows XP (KB958644)–>“C:\WINDOWS$NtUninstallKB958644$\spuninst\spuninst.exe”
Security Update for Windows XP (KB958687)–>“C:\WINDOWS$NtUninstallKB958687$\spuninst\spuninst.exe”
Security Update for Windows XP (KB958690)–>“C:\WINDOWS$NtUninstallKB958690$\spuninst\spuninst.exe”
Security Update for Windows XP (KB958869)–>“C:\WINDOWS$NtUninstallKB958869$\spuninst\spuninst.exe”
Security Update for Windows XP (KB959426)–>“C:\WINDOWS$NtUninstallKB959426$\spuninst\spuninst.exe”
Security Update for Windows XP (KB960225)–>“C:\WINDOWS$NtUninstallKB960225$\spuninst\spuninst.exe”
Security Update for Windows XP (KB960715)–>“C:\WINDOWS$NtUninstallKB960715$\spuninst\spuninst.exe”
Security Update for Windows XP (KB960803)–>“C:\WINDOWS$NtUninstallKB960803$\spuninst\spuninst.exe”
Security Update for Windows XP (KB961371)–>“C:\WINDOWS$NtUninstallKB961371$\spuninst\spuninst.exe”
Security Update for Windows XP (KB961373)–>“C:\WINDOWS$NtUninstallKB961373$\spuninst\spuninst.exe”
Security Update for Windows XP (KB961501)–>“C:\WINDOWS$NtUninstallKB961501$\spuninst\spuninst.exe”
Security Update for Windows XP (KB963027)–>“C:\WINDOWS$NtUninstallKB963027$\spuninst\spuninst.exe”
Security Update for Windows XP (KB968537)–>“C:\WINDOWS$NtUninstallKB968537$\spuninst\spuninst.exe”
Security Update for Windows XP (KB969059)–>“C:\WINDOWS$NtUninstallKB969059$\spuninst\spuninst.exe”
Security Update for Windows XP (KB969898)–>“C:\WINDOWS$NtUninstallKB969898$\spuninst\spuninst.exe”
Security Update for Windows XP (KB969947)–>“C:\WINDOWS$NtUninstallKB969947$\spuninst\spuninst.exe”
Security Update for Windows XP (KB970238)–>“C:\WINDOWS$NtUninstallKB970238$\spuninst\spuninst.exe”
Security Update for Windows XP (KB971486)–>“C:\WINDOWS$NtUninstallKB971486$\spuninst\spuninst.exe”
Security Update for Windows XP (KB971633)–>“C:\WINDOWS$NtUninstallKB971633$\spuninst\spuninst.exe”
Security Update for Windows XP (KB973346)–>“C:\WINDOWS$NtUninstallKB973346$\spuninst\spuninst.exe”
Security Update for Windows XP (KB973525)–>“C:\WINDOWS$NtUninstallKB973525$\spuninst\spuninst.exe”
Security Update for Windows XP (KB973904)–>“C:\WINDOWS$NtUninstallKB973904$\spuninst\spuninst.exe”
Security Update for Windows XP (KB974112)–>“C:\WINDOWS$NtUninstallKB974112$\spuninst\spuninst.exe”
Security Update for Windows XP (KB974318)–>“C:\WINDOWS$NtUninstallKB974318$\spuninst\spuninst.exe”
Security Update for Windows XP (KB974392)–>“C:\WINDOWS$NtUninstallKB974392$\spuninst\spuninst.exe”
Security Update for Windows XP (KB974571)–>“C:\WINDOWS$NtUninstallKB974571$\spuninst\spuninst.exe”
Security Update for Windows XP (KB975025)–>“C:\WINDOWS$NtUninstallKB975025$\spuninst\spuninst.exe”
Security Update for Windows XP (KB975467)–>“C:\WINDOWS$NtUninstallKB975467$\spuninst\spuninst.exe”
Segoe UI–>MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shop for HP Supplies–>C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype web features–>MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype 4.1–>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SolarWinds TFTP Server–>C:\Program Files\InstallShield Installation Information{1AA86313-B188-498D-91CF-D017AC5A82A5}\setup.exe -runfromtemp -l0x0409
SpeedTouch 330–>C:\Program Files\Thomson\ST330\Uninstall\stInstall.exe -s:scen_uninstall_st330.xml -l:fr
Spelling Dictionaries Support For Adobe Reader 9–>MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy–>“C:\Program Files\Spybot - Search & Destroy\unins000.exe”
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)–>C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976749)–>“C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe”
Update for Windows XP (KB951978)–>“C:\WINDOWS$NtUninstallKB951978$\spuninst\spuninst.exe”
Update for Windows XP (KB955839)–>“C:\WINDOWS$NtUninstallKB955839$\spuninst\spuninst.exe”
Update for Windows XP (KB961503)–>“C:\WINDOWS$NtUninstallKB961503$\spuninst\spuninst.exe”
Update for Windows XP (KB967715)–>“C:\WINDOWS$NtUninstallKB967715$\spuninst\spuninst.exe”
Update for Windows XP (KB973687)–>“C:\WINDOWS$NtUninstallKB973687$\spuninst\spuninst.exe”
VLC media player 1.0.1–>C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call–>MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform–>MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail–>MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger–>MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Format 11 runtime–>“C:\Program Files\Windows Media Player\wmsetsdk.exe” /UninstallAll
Windows Media Format 11 runtime–>“C:\WINDOWS$NtUninstallWMFDist11$\spuninst\spuninst.exe”
Windows Media Player 11–>“C:\Program Files\Windows Media Player\Setup_wm.exe” /Uninstall
Windows Media Player 11–>“C:\WINDOWS$NtUninstallwmp11$\spuninst\spuninst.exe”
Windows XP Service Pack 3–>“C:\WINDOWS$NtServicePackUninstall$\spuninst\spuninst.exe”
XML Paper Specification Shared Components Language Pack 1.0–>“C:\WINDOWS$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe”

======Hosts File======

127.0.0.1		localhost

======Security center information======

AV: AntiVir Desktop
FW: PC Tools Firewall Plus

======System event log======

Computer Name: MOURAD-7206BD0B
Event Code: 9
Message: Le périphérique \Device\Ide\IdePort0 n’a pas répondu dans le délai imparti.

Record Number: 23127
Source Name: atapi
Time Written: 20091229150036.000000+180
Event Type: error
User:

Computer Name: MOURAD-7206BD0B
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 23092
Source Name: Service Control Manager
Time Written: 20091229113332.000000+180
Event Type: error
User:

Computer Name: MOURAD-7206BD0B
Event Code: 18
Message: TIMEOUT<jqs.exe>

Record Number: 23091
Source Name: avgntflt
Time Written: 20091229113236.000000+180
Event Type: warning
User:

Computer Name: MOURAD-7206BD0B
Event Code: 9
Message: Le périphérique \Device\Ide\IdePort0 n’a pas répondu dans le délai imparti.

Record Number: 23089
Source Name: atapi
Time Written: 20091229113223.000000+180
Event Type: error
User:

Computer Name: MOURAD-7206BD0B
Event Code: 9
Message: Le périphérique \Device\Ide\IdePort0 n’a pas répondu dans le délai imparti.

Record Number: 23088
Source Name: atapi
Time Written: 20091229113223.000000+180
Event Type: error
User:

=====Application event log=====

Computer Name: MOURAD-7206BD0B
Event Code: 20
Message:
Record Number: 8720
Source Name: Google Update
Time Written: 20091106111014.000000+180
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MOURAD-7206BD0B
Event Code: 20
Message:
Record Number: 8719
Source Name: Google Update
Time Written: 20091106101014.000000+180
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MOURAD-7206BD0B
Event Code: 20
Message:
Record Number: 8715
Source Name: Google Update
Time Written: 20091106093459.000000+180
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MOURAD-7206BD0B
Event Code: 20
Message:
Record Number: 8706
Source Name: Google Update
Time Written: 20091106061000.000000+180
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MOURAD-7206BD0B
Event Code: 20
Message:
Record Number: 8700
Source Name: Google Update
Time Written: 20091106060705.000000+180
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

“ComSpec”=%SystemRoot%\system32\cmd.exe
“Path”=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ESTsoft\ALZip
“windir”=%SystemRoot%
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“PROCESSOR_ARCHITECTURE”=x86
“PROCESSOR_LEVEL”=6
“PROCESSOR_IDENTIFIER”=x86 Family 6 Model 15 Stepping 13, GenuineIntel
“PROCESSOR_REVISION”=0f0d
“NUMBER_OF_PROCESSORS”=2
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP

-----------------EOF-----------------

cricri58 · Janvier 4, 2010, 8:36

Salut

je vais regarder les logs de RSIT

toi tu Relances malwarebytes

tu fais ce coup-çi ==> Une analyse rapide

Si MalwareBytes’ détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection

=> S’il t’ es demandé de redémarrer, clique sur "oui "

aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici

mou_yem · Janvier 5, 2010, 12:28

Salut,

j’ai effectue le scan rapide, MalwareBytes’s n’a rien détecté d’anormal.

Ca commence a m’inquieter cette histoire…

cricri58 · Janvier 5, 2010, 8:27

Je t avais dis de faire Malwarebytes le temps que je regarde,alors patience !!

Question tu es pris en charge sur un Forum ,car je vois l utilisation de ComboFix,UsbFix,

PS ==> tu es victime d un détournement de DNS

1)1) Télécharge WORT (de dj QUIOU)

==>WORT (de dj QUIOU)

Double-clique sur le fichier WORT.exe et sélectionne le Bureau à l’aide du bouton “Parcourir”. Suis les instructions et double-clique sur le fichier Wareout Removal Tool.bat qui vient d’être créé sur le Bureau.

Sélectionne l’option 1 et valide par entrée.

ensuite

Désactives actives ton antivirus et antispyware

Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :sur ton bureau

==>SmitfraudFix

Imprtant ==> Redémarre en mode sans échec :

Pour cela, tu tapotes la touche F8 à lallumage du pc sans tarrêter.

Une fenêtre va souvrir. Choisis démarrer en mode sans échec puis tape entrée.
Choisis ton compte.

Relance le programme SmitfraudFix

tu vas dans le dossier SmitFraudFix crée sur ton bureau et tu doubles-cliques sur SmitFraudFix.cmd.
Cette fois choisis[b] loption 2, réponds oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal,
copie/colle le rapport ici

cricri58

MrMaestro · Janvier 6, 2010, 9:45

il faut que tu essaye avant tous la fonctionnalité restauration du système de windows pour restaurer le système à une date antérieure…
et après cette étape essayer d’installer un bon antivirus mis à jours…
sinon tu peux accéder au mode sans échec (en appuyant sur la touche F5 ou F8 lors du démarrage de l’ordinateur) et essaye de scanner tout l’ordinateur et désinstalle les programme suspects…:hello::hello: