Rapport smitfraud

snake074009 · Octobre 21, 2009, 12:07

Bonjour,
Voici le rapport d’analyse,
Merci de me dire se qu’il ne vas pas
SmitFraudFix v2.424

Rapport fait à 12:03:36,64, 21/10/2009
Executé à partir de C:\Documents and Settings\Lionel\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Lionel\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lionel

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Lionel\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lionel\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Lionel\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLs”=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Userinit”=“C:\WINDOWS\system32\userinit.exe,”

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“System”=""

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Fast Ethernet compatible VIA - Miniport d’ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip…{86016F07-27A0-4B3B-A868-F49F48868802}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip…{86016F07-27A0-4B3B-A868-F49F48868802}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip…{86016F07-27A0-4B3B-A868-F49F48868802}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip…{86016F07-27A0-4B3B-A868-F49F48868802}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Merci:)

cricri58 · Octobre 21, 2009, 12:16

Salut

Pourquoi un rapport de ==>SmitFraudFix ???,

celui çi ne montre rien d anormal

Quel(s) Prob(s) as-tu ???

Sinon

Télécharge Random’s System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

==>Random’s System Information Tool (RSIT)

==> Double-clique sur RSIT.exe afin de lancer RSIT.
==> Clique sur Continue à l’écran Disclaimer.
==> Si l’outil HijackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur, RSIT le téléchargera et tu devras accepter la licence.
==>Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront.

==> Poste le contenu de log.txt (<==qui sera affiché) ainsi que de info.txt (<==qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

@+ cricri58

snake074009 · Octobre 21, 2009, 12:30

Je trouve que mon ordi est lent par rapport a d’habitude
Voici le premier rapport
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Lionel at 2009-10-21 12:27:17
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 3 GB (8%) free of 39 GB
Total RAM: 1280 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:49, on 21/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Lionel\Bureau\RSIT.exe
C:\Program Files\trend micro\Lionel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.fr…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.conduit.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM…\Run: [LogitechVideoRepair] “C:\Program Files\Logitech\Video\ISStart.exe”
O4 - HKLM…\Run: [LogitechVideoTray] “C:\Program Files\Logitech\Video\LogiTray.exe”
O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [Launch LGDCore] “C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe” /SHOWHIDE
O4 - HKLM…\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [CloneDVDElbyDelay] “C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe” /L ElbyDelay
O4 - HKLM…\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE”
O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU…\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\Program… Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE…
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Créer un Favori de l’appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra ‘Tools’ menuitem: Créer un Favori de l’appareil mobile… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com…
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - dlm.tools.akamai.com…
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com…
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - game12.zylom.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

–
End of file - 12890 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#7700#MY393111W5K4.job
C:\WINDOWS\tasks\HPpromotions journeysoftware.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“HPDJ Taskbar Utility”=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-05-07 188416]
“LVCOMSX”=C:\WINDOWS\system32\LVCOMSX.EXE [2004-10-08 221184]
“LogitechVideoRepair”=C:\Program Files\Logitech\Video\ISStart.exe [2004-10-08 458752]
“LogitechVideoTray”=C:\Program Files\Logitech\Video\LogiTray.exe [2004-10-08 217088]
“GrooveMonitor”=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
“HP Software Update”=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
“Launch LGDCore”=C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe [2006-07-23 1126400]
“Smapp”=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
“NeroFilterCheck”=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
“CloneDVDElbyDelay”=C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe [2002-11-02 45056]
“AnyDVD”=C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe [2003-11-21 177152]
“Logitech Hardware Abstraction Layer”=C:\WINDOWS\KHALMNPR.EXE [2004-10-21 29696]
“SunJavaUpdateSched”=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
“LogitechSoftwareUpdate”=C:\Program Files\Logitech\Video\ManifestEngine.exe [2004-10-08 196608]
“msnmsgr”=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
“H/PC Connection Agent”=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2005-01-19 405583]
“LDM”=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe []
“SpybotSD TeaTimer”=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
“srvreg”=C:\WINDOWS\system32\srvreg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^KODAK Software Updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE [2004-02-11 16423]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Démarrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger Agent.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-03-03 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{B5A7F190-DDA6-4420-B3BA-52453494E6CD}”=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveAutoRun”=4294967295

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveAutoRun”=
“NoDriveTypeAutoRun”=
“NoDrives”=
“HonorAutoRunSetting”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\WINDOWS\system32\rtcshare.exe”="C:\WINDOWS\system32\rtcshare.exe::Enabled:Partage de l’application RTC"
“C:\Program Files\NetMeeting\conf.exe”=“C:\Program Files\NetMeeting\conf.exe::Enabled:Windows® NetMeeting®"
“C:\Program Files\Messenger\msmsgs.exe”="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger”
“C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe”=“C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe::Enabled:EasyShare"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000”
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE::Enabled:Microsoft Office Outlook"
“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE::Enabled:Microsoft Office Groove”
“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE::Enabled:Microsoft Office OneNote"
“F:\Pinnacle\Studio 10\programs\RM.exe”="F:\Pinnacle\Studio 10\programs\RM.exe::Enabled:Render Manager”
“F:\Pinnacle\Studio 10\programs\Studio.exe”=“F:\Pinnacle\Studio 10\programs\Studio.exe::Enabled:Studio"
“F:\Pinnacle\Studio 10\programs\PMSRegisterFile.exe”="F:\Pinnacle\Studio 10\programs\PMSRegisterFile.exe::Enabled:PMSRegisterFile”
“F:\Pinnacle\Studio 10\programs\umi.exe”=“F:\Pinnacle\Studio 10\programs\umi.exe::Enabled:umi"
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”="C:\Program Files\Microsoft ActiveSync\wcescomm.exe::Enabled:ActiveSync Connection Manager”
“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”=“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe::Enabled:ActiveSync Application"
“C:\Program Files\Mozilla Firefox\firefox.exe”="C:\Program Files\Mozilla Firefox\firefox.exe::Enabled:Firefox”
“F:\Azureus\Azureus.exe”=“F:\Azureus\Azureus.exe::Enabled:Azureus"
“C:\Program Files\Guillemot\tools\giWebUpdater.exe”="C:\Program Files\Guillemot\tools\giWebUpdater.exe::Enabled:Guillemot Web Updater”
“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe”=“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe::Disabled:hpfccopy.exe"
“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe”="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe::Disabled:hpoews01.exe”
“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe”=“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe::Disabled:hpofxm08.exe"
“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe”="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe::Disabled:hposfx08.exe”
“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe”=“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe::Disabled:hposid01.exe"
“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe”="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe::Disabled:hpqcopy.exe”
“C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe”=“C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe::Disabled:hpqdia.exe"
“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe”="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe::Disabled:hpqkygrp.exe”
“C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe”=“C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe::Disabled:hpqphunl.exe"
“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe”="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe::Disabled:hpqscnvw.exe”
“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe”=“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe::Disabled:hpqste08.exe"
“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe”="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe::Disabled:hpqtra08.exe”
“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe”=“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe::Disabled:hpzwiz01.exe"
“C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe”="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe::Disabled:Kodak Software Updater”
“C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe”=“C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe::Enabled:Assistance à distance - Windows Messenger et voix"
“c:\program files\bcd_installed.exe”="c:\program files\bcd_installed.exe::Enabled:Windows Application Service”
“C:\Program Files\LimeWire\LimeWire.exe”=“C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire"
“G:\Program Files\LimeWire\LimeWire.exe”="G:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire”
“C:\Documents and Settings\Lionel\Bureau\PES2008.exe”=“C:\Documents and Settings\Lionel\Bureau\PES2008.exe::Enabled:Pro Evolution Soccer 2008"
“G:\Program Files\Pinnacle\Studio 12\Programs\RM.exe”="G:\Program Files\Pinnacle\Studio 12\Programs\RM.exe::Enabled:Render Manager”
“G:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe”=“G:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe::Enabled:Studio"
“G:\Program Files\Pinnacle\Studio 12\Programs\umi.exe”="G:\Program Files\Pinnacle\Studio 12\Programs\umi.exe::Enabled:umi”
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”=“C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call"
“F:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe”="F:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe::Enabled:Zoo Tycoon 2 Executable”
“C:\Program Files\Neuf\Media Center\httpd\httpd.exe”=“C:\Program Files\Neuf\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.2/255.255.255.255:Enabled:Serveur de partage Media Center (Player Neuf Cegetel)”
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe”="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe::Enabled:Windows Live FolderShare”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\AOL 9.0\waol.exe”="C:\Program Files\AOL 9.0\waol.exe::Enabled:AOL 9.0"
“C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe”=“C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe::Enabled:AOL"
“C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe”="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe::Enabled:AOL”
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Windows Live\Messenger\wlcsdk.exe”="C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe”="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe::Enabled:Windows Live FolderShare”

======List of files/folders created in the last 1 months======

2009-10-21 12:27:17 ----D---- C:\rsit
2009-10-21 12:03:36 ----A---- C:\rapport.txt
2009-10-21 12:03:28 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-10-21 12:03:28 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-10-21 12:03:28 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-10-21 12:03:28 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-10-21 12:03:27 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-10-21 12:03:27 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-10-21 12:03:27 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-10-21 12:03:27 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-10-21 12:03:27 ----A---- C:\WINDOWS\system32\swsc.exe
2009-10-21 12:03:27 ----A---- C:\WINDOWS\system32\swreg.exe
2009-10-21 12:03:27 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-10-21 12:03:27 ----A---- C:\WINDOWS\system32\Process.exe
2009-10-21 12:03:27 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-10-21 12:03:27 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-10-21 10:56:28 ----SHD---- C:\Config.Msi
2009-10-18 19:38:14 ----A---- C:\WINDOWS\system32\Leadtools.Windows.Media.Effects.dll
2009-10-18 19:31:41 ----D---- C:\Program Files\monAlbumPhoto
2009-10-18 19:31:41 ----D---- C:\Documents and Settings\All Users\Application Data\albumphoto
2009-10-15 21:45:07 ----HDC---- C:\WINDOWS$NtUninstallKB958869$
2009-10-15 21:42:23 ----HDC---- C:\WINDOWS$NtUninstallKB969059$
2009-10-15 21:42:17 ----HDC---- C:\WINDOWS$NtUninstallKB954155_WM9$
2009-10-15 21:42:10 ----HDC---- C:\WINDOWS$NtUninstallKB974112$
2009-10-15 21:42:01 ----HDC---- C:\WINDOWS$NtUninstallKB975025$
2009-10-15 21:41:52 ----HDC---- C:\WINDOWS$NtUninstallKB974571$
2009-10-15 21:35:48 ----HDC---- C:\WINDOWS$NtUninstallKB971486$
2009-10-15 21:35:36 ----HDC---- C:\WINDOWS$NtUninstallKB973525$
2009-10-15 21:33:49 ----HDC---- C:\WINDOWS$NtUninstallKB975467$
2009-10-14 21:20:05 ----D---- C:\Documents and Settings\Lionel\Application Data\ExtraFilm
2009-10-14 21:19:20 ----D---- C:\Documents and Settings\All Users\Application Data\ExtraFilm
2009-10-04 20:11:12 ----D---- C:\Program Files\WinASPI
2009-10-04 10:50:08 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-09-28 17:47:15 ----A---- C:\WINDOWS\system32\FeMakro.ini
2009-09-28 17:47:15 ----A---- C:\WINDOWS\system32\FeAnim.ini
2009-09-28 17:40:18 ----A---- C:\WINDOWS\system32\xls.dll
2009-09-28 17:40:14 ----A---- C:\WINDOWS\system32\VB5FR.DLL
2009-09-28 17:40:12 ----A---- C:\WINDOWS\system32\vbar2232.dll
2009-09-28 17:40:12 ----A---- C:\WINDOWS\system32\VB6DE.DLL
2009-09-28 17:40:11 ----A---- C:\WINDOWS\system32\VB5DE.DLL
2009-09-28 17:40:11 ----A---- C:\WINDOWS\system32\VB40032.DLL
2009-09-28 17:40:08 ----A---- C:\WINDOWS\system32\msjter35.dll
2009-09-28 17:40:08 ----A---- C:\WINDOWS\system32\msjter32.dll
2009-09-28 17:40:07 ----A---- C:\WINDOWS\system32\msjt3032.dll
2009-09-28 17:40:07 ----A---- C:\WINDOWS\system32\msjint35.dll
2009-09-28 17:40:06 ----A---- C:\WINDOWS\system32\msjint32.dll
2009-09-28 17:40:06 ----A---- C:\WINDOWS\system32\msjet35.dll
2009-09-28 17:40:01 ----A---- C:\WINDOWS\system32\dao350.dll

======List of files/folders modified in the last 1 months======

2009-10-21 12:27:49 ----D---- C:\Program Files\Trend Micro
2009-10-21 12:27:31 ----D---- C:\WINDOWS\Prefetch
2009-10-21 12:08:37 ----D---- C:\WINDOWS\Temp
2009-10-21 12:03:47 ----D---- C:\WINDOWS\system32
2009-10-21 12:03:47 ----A---- C:\WINDOWS\system32\tmp.txt
2009-10-21 11:11:10 ----D---- C:\Program Files\Mozilla Firefox
2009-10-21 10:56:59 ----SHD---- C:\WINDOWS\Installer
2009-10-21 10:56:59 ----D---- C:\WINDOWS
2009-10-21 10:56:39 ----D---- C:\Program Files\WinZip
2009-10-21 10:56:39 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-10-21 10:54:25 ----D---- C:\Program Files\free-downloads.net
2009-10-21 10:44:56 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-20 22:59:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-18 21:44:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-18 19:31:41 ----D---- C:\Program Files
2009-10-16 19:20:14 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-16 19:20:07 ----RSD---- C:\WINDOWS\assembly
2009-10-15 21:50:13 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-15 21:49:07 ----D---- C:\WINDOWS\WinSxS
2009-10-15 21:45:47 ----HD---- C:\WINDOWS\inf
2009-10-15 21:45:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-15 21:45:37 ----D---- C:\Program Files\Internet Explorer
2009-10-15 21:45:21 ----D---- C:\WINDOWS\ie8updates
2009-10-15 21:45:14 ----HD---- C:\WINDOWS$hf_mig$
2009-10-15 21:45:11 ----A---- C:\WINDOWS\imsins.BAK
2009-10-15 21:41:39 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-15 12:49:50 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-11 12:25:56 ----D---- C:\Documents and Settings\Lionel\Application Data\Azureus
2009-10-11 12:11:56 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-04 20:11:15 ----D---- C:\WINDOWS\system32\drivers
2009-10-04 20:11:12 ----D---- C:\WINDOWS\system
2009-10-04 20:10:59 ----D---- C:\Program Files\AviSynth 2.5
2009-10-04 10:47:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-04 10:46:37 ----D---- C:\Program Files\Windows Live
2009-10-04 10:45:01 ----D---- C:\WINDOWS\system32\DirectX
2009-10-02 20:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-29 09:58:18 ----RSD---- C:\WINDOWS\Fonts
2009-09-29 09:58:06 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-09-29 09:57:09 ----D---- C:\Program Files\Microsoft Works
2009-09-29 09:53:17 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-05-16 26944]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-03-15 43488]
R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-05-16 42912]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2005-06-16 37150]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2002-10-15 12964]
R1 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 9548]
R1 PCLEPCI;PCLEPCI; ??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-24 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-05-16 94416]
R2 Cnxtdiag;Cnxtdiag; C:\WINDOWS\System32\DRIVERS\cnxtdiag.sys [2003-11-24 17776]
R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2005-03-31 38673]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-04 24904]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\fallback.sys [2003-11-24 308947]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\fsksnt.sys [2003-11-24 124285]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\k56nt.sys [2003-11-24 427215]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2003-04-24 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2003-04-24 55936]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\faxnt.sys [2003-11-24 215195]
R2 tmcomm;tmcomm; ??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\tonesnt.sys [2003-11-24 59471]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\v124nt.sys [2003-11-24 540189]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2003-11-21 21504]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-05-16 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-03-03 679936]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\basic2.sys [2003-11-24 76610]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2003-03-28 3840]
R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2004-10-21 54851]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-10-21 71535]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-10-08 22016]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-01-31 47360]
R3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2004-10-08 585824]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\rksample.sys [2003-11-24 67222]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-11-24 585568]
S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2005-03-31 152081]
S1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\system32\drivers\ShldDrv.sys []
S2 PavProc;Panda Process Protection Driver; ??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ComFiltr;Panda Anti-Dialer; ??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2005-03-31 61564]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2005-03-31 8022]
S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2005-03-31 70262]
S3 HDJCtrl;Hercules DJ Control MP3 Service; C:\WINDOWS\System32\Drivers\HDJCtrl.sys []
S3 HDJMidi;Hercules DJ Console MIDI; C:\WINDOWS\system32\DRIVERS\HDJMidi.sys [2007-02-08 39296]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-10-21 24671]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-10-21 38691]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MPUSens;MPUSens; C:\WINDOWS\system32\drivers\MPUSens.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 o1394bul;o1394bul; ??\C:\DOCUME~1\Lionel\LOCALS~1\Temp\o1394bul.sys []
S3 PavSRK.sys;PavSRK.sys; ??\C:\WINDOWS\system32\PavSRK.sys []
S3 PentaxUsb;Pentax Digital Camera on USB; C:\WINDOWS\system32\DRIVERS\CoachUsb.sys []
S3 PIXMCV;JVC Communication PIX-MCV Driver; C:\WINDOWS\System32\Drivers\pixmcvc.sys [2002-09-28 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture; C:\WINDOWS\System32\Drivers\pixmcva.sys [2002-10-03 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture; C:\WINDOWS\System32\Drivers\pixmcvv.sys [2002-11-28 21081]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sony_ssm.sys;sony_ssm.sys; ??\C:\DOCUME~1\Lionel\LOCALS~1\Temp\sony_ssm.sys []
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; ??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbprint;Classe d’imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-06-23 380016]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-05-16 17272]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2004-03-03 397312]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-05-16 144760]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe [2002-07-17 94208]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2006-03-20 221184]
R2 WSearch;Recherche Windows; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-05-16 247160]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-05-16 349560]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-03-03 516096]
S2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;Service d’état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2005-12-11 69120]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2005-03-30 411920]
S3 License Management Service ESD;License Management Service ESD; C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe [2007-12-17 69120]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
et le deuxieme
info.txt logfile of random’s system information tool 1.06 2009-10-21 12:27:54

======Uninstall list======

–>C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
–>C:\Program Files\USBToolbox\setup.exe
–>C:\WINDOWS\UNNeroVision.exe /UNINSTALL
–>C:\WINDOWS\UNNMP.exe /UNINSTALL
–>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 4.0 Sprint–>C:\WINDOWS\bitdeins.exe C:\PROGRA~1\ABBYYF~1.0SP\bitdeins.ini
Ad-Aware SE Personal–>C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0–>C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)–>MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Acrobat Reader 3.01–>C:\WINDOWS\unin040c.exe -fC:\Acrobat3\Reader\DeIsL1.isu
Adobe AIR–>c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR–>MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin–>C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français–>MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player–>C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AnyDVD–>“C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe” /D=“C:\Program Files\SlySoft\AnyDVD”
AOL (France)–>C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
Apple Software Update–>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Greeting Card Creator (Shared Components)–>C:\Program Files\Fichiers communs\element5 Shared\Uninstall\ArcSoft Greeting Card Creator\B2D45000\UninstApplet.exe /uninstall
ArcSoft Greeting Card Creator–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F45C749A-8360-4A44-9EFF-3F51D3981780}\Setup.exe” -l0x40c
ArcSoft PhotoImpression 3.0–>C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\ArcSoft\PhotoImpression\Uninst.isu"
Assistant de connexion Windows Live–>MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Utilitaire de désinstallation du logiciel–>C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe”
ATI Display Driver–>rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe”
avast! Antivirus–>C:\Program Files\Alwil Software\Avast4\aswRunDll.exe “C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll”,RunSetup
AviSynth 2.5–>“C:\Program Files\AviSynth 2.5\Uninstall.exe”
Azureus Vuze–>F:\Azureus\uninstall.exe
Barre d’outils MSN–>C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\fr\mtbs.exe c
CCScore–>MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CloneDVD–>“C:\Program Files\Elaborate Bytes\CloneDVD\CloneDVD-uninst.exe” /D=“C:\Program Files\Elaborate Bytes\CloneDVD”
ConvertXtoDVD 2.1.10.209–>“f:\Program Files\vso\ConvertXtoDVD\unins000.exe”
Correctif pour Lecteur Windows Media 11 (KB939683)–>“C:\WINDOWS$NtUninstallKB939683$\spuninst\spuninst.exe”
Correctif pour Windows Internet Explorer 7 (KB947864)–>“C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe”
Correctif pour Windows XP (KB952287)–>“C:\WINDOWS$NtUninstallKB952287$\spuninst\spuninst.exe”
Correctif pour Windows XP (KB961118)–>“C:\WINDOWS$NtUninstallKB961118$\spuninst\spuninst.exe”
Correctif pour Windows XP (KB970653-v3)–>“C:\WINDOWS$NtUninstallKB970653-v3$\spuninst\spuninst.exe”
EPSON Logiciel imprimante–>C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESSBrwr–>MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK–>MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore–>MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT–>MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSEMAIL–>MsiExec.exe /I{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}
ESSgui–>MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp–>MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini–>MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD–>MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock–>MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC–>MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS–>MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvcpt–>MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
ESSvpaht–>MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot–>MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Extension HighMAT pour l’Assistant Graver un CD de Microsoft Windows XP–>MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
FoxyTunes for Firefox–>“C:\Program Files\Mozilla Firefox\firefox.exe” -chrome foxytunes…
Galerie de photos Windows Live–>MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Goldbarre (C:\Program Files\Goldbarre) #3–>C:\WINDOWS\st6unst.exe -n “C:\Program Files\Goldbarre\ST6UNST.000”
Goldbarre (C:\Program Files\Goldbarre)–>C:\WINDOWS\st6unst.exe -n “C:\Program Files\Goldbarre\ST6UNST.LOG”
HijackThis 2.0.2–>“C:\Program Files\trend micro\HijackThis.exe” /uninstall
HLPIndex–>MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK–>MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPSFO–>MsiExec.exe /I{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)–>C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)–>C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)–>“C:\WINDOWS$NtUninstallKB929399$\spuninst\spuninst.exe”
HP Document Viewer 5.3–>C:\Program Files\Hewlett-Packard\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3–>C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3–>C:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3–>C:\Program Files\Hewlett-Packard\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Product Assistant–>MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 5.3.A–>“C:\Program Files\Hewlett-Packard\Digital Imaging{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe” -datfile hposcr06.dat
HP Solution Center & Imaging Support Tools 5.3–>C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update–>MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
Installation Windows Live–>C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live–>MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
J2SE Runtime Environment 5.0 Update 10–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 4–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 15–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 2–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Junk Mail filter update–>MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
KSU–>MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Language pack for Ad-Aware SE–>C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
Lecteur Windows Media 11–>“C:\Program Files\Windows Media Player\Setup_wm.exe” /Uninstall
LiveUpdate 2.5 (Symantec Corporation)–>C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logiciel Kodak EasyShare–>C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup$SETUP_190007_102f054\Setup.exe /APR-REMOVE
Logiciel QuickCam de Logitech–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe” -l0x40c
Logitech Desktop Messenger–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe” -l0x40c UNINSTALL
Logitech G11 Keyboard Software 1.03–>MsiExec.exe /X{77A1C7DD-E4F6-4057-92FC-710219215987}
Logitech Print Service–>C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech SetPoint–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe” -l0x40c
Macromedia Flash Player 8–>C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Micro Application - Kit CD-DVD Edition Classic–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6EBE515C-0962-4E57-99EF-626565F255B3}\SETUP.EXE” -l0x40c
MicroApp 470 000 Cliparts–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5397D9BC-DD26-4176-BAC4-7132CED81CFF}
Microsoft .NET Framework 1.1 French Language Pack–>MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Security Update (KB953297)–>“C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe” “C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp”
Microsoft .NET Framework 1.1–>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1–>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2–>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2–>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1–>C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1–>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync 3.8–>“C:\WINDOWS\ISUN040C.EXE” -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Choice Guard–>MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP–>“C:\WINDOWS$NtUninstallMSCompPackV1$\spuninst\spuninst.exe”
Microsoft Data Access Components KB870669–>C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs–>“C:\WINDOWS$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe”
Microsoft National Language Support Downlevel APIs–>“C:\WINDOWS$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe”
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-00BA-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office Access MUI (French) 2007–>MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007–>“C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe” /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007–>MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007–>MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007–>MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007–>MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3–>MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (French) 2007–>MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook Connector–>MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007–>MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007–>MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007–>MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007–>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007–>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007–>MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007–>MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007–>MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007–>MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007–>MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Photo Pro Suite 10–>“C:\Program Files\Fichiers communs\Microsoft Shared\Picture It!\RmvSuite.exe” ADDREMOVE=1 SKU=SUITE
Microsoft Search Enhancement Pack–>MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight–>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]–>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)–>MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)–>MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0–>“C:\WINDOWS$NtUninstallWudf01000$\spuninst\spuninst.exe”
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053–>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)–>“C:\WINDOWS$NtUninstallKB959772_WM11$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)–>“C:\WINDOWS$NtUninstallKB952069_WM9$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)–>“C:\WINDOWS$NtUninstallKB954155_WM9$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)–>“C:\WINDOWS$NtUninstallKB968816_WM9$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)–>“C:\WINDOWS$NtUninstallKB973540_WM9$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)–>“C:\WINDOWS$NtUninstallKB911565$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)–>“C:\WINDOWS$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)–>“C:\WINDOWS$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)–>“C:\WINDOWS$NtUninstallKB954154_WM11$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)–>“C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)–>“C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)–>“C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)–>“C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe”
Mise à jour de sécurité pour

cricri58 · Octobre 21, 2009, 11:32

Salut snake074009

Fais dans l ordre ,lis bien et surtout poste les rapports

tu as hijackthis de renommé en Lionel.exe

si tu n as pas sur ton bureau tu vas récupérer ainsi

cliques==>poste de travail ==>afficher le contenu de ce dossier ==>program files ==>afficher le contenu de ce dossier =>ouvre le
dossier " trend Micro ==>puis Hijackthis ==>cliques droit sur l icone d Hijackthis ==> envoyer vers le bureau puis tu refermes tout ==>dans la colonne de gauche en haut==> cliques sur=>masquer le
contenu de ce dossier ==>precedent =>masquer le contenu de ce dossier et tu refermes

aprés

Lances Hijackthis

Cliques sur ==> Do a System Scan Only

coches ces Lignes

[b]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.conduit.com…
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM…\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [LogitechSoftwareUpdate] “C:\Program Files\Logitech\Video\ManifestEngine.exe” boot
O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU…\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - dlm.tools.akamai.com…
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - game12.zylom.com…
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)

[/b]
Fermes tes autres applications sauf ==> hijackthis ( bien sûr )

et Cliques sur ==> Fix Checked

aprés

Clique sur démarrer --> Exécuter --> Tapes ===> cmd

A savoir ==> entre stop et " tu mets un espace tu laisses==>(") de chaque côté du sercice
entre delete et " tu mets un espasce

Dans la fenêtre noire tape

sc stop “Boonty Games” ==>Valide par Entrée

et

sc delete “Boonty Games” ==>Valide par Entrée

Ferme la fenêtre

ensuite

4)Désactives ton antivirus

Télécharge OTM de OldTimer sur le bureau :

==>OTM de OldTimer

Double-clique sur OTM.exe sur le bureau

Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée
Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved

Clique sur MoveIt! pour lancer la suppression.
Ferme OTM

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTM qui se trouve dans C:_OTM\MovedFiles.

Réactives ton antivirus

tu feras aussi

télécharges --> Malwarebytes’ (mbam)

==> Malwarebytes’ (mbam)

installes + mise a jour
et
Redémarre en “Mode sans échec”

tapote sur la touche F8 jusqu’à l’affichage du menu des options avancées de Windows, et sélectionne “Mode sans échec”.
Choisis ta session habituelle

Lances–> Malwarebytes (MBAM)
==> Puis vas dans l’onglet “Recherche”, coche “Exécuter un examen complet” puis “Rechercher”
==> Sélectionnes tes disques durs" puis clique sur “Lancer lexamen”
==> A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
==> Suppression des éléments détectés --> cliques sur Supprimer la sélection==>Important à faire
=> S’il t’ es demandé de redémarrer, clique sur "oui "

aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici

Fais ceci et on fera la suite

@+ cricri58

snake074009 · Octobre 22, 2009, 12:18

Merci de ton aide et de ta patiente
Voici le rapport d’OTM
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Service\Driver Boonty Games not found.
Service\Driver Boonty Games not found.
========== FILES ==========
File/Folder C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe not found.
File/Folder C:\WINDOWS\system32\srvreg.exe not found.
C:\WINDOWS\system32\tmp.txt moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\srvreg not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: barre de taches

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Emmie Durand

User: Lionel
->Temp folder emptied: 53232698 bytes
->Temporary Internet Files folder emptied: 35443142 bytes
->Java cache emptied: 48931867 bytes
->FireFox cache emptied: 119486710 bytes

User: LocalService
->Temp folder emptied: 66284 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 796171 bytes

C:\MSI779e2.tmp folder deleted successfully.
C:\MSI8d62.tmp folder deleted successfully.
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
File delete failed. C:\WINDOWS\S0E1EEED1.tmp scheduled to be deleted on reboot.
%systemroot% .tmp files removed: 1139202 bytes
%systemroot%\System32 .tmp files removed: 3433472 bytes
File delete failed. C:\WINDOWS\temp_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_648.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 3932694 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 254,18 mb

OTM by OldTimer - Version 3.0.0.6 log created on 10222009_100413

Files moved on Reboot…
File move failed. C:\WINDOWS\S0E1EEED1.tmp scheduled to be moved on reboot.
File C:\WINDOWS\temp_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_648.dat not found!

Registry entries deleted on Reboot…
Et celui de malwares
Malwarebytes’ Anti-Malware 1.41
Version de la base de données: 3009
Windows 5.1.2600 Service Pack 3 (Safe Mode)

22/10/2009 12:02:10
malware.txt

Type de recherche: Examen complet (C:|F:|G:|)
Eléments examinés: 242330
Temps écoulé: 1 hour(s), 41 minute(s), 22 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface{2a21e363-25d6-43c4-af76-d04b9681dc62} (Rogue.SpyMaxx) -> No action taken.
HKEY_CLASSES_ROOT\CLSID{5dd8cef7-e063-4f85-a8ef-394912af2a6f} (Rogue.SpyMaxx) -> No action taken.
HKEY_CLASSES_ROOT\Typelib{26b0d0de-6465-493e-94de-9b8e0725c119} (Rogue.SpyMaxx) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www.iesearch.com/) Good: (http://www.Google.com/) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Lionel\Bureau\Programmes d’installation divers\installation.exe (Trojan.Dialer) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM87dc8624.xml (Trojan.Vundo) -> No action taken.
Merci à toi:):)

cricri58 · Octobre 22, 2009, 12:47

salut

Pour Malwarebytes’==> Tu n as rien supprimé ==> tout est en “Quarantaine”

Malwarebytes==>No Action Taken==> tu as tout les M@rdes en “quarantaine”

et j avais marqué ==>Suppression des éléments détectés --> cliques sur Supprimer la sélection–>Important à faire

Fais ceci==> Lis bien ==>important

Lances Malwarebytes
==>cliques sur quarantaine==> selectionnes tout et supprimes tout ok !!
si il te demande de redémarrer ==> redémarre ton PC

refais ce coup çi ==>une analyse Compléte en Mode Normal+ suppressions ( d éventuelles infections) et poste le rapport que j attends

tu feras également aprés

2)Telecharge et installes Ccleaner ==>ne l installes pas si tu l as déja

==>Ccleaner

Une fois sur le bureau, clic sur l’install de CCleaner.
-> Mais avant de cliquer sur le bouton “installer”, décoche toutes les “options supplémentaires”.(install de la barre yahoo,etc…)

–>Ensuite, clique sur “Options”, “Avancé” et décoche la case
–>“Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures”.
–>Clique sur l’onglet “Nettoyeur” puis sur “Lancer le Nettoyage”.
–> Ensuite clique sur l’icone Registre, à droite, clique sur “Chercher des erreurs” puis sur “Réparer les erreurs sélectionnées”.

Accepte la sauvegarde, de la BDR (base de registre )qu’il propose .
Je te conseille de le repasser au moins deux fois,(ou + jusqu’à qu’il ne trouve plus d’erreurs.)

Redémarres ton Pc-

ensuite

Télécharge Blacklight (de F-Secure)

==>Blacklight (de F-Secure)

cliques sur Download à droite

et sauvegarde le sur ton Bureau.

Double-clique fsbl.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ;

clique step1 Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport

une fois ceci fait

télécharge GenProc sur ton bureau

==>[GenProc[/url]]www.alt-shift-return.org…]( [url=http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip)

dézippe le dossier, double-clique sur GenProc.bat

réponds " oui" à la fenêtre qui apparait

http://i37.tinypic.com/34pdf6o.png

poste le contenu du rapport qui s’ouvre

et en dernier pour contrôle

Cliques ==>Démarrer==> Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer l’option : Afficher les fichiers et dossiers cachés
Désactives l’option : Masquer les extensions des fichiers dont le type est connu
Désactives l’option : Masquer les fichiers protégés du système d’exploitation
Puis cliques sur “Appliquer à tous les dossiers”

Si présent ==>supprime ce fichier :

C:\WINDOWS\System32\srvreg.exe

une fois terminé refais le chemin inverse pour masquer

si tu le trouves et que tu n arrives pas à le supprimer ,Redémarre en mode sans échec et supprime ce fichier

tu me confirmes tout ceci et poste les rapports

@+ cricri58