Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo [RESOLVED]

Started by Phil9999 , Sep 23 2008 12:34 PM

  • This topic is locked This topic is locked

#1
Phil9999
Posted 23 September 2008 - 12:34 PM

Phil9999

    New Member

  • Member
  • Pip
  • 9 posts
Good evening,

I have been trying to remove Vundo and other viruses for the last 5 days without success.
It all started when I launched an .exe file that I had scanned.

First of all, the start menu was almost empty, could not access the task manager and Firefox/IE do not let me access any online cleaner...

Here is my last hijack log.

Thanks for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33, on 23/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {149F11BC-D5BF-4491-B94E-C72FB081F35D} - (no file)
O2 - BHO: (no name) - {29584041-FAE1-4E38-BD99-57A6FB61B1B8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {D355A751-C166-4351-8112-0EB0775E1B16} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1064443174-1331414849-1639698294-1008\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User '?')
O4 - HKUS\S-1-5-21-1064443174-1331414849-1639698294-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1064443174-1331414849-1639698294-500\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User 'Administrateur')
O4 - HKUS\S-1-5-21-1064443174-1331414849-1639698294-500\..\RunOnce: [SpybotDeletingB8017] command /c del "C:\WINDOWS\dtseqrxk.dll_tobedeleted_old" (User 'Administrateur')
O4 - Global Startup: customize__IE.lnk = C:\HP\region\customizeIe.wsf
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1211917055031
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll jnwlox.dll
O20 - Winlogon Notify: nnnmkHBu - nnnmkHBu.dll (file missing)
O21 - SSODL: dtseqrxk - {EC26EC56-4EF6-436B-A9A0-C4C902204CC8} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 9304 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 23 September 2008 - 01:00 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
  • 0

#3
Phil9999
Posted 23 September 2008 - 01:55 PM

Phil9999

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for your help.

Here is the log:


--------------------\\ Lop S&D 4.2.4-4 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.50GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
Firewall : BitDefender Firewall 12.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 70 Go Free : 19 Go
D:\ (Local Disk) - FAT32 - Total : 4 Go Free : 1 Go
E:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go
F:\ (CD or DVD)
G:\ (Local Disk) - FAT32 - Total : 298 Go Free : 95 Go
H:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
Option : [1] ( 23/09/2008|21:39 )

--------------------\\ Listing des dossiers dans APPLIC~1

[02/01/2003|14:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[14/10/2005|21:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
[01/05/2004|14:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft
[09/12/2003|23:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Canon
[23/09/2003|15:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Copernic
[23/12/2005|20:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[18/09/2003|23:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[02/01/2003|13:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[02/01/2003|14:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust
[20/10/2003|09:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterVideo
[14/01/2004|00:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Leadertech
[18/09/2003|21:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[02/01/2003|14:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[26/02/2005|11:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft Web Folders
[06/05/2004|23:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[30/12/2005|20:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
[18/03/2004|22:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Nikon
[06/07/2004|22:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[02/01/2003|14:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[09/12/2003|23:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\ScanSoft
[02/01/2003|14:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
[10/05/2004|23:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\SpamPal
[01/01/2003|18:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[19/09/2003|16:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\VERITAS

[19/09/2008|22:19] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Adobe
[17/08/2006|21:34] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\AdobeAUM
[29/06/2006|07:17] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\AdobeUM
[06/01/2006|00:31] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Ahead
[04/09/2008|00:28] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Apple Computer
[12/07/2006|21:54] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\ArcSoft
[06/01/2006|10:02] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\AVG7
[09/12/2003|23:07] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Canon
[13/12/2006|23:55] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\ConvertTemp
[23/09/2003|15:06] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Copernic
[07/01/2007|19:54] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\ESTsoft
[23/12/2005|20:15] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Google
[18/09/2003|23:45] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Help
[02/01/2003|13:45] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Identities
[02/01/2003|14:37] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\InterTrust
[20/10/2003|09:19] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\InterVideo
[07/01/2006|01:56] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Jetico Personal Firewall
[30/12/2006|19:01] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Lavasoft
[14/01/2004|00:12] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Leadertech
[18/09/2003|21:51] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Macromedia
[02/01/2003|14:58] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Microsoft
[26/02/2005|11:49] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Microsoft Web Folders
[19/09/2008|22:15] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Mozilla
[15/01/2006|17:32] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\MSN6
[04/02/2006|20:17] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\MSNInstaller
[18/03/2004|22:01] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Nikon
[03/01/2006|10:18] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\PC Tools
[06/07/2004|22:25] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Real
[02/01/2003|14:44] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\SampleView
[13/12/2006|00:56] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Samsung
[09/12/2003|23:10] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\ScanSoft
[02/01/2003|14:36] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Sonic
[10/05/2004|23:01] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\SpamPal
[11/01/2006|00:08] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Sun
[01/01/2003|18:42] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Symantec
[06/05/2006|22:34] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\TaoUSign
[13/12/2006|23:43] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Temporary
[13/12/2006|00:59] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\TransRender
[19/09/2003|16:35] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\VERITAS

[27/05/2008|22:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[20/11/2005|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[04/09/2008|00:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[04/09/2008|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[14/09/2008|22:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[21/09/2008|02:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
[14/01/2006|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[10/09/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CopyTransControlCenter
[07/03/2007|00:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESTsoft
[26/12/2007|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
[16/06/2004|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[21/09/2008|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[01/01/2003|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[03/03/2005|00:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[02/01/2003|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[26/02/2005|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[11/12/2003|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[14/05/2005|01:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
[29/05/2008|21:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[20/09/2008|00:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[09/12/2003|23:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[09/12/2003|23:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[01/01/2003|18:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[22/09/2008|09:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

[02/01/2003|14:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[17/08/2006|21:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AdobeAUM
[29/06/2006|07:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AdobeUM
[06/01/2006|00:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Ahead
[04/09/2008|00:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[12/07/2006|21:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ArcSoft
[06/01/2006|10:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AVG7
[09/12/2003|23:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Canon
[13/12/2006|23:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ConvertTemp
[23/09/2003|15:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Copernic
[07/01/2007|19:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ESTsoft
[23/12/2005|20:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
[18/09/2003|23:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Help
[02/01/2003|13:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/01/2003|14:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
[20/10/2003|09:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterVideo
[07/01/2006|01:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jetico Personal Firewall
[30/12/2006|19:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Lavasoft
[14/01/2004|00:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Leadertech
[18/09/2003|21:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[02/01/2003|14:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[26/02/2005|11:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft Web Folders
[04/01/2006|00:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Mozilla
[15/01/2006|17:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\MSN6
[04/02/2006|20:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\MSNInstaller
[18/03/2004|22:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Nikon
[03/01/2006|10:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\PC Tools
[06/07/2004|22:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[02/01/2003|14:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[13/12/2006|00:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Samsung
[09/12/2003|23:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ScanSoft
[02/01/2003|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[10/05/2004|23:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SpamPal
[11/01/2006|00:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[01/01/2003|18:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[06/05/2006|22:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\TaoUSign
[13/12/2006|23:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Temporary
[13/12/2006|00:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\TransRender
[19/09/2003|16:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\VERITAS

[21/12/2006|19:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[30/05/2008|19:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[30/05/2008|19:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[02/01/2003|14:37] C:\DOCUME~1\Philippe\APPLIC~1\Adobe
[17/08/2006|21:34] C:\DOCUME~1\Philippe\APPLIC~1\AdobeAUM
[29/06/2006|07:17] C:\DOCUME~1\Philippe\APPLIC~1\AdobeUM
[06/01/2006|00:31] C:\DOCUME~1\Philippe\APPLIC~1\Ahead
[04/09/2008|00:28] C:\DOCUME~1\Philippe\APPLIC~1\Apple Computer
[12/07/2006|21:54] C:\DOCUME~1\Philippe\APPLIC~1\ArcSoft
[06/01/2006|10:02] C:\DOCUME~1\Philippe\APPLIC~1\AVG7
[09/12/2003|23:07] C:\DOCUME~1\Philippe\APPLIC~1\Canon
[13/12/2006|23:55] C:\DOCUME~1\Philippe\APPLIC~1\ConvertTemp
[23/09/2003|15:06] C:\DOCUME~1\Philippe\APPLIC~1\Copernic
[07/01/2007|19:54] C:\DOCUME~1\Philippe\APPLIC~1\ESTsoft
[23/12/2005|20:15] C:\DOCUME~1\Philippe\APPLIC~1\Google
[18/09/2003|23:45] C:\DOCUME~1\Philippe\APPLIC~1\Help
[02/01/2003|13:45] C:\DOCUME~1\Philippe\APPLIC~1\Identities
[02/01/2003|14:37] C:\DOCUME~1\Philippe\APPLIC~1\InterTrust
[20/10/2003|09:19] C:\DOCUME~1\Philippe\APPLIC~1\InterVideo
[07/01/2006|01:56] C:\DOCUME~1\Philippe\APPLIC~1\Jetico Personal Firewall
[30/12/2006|19:01] C:\DOCUME~1\Philippe\APPLIC~1\Lavasoft
[14/01/2004|00:12] C:\DOCUME~1\Philippe\APPLIC~1\Leadertech
[18/09/2003|21:51] C:\DOCUME~1\Philippe\APPLIC~1\Macromedia
[02/01/2003|14:58] C:\DOCUME~1\Philippe\APPLIC~1\Microsoft
[26/02/2005|11:49] C:\DOCUME~1\Philippe\APPLIC~1\Microsoft Web Folders
[04/01/2006|00:36] C:\DOCUME~1\Philippe\APPLIC~1\Mozilla
[15/01/2006|17:32] C:\DOCUME~1\Philippe\APPLIC~1\MSN6
[04/02/2006|20:17] C:\DOCUME~1\Philippe\APPLIC~1\MSNInstaller
[18/03/2004|22:01] C:\DOCUME~1\Philippe\APPLIC~1\Nikon
[03/01/2006|10:18] C:\DOCUME~1\Philippe\APPLIC~1\PC Tools
[06/07/2004|22:25] C:\DOCUME~1\Philippe\APPLIC~1\Real
[02/01/2003|14:44] C:\DOCUME~1\Philippe\APPLIC~1\SampleView
[13/12/2006|00:56] C:\DOCUME~1\Philippe\APPLIC~1\Samsung
[09/12/2003|23:10] C:\DOCUME~1\Philippe\APPLIC~1\ScanSoft
[02/01/2003|14:36] C:\DOCUME~1\Philippe\APPLIC~1\Sonic
[10/05/2004|23:01] C:\DOCUME~1\Philippe\APPLIC~1\SpamPal
[11/01/2006|00:08] C:\DOCUME~1\Philippe\APPLIC~1\Sun
[01/01/2003|18:42] C:\DOCUME~1\Philippe\APPLIC~1\Symantec
[06/05/2006|22:34] C:\DOCUME~1\Philippe\APPLIC~1\TaoUSign
[13/12/2006|23:43] C:\DOCUME~1\Philippe\APPLIC~1\Temporary
[13/12/2006|00:59] C:\DOCUME~1\Philippe\APPLIC~1\TransRender
[19/09/2003|16:35] C:\DOCUME~1\Philippe\APPLIC~1\VERITAS

[27/05/2008|23:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[17/08/2006|21:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeAUM
[29/06/2006|07:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
[06/01/2006|00:31] C:\DOCUME~1\PROPRI~1\APPLIC~1\Ahead
[11/09/2008|01:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\Apple Computer
[12/07/2006|21:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\ArcSoft
[21/09/2008|02:24] C:\DOCUME~1\PROPRI~1\APPLIC~1\BitDefender
[21/03/2008|13:11] C:\DOCUME~1\PROPRI~1\APPLIC~1\Canon
[13/12/2006|23:55] C:\DOCUME~1\PROPRI~1\APPLIC~1\ConvertTemp
[23/09/2003|15:06] C:\DOCUME~1\PROPRI~1\APPLIC~1\Copernic
[10/09/2008|22:38] C:\DOCUME~1\PROPRI~1\APPLIC~1\CopyTrans
[10/09/2008|22:36] C:\DOCUME~1\PROPRI~1\APPLIC~1\CopyTransControlCenter
[23/12/2007|19:45] C:\DOCUME~1\PROPRI~1\APPLIC~1\DivX
[07/03/2007|00:58] C:\DOCUME~1\PROPRI~1\APPLIC~1\ESTsoft
[21/09/2008|02:14] C:\DOCUME~1\PROPRI~1\APPLIC~1\Flock
[23/12/2005|20:15] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
[18/09/2003|23:45] C:\DOCUME~1\PROPRI~1\APPLIC~1\Help
[02/01/2003|13:45] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[29/05/2008|21:33] C:\DOCUME~1\PROPRI~1\APPLIC~1\InstallShield
[02/01/2003|14:37] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterTrust
[20/10/2003|09:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterVideo
[07/01/2006|01:56] C:\DOCUME~1\PROPRI~1\APPLIC~1\Jetico Personal Firewall
[30/12/2006|19:01] C:\DOCUME~1\PROPRI~1\APPLIC~1\Lavasoft
[14/01/2004|00:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Leadertech
[18/09/2003|21:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[21/09/2008|11:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\Malwarebytes
[27/08/2008|22:38] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[26/02/2005|11:49] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft Web Folders
[06/09/2008|19:26] C:\DOCUME~1\PROPRI~1\APPLIC~1\Mozilla
[15/01/2006|17:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\MSN6
[04/02/2006|20:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\MSNInstaller
[18/03/2004|22:01] C:\DOCUME~1\PROPRI~1\APPLIC~1\Nikon
[03/01/2006|10:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\PC Tools
[06/07/2004|22:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real
[20/09/2008|09:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\RegClean
[02/01/2003|14:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\SampleView
[18/08/2008|22:27] C:\DOCUME~1\PROPRI~1\APPLIC~1\Samsung
[09/12/2003|23:10] C:\DOCUME~1\PROPRI~1\APPLIC~1\ScanSoft
[15/09/2008|09:28] C:\DOCUME~1\PROPRI~1\APPLIC~1\Simply Super Software
[02/01/2003|14:36] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sonic
[10/05/2004|23:01] C:\DOCUME~1\PROPRI~1\APPLIC~1\SpamPal
[09/09/2008|23:00] C:\DOCUME~1\PROPRI~1\APPLIC~1\streamripper
[11/01/2006|00:08] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[01/01/2003|18:42] C:\DOCUME~1\PROPRI~1\APPLIC~1\Symantec
[06/05/2006|22:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\TaoUSign
[13/12/2006|23:43] C:\DOCUME~1\PROPRI~1\APPLIC~1\Temporary
[15/09/2008|08:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\TmpRecentIcons
[13/12/2006|00:59] C:\DOCUME~1\PROPRI~1\APPLIC~1\TransRender
[19/09/2003|16:35] C:\DOCUME~1\PROPRI~1\APPLIC~1\VERITAS
[17/11/2007|20:05] C:\DOCUME~1\PROPRI~1\APPLIC~1\WinRAR


--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[23/09/2008 21:19][--a------] C:\WINDOWS\tasks\Connexion facile … Internet.job
[22/01/2003 06:58][-rah-----] C:\WINDOWS\tasks\desktop.ini
[22/09/2008 09:11][--ah-----] C:\WINDOWS\tasks\SA.DAT

--------------------\\ Listing des dossiers dans C:\Program Files

[27/05/2008|22:28] C:\Program Files\Adobe
[11/03/2007|20:26] C:\Program Files\Ahead
[04/09/2008|01:00] C:\Program Files\Apple Software Update
[20/09/2006|22:29] C:\Program Files\ArcSoft
[20/09/2008|19:44] C:\Program Files\a-squared Free
[18/09/2003|21:11] C:\Program Files\ATI Technologies
[08/07/2008|20:21] C:\Program Files\Avanquest update
[30/05/2008|19:17] C:\Program Files\AVG
[20/09/2008|16:21] C:\Program Files\AxBx
[21/09/2008|02:23] C:\Program Files\BitDefender
[28/07/2008|23:09] C:\Program Files\BitLord
[04/09/2008|01:04] C:\Program Files\Bonjour
[16/06/2004|20:53] C:\Program Files\BoontyGames
[03/01/2006|00:14] C:\Program Files\Canon
[05/02/2006|22:30] C:\Program Files\caws
[05/01/2006|00:20] C:\Program Files\CCleaner
[19/09/2005|00:10] C:\Program Files\CDBurnerXP Pro 3
[27/11/2004|19:13] C:\Program Files\Clic d'Api Nø18
[14/01/2004|22:59] C:\Program Files\Clic d'Api Nø18(2)
[19/11/2006|18:25] C:\Program Files\Clic d'Api Nø19
[04/07/2006|17:47] C:\Program Files\Clic d'Api Nø20
[30/04/2006|11:41] C:\Program Files\Clic d'Api Nø21
[31/05/2008|00:55] C:\Program Files\DAEMON Tools
[04/10/2003|18:08] C:\Program Files\Disney Interactive
[14/06/2008|06:56] C:\Program Files\DivX
[18/09/2005|23:48] C:\Program Files\DivX Video Duplicator
[28/01/2007|21:29] C:\Program Files\D-Tools
[13/07/2005|19:07] C:\Program Files\DV 5700
[19/08/2008|09:19] C:\Program Files\Easy Internet signup
[22/02/2007|23:32] C:\Program Files\eMule
[07/03/2007|00:58] C:\Program Files\ESTsoft
[21/09/2008|02:17] C:\Program Files\Fichiers communs
[21/09/2008|02:18] C:\Program Files\Flock
[18/09/2005|22:12] C:\Program Files\Gabest
[20/12/2007|23:07] C:\Program Files\Google
[30/05/2008|19:18] C:\Program Files\Grisoft
[06/01/2006|09:05] C:\Program Files\HJT
[28/04/2005|23:35] C:\Program Files\IncrediMail
[29/05/2008|21:34] C:\Program Files\InstallShield Installation Information
[03/11/2005|18:46] C:\Program Files\InterActual
[17/08/2008|03:05] C:\Program Files\Internet Explorer
[02/01/2003|14:34] C:\Program Files\InterVideo
[01/09/2008|17:37] C:\Program Files\Iomega
[04/09/2008|01:05] C:\Program Files\iPod
[04/09/2008|01:05] C:\Program Files\iTunes
[09/07/2008|22:10] C:\Program Files\Java
[20/04/2005|22:29] C:\Program Files\Kit ADSL
[30/12/2006|19:01] C:\Program Files\Lavasoft
[14/01/2006|20:18] C:\Program Files\LIVEUPDATE
[11/03/2007|19:32] C:\Program Files\LucasArts
[21/09/2008|11:17] C:\Program Files\Malwarebytes' Anti-Malware
[22/04/2004|09:48] C:\Program Files\Matroska Pack
[27/08/2008|23:25] C:\Program Files\messenger
[15/10/2007|22:35] C:\Program Files\Microsoft ActiveSync
[16/10/2005|17:16] C:\Program Files\Microsoft Encarta
[28/03/2007|21:08] C:\Program Files\microsoft frontpage
[26/11/2003|00:12] C:\Program Files\Microsoft Games
[01/01/2003|19:20] C:\Program Files\Microsoft Office
[01/01/2003|19:21] C:\Program Files\Microsoft Visual Studio
[01/01/2003|19:24] C:\Program Files\Microsoft Works
[14/04/2004|11:08] C:\Program Files\Mindscape
[14/01/2006|20:22] C:\Program Files\mobile PhoneTools
[14/01/2006|20:23] C:\Program Files\Motorola Phone Tools
[27/08/2008|23:16] C:\Program Files\Movie Maker
[22/09/2008|21:34] C:\Program Files\Mozilla Firefox
[04/01/2006|00:31] C:\Program Files\mozilla.org
[27/08/2008|22:37] C:\Program Files\MSECACHE
[02/01/2003|13:41] C:\Program Files\MSN
[27/12/2005|16:52] C:\Program Files\MSN Apps
[02/01/2003|13:41] C:\Program Files\MSN Gaming Zone
[27/08/2008|23:58] C:\Program Files\MSN Messenger
[30/05/2008|19:21] C:\Program Files\MSXML 4.0
[19/09/2003|16:16] C:\Program Files\MuseTools
[21/09/2008|17:31] C:\Program Files\Navilog1
[09/09/2008|23:43] C:\Program Files\NCH Swift Sound
[27/08/2008|23:08] C:\Program Files\NetMeeting
[20/09/2006|22:36] C:\Program Files\Nikon
[27/09/2007|22:21] C:\Program Files\nLite
[04/03/2007|01:33] C:\Program Files\Norton AntiVirus
[27/08/2008|23:08] C:\Program Files\Outlook Express
[08/10/2005|17:49] C:\Program Files\QSuite
[06/09/2008|18:54] C:\Program Files\QuickTime
[07/03/2007|01:13] C:\Program Files\QuickZip4
[06/07/2004|22:23] C:\Program Files\Real
[02/01/2003|14:36] C:\Program Files\RecordNow
[18/08/2008|23:17] C:\Program Files\RegCleaner
[04/09/2008|00:15] C:\Program Files\Registry Mechanic
[18/08/2008|22:26] C:\Program Files\Samsung
[09/12/2003|23:09] C:\Program Files\ScanSoft
[02/01/2003|14:51] C:\Program Files\Services en ligne
[03/03/2007|23:40] C:\Program Files\SiSLan
[26/10/2005|00:46] C:\Program Files\SlySoft
[26/02/2005|11:55] C:\Program Files\Snapshot Viewer
[29/05/2008|21:34] C:\Program Files\Sony Ericsson
[11/05/2004|09:57] C:\Program Files\SpamPal
[20/09/2008|00:49] C:\Program Files\Spybot - Search & Destroy
[05/10/2003|20:55] C:\Program Files\Star Downloader
[20/09/2008|19:44] C:\Program Files\StreamCast
[09/09/2008|23:05] C:\Program Files\Streamripper
[16/03/2005|22:40] C:\Program Files\SuperLink
[04/03/2007|01:32] C:\Program Files\Symantec
[03/11/2005|18:47] C:\Program Files\Synchro Arts Ltd
[20/09/2008|00:49] C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[26/10/2003|19:32] C:\Program Files\The Learning Company
[22/04/2004|20:27] C:\Program Files\Torrent Search
[21/09/2008|19:03] C:\Program Files\Trend Micro
[04/03/2007|19:33] C:\Program Files\Trojan Remover
[02/10/2003|21:02] C:\Program Files\TryMedia
[02/01/2003|13:48] C:\Program Files\Uninstall Information
[15/10/2007|23:22] C:\Program Files\ViaMichelin
[01/04/2005|07:54] C:\Program Files\Vodei
[18/09/2003|21:39] C:\Program Files\Wanadoo
[27/09/2004|22:12] C:\Program Files\WAV to MP3 Encoder
[18/09/2005|22:22] C:\Program Files\WinASPI
[27/08/2008|22:38] C:\Program Files\Windows Installer Clean Up
[27/08/2008|23:17] C:\Program Files\Windows Media Player
[27/08/2008|23:08] C:\Program Files\Windows NT
[04/03/2007|01:38] C:\Program Files\WindowsUpdate
[10/09/2008|22:36] C:\Program Files\WindSolutions
[10/06/2008|01:12] C:\Program Files\WinRAR
[28/01/2006|19:12] C:\Program Files\WLAN
[02/01/2003|13:45] C:\Program Files\xerox
[09/09/2008|23:19] C:\Program Files\Xi
[31/03/2004|00:47] C:\Program Files\XviD
[04/01/2006|00:28] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[27/05/2008|22:29] C:\Program Files\Fichiers communs\Adobe
[08/10/2005|17:44] C:\Program Files\Fichiers communs\Ahead
[04/09/2008|00:59] C:\Program Files\Fichiers communs\Apple
[21/09/2008|02:23] C:\Program Files\Fichiers communs\BitDefender
[23/09/2003|15:06] C:\Program Files\Fichiers communs\Copernic
[01/01/2003|19:21] C:\Program Files\Fichiers communs\Designer
[29/02/2008|00:35] C:\Program Files\Fichiers communs\InstallShield
[10/04/2007|23:02] C:\Program Files\Fichiers communs\Java
[16/06/2004|20:53] C:\Program Files\Fichiers communs\Macrovision Shared
[29/05/2008|21:45] C:\Program Files\Fichiers communs\Microsoft Shared
[06/05/2004|23:02] C:\Program Files\Fichiers communs\mozilla.org
[02/01/2003|13:42] C:\Program Files\Fichiers communs\MSSoap
[20/09/2006|22:30] C:\Program Files\Fichiers communs\Nikon
[12/06/2004|02:05] C:\Program Files\Fichiers communs\nnnfcbpd
[02/01/2003|13:38] C:\Program Files\Fichiers communs\ODBC
[06/07/2004|22:23] C:\Program Files\Fichiers communs\Real
[03/01/2006|00:15] C:\Program Files\Fichiers communs\ScanSoft Shared
[04/03/2007|06:17] C:\Program Files\Fichiers communs\Services
[02/01/2003|14:36] C:\Program Files\Fichiers communs\Sonic
[02/01/2003|13:38] C:\Program Files\Fichiers communs\SpeechEngines
[22/09/2008|09:12] C:\Program Files\Fichiers communs\Symantec Shared
[27/08/2008|23:08] C:\Program Files\Fichiers communs\System
[20/10/2003|09:40] C:\Program Files\Fichiers communs\Wise Installation Wizard
[06/07/2004|22:23] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 44 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 71 [ 70 ## added by CiD ]

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 21:42:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\RCdJRqss.ini
C:\WINDOWS\system32\RCdJRqss.ini2
==> VUNDO <==

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]



[F:151][D:0]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[F:5][D:0]-> C:\DOCUME~1\PROPRI~1\Cookies
[F:75][D:5]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 23/09/2008|21:51 - Option : [1]

--------------------\\ Fin du rapport a 21:51:40
  • 0

#4
Rorschach112
Posted 23 September 2008 - 02:01 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe
livesrv.exe
vsserv.exe
a2service.exe
avgwdsvc.exe
avgrsx.exe
avgemc.exe
bdagent.exe
seccenter.exe

:Files
C:\Program Files\BoontyGames
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
C:\WINDOWS\system32\RCdJRqss.ini
C:\WINDOWS\system32\RCdJRqss.ini2

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#5
Phil9999
Posted 23 September 2008 - 02:35 PM

Phil9999

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here is the Lop.

Combofix to come

Thanks.











Error: Unable to interpret < --------------------\\ Lop S&D 4.2.4-4 XP/Vista> in the current context!
Error: Unable to interpret < Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3> in the current context!
Error: Unable to interpret < X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.50GHz )> in the current context!
Error: Unable to interpret < BIOS : Phoenix - AwardBIOS v6.00PG> in the current context!
Error: Unable to interpret < USER : Propriétaire ( Administrator )> in the current context!
Error: Unable to interpret < BOOT : Normal boot> in the current context!
Error: Unable to interpret < Antivirus : AVG Anti-Virus Free 8.0 (Activated)> in the current context!
Error: Unable to interpret < Firewall : BitDefender Firewall 12.0 (Not Activated)> in the current context!
Error: Unable to interpret < A:\ (USB)> in the current context!
Error: Unable to interpret < C:\ (Local Disk) - NTFS - Total : 70 Go Free : 19 Go> in the current context!
Error: Unable to interpret < D:\ (Local Disk) - FAT32 - Total : 4 Go Free : 1 Go> in the current context!
Error: Unable to interpret < E:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go> in the current context!
Error: Unable to interpret < F:\ (CD or DVD)> in the current context!
Error: Unable to interpret < G:\ (Local Disk) - FAT32 - Total : 298 Go Free : 95 Go> in the current context!
Error: Unable to interpret < H:\ (CD or DVD)> in the current context!
Error: Unable to interpret < "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )> in the current context!
Error: Unable to interpret < Option : [1] ( 23/09/2008|21:39 )> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < --------------------\\ Listing des dossiers dans APPLIC~1 > in the current context!
Error: Unable to interpret < [02/01/2003|14:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe> in the current context!
Error: Unable to interpret < [14/10/2005|21:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead> in the current context!
Error: Unable to interpret < [01/05/2004|14:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft> in the current context!
Error: Unable to interpret < [09/12/2003|23:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Canon> in the current context!
Error: Unable to interpret < [23/09/2003|15:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Copernic> in the current context!
Error: Unable to interpret < [23/12/2005|20:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google> in the current context!
Error: Unable to interpret < [18/09/2003|23:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help> in the current context!
Error: Unable to interpret < [02/01/2003|13:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities> in the current context!
Error: Unable to interpret < [02/01/2003|14:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterTrust> in the current context!
Error: Unable to interpret < [20/10/2003|09:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterVideo> in the current context!
Error: Unable to interpret < [14/01/2004|00:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Leadertech> in the current context!
Error: Unable to interpret < [18/09/2003|21:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia> in the current context!
Error: Unable to interpret < [02/01/2003|14:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft> in the current context!
Error: Unable to interpret < [26/02/2005|11:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft Web Folders> in the current context!
Error: Unable to interpret < [06/05/2004|23:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla> in the current context!
Error: Unable to interpret < [30/12/2005|20:52] C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6> in the current context!
Error: Unable to interpret < [18/03/2004|22:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\Nikon> in the current context!
Error: Unable to interpret < [06/07/2004|22:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real> in the current context!
Error: Unable to interpret < [02/01/2003|14:44] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView> in the current context!
Error: Unable to interpret < [09/12/2003|23:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\ScanSoft> in the current context!
Error: Unable to interpret < [02/01/2003|14:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic> in the current context!
Error: Unable to interpret < [10/05/2004|23:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\SpamPal> in the current context!
Error: Unable to interpret < [01/01/2003|18:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec> in the current context!
Error: Unable to interpret < [19/09/2003|16:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\VERITAS> in the current context!
Error: Unable to interpret < [19/09/2008|22:19] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Adobe> in the current context!
Error: Unable to interpret < [17/08/2006|21:34] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\AdobeAUM> in the current context!
Error: Unable to interpret < [29/06/2006|07:17] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\AdobeUM> in the current context!
Error: Unable to interpret < [06/01/2006|00:31] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Ahead> in the current context!
Error: Unable to interpret < [04/09/2008|00:28] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Apple Computer> in the current context!
Error: Unable to interpret < [12/07/2006|21:54] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\ArcSoft> in the current context!
Error: Unable to interpret < [06/01/2006|10:02] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\AVG7> in the current context!
Error: Unable to interpret < [09/12/2003|23:07] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Canon> in the current context!
Error: Unable to interpret < [13/12/2006|23:55] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\ConvertTemp> in the current context!
Error: Unable to interpret < [23/09/2003|15:06] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Copernic> in the current context!
Error: Unable to interpret < [07/01/2007|19:54] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\ESTsoft> in the current context!
Error: Unable to interpret < [23/12/2005|20:15] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Google> in the current context!
Error: Unable to interpret < [18/09/2003|23:45] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Help> in the current context!
Error: Unable to interpret < [02/01/2003|13:45] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Identities> in the current context!
Error: Unable to interpret < [02/01/2003|14:37] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\InterTrust> in the current context!
Error: Unable to interpret < [20/10/2003|09:19] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\InterVideo> in the current context!
Error: Unable to interpret < [07/01/2006|01:56] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Jetico Personal Firewall> in the current context!
Error: Unable to interpret < [30/12/2006|19:01] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Lavasoft> in the current context!
Error: Unable to interpret < [14/01/2004|00:12] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Leadertech> in the current context!
Error: Unable to interpret < [18/09/2003|21:51] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Macromedia> in the current context!
Error: Unable to interpret < [02/01/2003|14:58] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Microsoft> in the current context!
Error: Unable to interpret < [26/02/2005|11:49] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Microsoft Web Folders> in the current context!
Error: Unable to interpret < [19/09/2008|22:15] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Mozilla> in the current context!
Error: Unable to interpret < [15/01/2006|17:32] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\MSN6> in the current context!
Error: Unable to interpret < [04/02/2006|20:17] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\MSNInstaller> in the current context!
Error: Unable to interpret < [18/03/2004|22:01] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Nikon> in the current context!
Error: Unable to interpret < [03/01/2006|10:18] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\PC Tools> in the current context!
Error: Unable to interpret < [06/07/2004|22:25] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Real> in the current context!
Error: Unable to interpret < [02/01/2003|14:44] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\SampleView> in the current context!
Error: Unable to interpret < [13/12/2006|00:56] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Samsung> in the current context!
Error: Unable to interpret < [09/12/2003|23:10] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\ScanSoft> in the current context!
Error: Unable to interpret < [02/01/2003|14:36] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Sonic> in the current context!
Error: Unable to interpret < [10/05/2004|23:01] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\SpamPal> in the current context!
Error: Unable to interpret < [11/01/2006|00:08] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Sun> in the current context!
Error: Unable to interpret < [01/01/2003|18:42] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Symantec> in the current context!
Error: Unable to interpret < [06/05/2006|22:34] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\TaoUSign> in the current context!
Error: Unable to interpret < [13/12/2006|23:43] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\Temporary> in the current context!
Error: Unable to interpret < [13/12/2006|00:59] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\TransRender> in the current context!
Error: Unable to interpret < [19/09/2003|16:35] C:\DOCUME~1\ADMINI~1.NOM\APPLIC~1\VERITAS> in the current context!
Error: Unable to interpret < [27/05/2008|22:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe> in the current context!
Error: Unable to interpret < [20/11/2005|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead> in the current context!
Error: Unable to interpret < [04/09/2008|00:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple> in the current context!
Error: Unable to interpret < [04/09/2008|00:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer> in the current context!
Error: Unable to interpret < [14/09/2008|22:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8> in the current context!
Error: Unable to interpret < [21/09/2008|02:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender> in the current context!
Error: Unable to interpret < [14/01/2006|20:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software> in the current context!
Error: Unable to interpret < [10/09/2008|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CopyTransControlCenter> in the current context!
Error: Unable to interpret < [07/03/2007|00:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESTsoft> in the current context!
Error: Unable to interpret < [26/12/2007|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data> in the current context!
Error: Unable to interpret < [16/06/2004|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision> in the current context!
Error: Unable to interpret < [21/09/2008|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes> in the current context!
Error: Unable to interpret < [01/01/2003|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft> in the current context!
Error: Unable to interpret < [03/03/2005|00:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6> in the current context!
Error: Unable to interpret < [02/01/2003|13:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI> in the current context!
Error: Unable to interpret < [26/02/2005|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT> in the current context!
Error: Unable to interpret < [11/12/2003|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft> in the current context!
Error: Unable to interpret < [14/05/2005|01:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan> in the current context!
Error: Unable to interpret < [29/05/2008|21:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson> in the current context!
Error: Unable to interpret < [20/09/2008|00:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy> in the current context!
Error: Unable to interpret < [09/12/2003|23:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir> in the current context!
Error: Unable to interpret < [09/12/2003|23:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard> in the current context!
Error: Unable to interpret < [01/01/2003|18:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec> in the current context!
Error: Unable to interpret < [22/09/2008|09:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP> in the current context!
Error: Unable to interpret < [02/01/2003|14:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe> in the current context!
Error: Unable to interpret < [17/08/2006|21:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AdobeAUM> in the current context!
Error: Unable to interpret < [29/06/2006|07:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AdobeUM> in the current context!
Error: Unable to interpret < [06/01/2006|00:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Ahead> in the current context!
Error: Unable to interpret < [04/09/2008|00:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer> in the current context!
Error: Unable to interpret < [12/07/2006|21:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ArcSoft> in the current context!
Error: Unable to interpret < [06/01/2006|10:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\AVG7> in the current context!
Error: Unable to interpret < [09/12/2003|23:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Canon> in the current context!
Error: Unable to interpret < [13/12/2006|23:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ConvertTemp> in the current context!
Error: Unable to interpret < [23/09/2003|15:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Copernic> in the current context!
Error: Unable to interpret < [07/01/2007|19:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ESTsoft> in the current context!
Error: Unable to interpret < [23/12/2005|20:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google> in the current context!
Error: Unable to interpret < [18/09/2003|23:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Help> in the current context!
Error: Unable to interpret < [02/01/2003|13:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities> in the current context!
Error: Unable to interpret < [02/01/2003|14:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust> in the current context!
Error: Unable to interpret < [20/10/2003|09:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterVideo> in the current context!
Error: Unable to interpret < [07/01/2006|01:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jetico Personal Firewall> in the current context!
Error: Unable to interpret < [30/12/2006|19:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Lavasoft> in the current context!
Error: Unable to interpret < [14/01/2004|00:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Leadertech> in the current context!
Error: Unable to interpret < [18/09/2003|21:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia> in the current context!
Error: Unable to interpret < [02/01/2003|14:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft> in the current context!
Error: Unable to interpret < [26/02/2005|11:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft Web Folders> in the current context!
Error: Unable to interpret < [04/01/2006|00:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Mozilla> in the current context!
Error: Unable to interpret < [15/01/2006|17:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\MSN6> in the current context!
Error: Unable to interpret < [04/02/2006|20:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\MSNInstaller> in the current context!
Error: Unable to interpret < [18/03/2004|22:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Nikon> in the current context!
Error: Unable to interpret < [03/01/2006|10:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\PC Tools> in the current context!
Error: Unable to interpret < [06/07/2004|22:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real> in the current context!
Error: Unable to interpret < [02/01/2003|14:44] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView> in the current context!
Error: Unable to interpret < [13/12/2006|00:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Samsung> in the current context!
Error: Unable to interpret < [09/12/2003|23:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ScanSoft> in the current context!
Error: Unable to interpret < [02/01/2003|14:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic> in the current context!
Error: Unable to interpret < [10/05/2004|23:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SpamPal> in the current context!
Error: Unable to interpret < [11/01/2006|00:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun> in the current context!
Error: Unable to interpret < [01/01/2003|18:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec> in the current context!
Error: Unable to interpret < [06/05/2006|22:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\TaoUSign> in the current context!
Error: Unable to interpret < [13/12/2006|23:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Temporary> in the current context!
Error: Unable to interpret < [13/12/2006|00:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\TransRender> in the current context!
Error: Unable to interpret < [19/09/2003|16:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\VERITAS> in the current context!
Error: Unable to interpret < [21/12/2006|19:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help> in the current context!
Error: Unable to interpret < [30/05/2008|19:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft> in the current context!
Error: Unable to interpret < [30/05/2008|19:16] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft> in the current context!
Error: Unable to interpret < [02/01/2003|14:37] C:\DOCUME~1\Philippe\APPLIC~1\Adobe> in the current context!
Error: Unable to interpret < [17/08/2006|21:34] C:\DOCUME~1\Philippe\APPLIC~1\AdobeAUM> in the current context!
Error: Unable to interpret < [29/06/2006|07:17] C:\DOCUME~1\Philippe\APPLIC~1\AdobeUM> in the current context!
Error: Unable to interpret < [06/01/2006|00:31] C:\DOCUME~1\Philippe\APPLIC~1\Ahead> in the current context!
Error: Unable to interpret < [04/09/2008|00:28] C:\DOCUME~1\Philippe\APPLIC~1\Apple Computer> in the current context!
Error: Unable to interpret < [12/07/2006|21:54] C:\DOCUME~1\Philippe\APPLIC~1\ArcSoft> in the current context!
Error: Unable to interpret < [06/01/2006|10:02] C:\DOCUME~1\Philippe\APPLIC~1\AVG7> in the current context!
Error: Unable to interpret < [09/12/2003|23:07] C:\DOCUME~1\Philippe\APPLIC~1\Canon> in the current context!
Error: Unable to interpret < [13/12/2006|23:55] C:\DOCUME~1\Philippe\APPLIC~1\ConvertTemp> in the current context!
Error: Unable to interpret < [23/09/2003|15:06] C:\DOCUME~1\Philippe\APPLIC~1\Copernic> in the current context!
Error: Unable to interpret < [07/01/2007|19:54] C:\DOCUME~1\Philippe\APPLIC~1\ESTsoft> in the current context!
Error: Unable to interpret < [23/12/2005|20:15] C:\DOCUME~1\Philippe\APPLIC~1\Google> in the current context!
Error: Unable to interpret < [18/09/2003|23:45] C:\DOCUME~1\Philippe\APPLIC~1\Help> in the current context!
Error: Unable to interpret < [02/01/2003|13:45] C:\DOCUME~1\Philippe\APPLIC~1\Identities> in the current context!
Error: Unable to interpret < [02/01/2003|14:37] C:\DOCUME~1\Philippe\APPLIC~1\InterTrust> in the current context!
Error: Unable to interpret < [20/10/2003|09:19] C:\DOCUME~1\Philippe\APPLIC~1\InterVideo> in the current context!
Error: Unable to interpret < [07/01/2006|01:56] C:\DOCUME~1\Philippe\APPLIC~1\Jetico Personal Firewall> in the current context!
Error: Unable to interpret < [30/12/2006|19:01] C:\DOCUME~1\Philippe\APPLIC~1\Lavasoft> in the current context!
Error: Unable to interpret < [14/01/2004|00:12] C:\DOCUME~1\Philippe\APPLIC~1\Leadertech> in the current context!
Error: Unable to interpret < [18/09/2003|21:51] C:\DOCUME~1\Philippe\APPLIC~1\Macromedia> in the current context!
Error: Unable to interpret < [02/01/2003|14:58] C:\DOCUME~1\Philippe\APPLIC~1\Microsoft> in the current context!
Error: Unable to interpret < [26/02/2005|11:49] C:\DOCUME~1\Philippe\APPLIC~1\Microsoft Web Folders> in the current context!
Error: Unable to interpret < [04/01/2006|00:36] C:\DOCUME~1\Philippe\APPLIC~1\Mozilla> in the current context!
Error: Unable to interpret < [15/01/2006|17:32] C:\DOCUME~1\Philippe\APPLIC~1\MSN6> in the current context!
Error: Unable to interpret < [04/02/2006|20:17] C:\DOCUME~1\Philippe\APPLIC~1\MSNInstaller> in the current context!
Error: Unable to interpret < [18/03/2004|22:01] C:\DOCUME~1\Philippe\APPLIC~1\Nikon> in the current context!
Error: Unable to interpret < [03/01/2006|10:18] C:\DOCUME~1\Philippe\APPLIC~1\PC Tools> in the current context!
Error: Unable to interpret < [06/07/2004|22:25] C:\DOCUME~1\Philippe\APPLIC~1\Real> in the current context!
Error: Unable to interpret < [02/01/2003|14:44] C:\DOCUME~1\Philippe\APPLIC~1\SampleView> in the current context!
Error: Unable to interpret < [13/12/2006|00:56] C:\DOCUME~1\Philippe\APPLIC~1\Samsung> in the current context!
Error: Unable to interpret < [09/12/2003|23:10] C:\DOCUME~1\Philippe\APPLIC~1\ScanSoft> in the current context!
Error: Unable to interpret < [02/01/2003|14:36] C:\DOCUME~1\Philippe\APPLIC~1\Sonic> in the current context!
Error: Unable to interpret < [10/05/2004|23:01] C:\DOCUME~1\Philippe\APPLIC~1\SpamPal> in the current context!
Error: Unable to interpret < [11/01/2006|00:08] C:\DOCUME~1\Philippe\APPLIC~1\Sun> in the current context!
Error: Unable to interpret < [01/01/2003|18:42] C:\DOCUME~1\Philippe\APPLIC~1\Symantec> in the current context!
Error: Unable to interpret < [06/05/2006|22:34] C:\DOCUME~1\Philippe\APPLIC~1\TaoUSign> in the current context!
Error: Unable to interpret < [13/12/2006|23:43] C:\DOCUME~1\Philippe\APPLIC~1\Temporary> in the current context!
Error: Unable to interpret < [13/12/2006|00:59] C:\DOCUME~1\Philippe\APPLIC~1\TransRender> in the current context!
Error: Unable to interpret < [19/09/2003|16:35] C:\DOCUME~1\Philippe\APPLIC~1\VERITAS> in the current context!
Error: Unable to interpret < [27/05/2008|23:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe> in the current context!
Error: Unable to interpret < [17/08/2006|21:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeAUM> in the current context!
Error: Unable to interpret < [29/06/2006|07:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM> in the current context!
Error: Unable to interpret < [06/01/2006|00:31] C:\DOCUME~1\PROPRI~1\APPLIC~1\Ahead> in the current context!
Error: Unable to interpret < [11/09/2008|01:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\Apple Computer> in the current context!
Error: Unable to interpret < [12/07/2006|21:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\ArcSoft> in the current context!
Error: Unable to interpret < [21/09/2008|02:24] C:\DOCUME~1\PROPRI~1\APPLIC~1\BitDefender> in the current context!
Error: Unable to interpret < [21/03/2008|13:11] C:\DOCUME~1\PROPRI~1\APPLIC~1\Canon> in the current context!
Error: Unable to interpret < [13/12/2006|23:55] C:\DOCUME~1\PROPRI~1\APPLIC~1\ConvertTemp> in the current context!
Error: Unable to interpret < [23/09/2003|15:06] C:\DOCUME~1\PROPRI~1\APPLIC~1\Copernic> in the current context!
Error: Unable to interpret < [10/09/2008|22:38] C:\DOCUME~1\PROPRI~1\APPLIC~1\CopyTrans> in the current context!
Error: Unable to interpret < [10/09/2008|22:36] C:\DOCUME~1\PROPRI~1\APPLIC~1\CopyTransControlCenter> in the current context!
Error: Unable to interpret < [23/12/2007|19:45] C:\DOCUME~1\PROPRI~1\APPLIC~1\DivX> in the current context!
Error: Unable to interpret < [07/03/2007|00:58] C:\DOCUME~1\PROPRI~1\APPLIC~1\ESTsoft> in the current context!
Error: Unable to interpret < [21/09/2008|02:14] C:\DOCUME~1\PROPRI~1\APPLIC~1\Flock> in the current context!
Error: Unable to interpret < [23/12/2005|20:15] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google> in the current context!
Error: Unable to interpret < [18/09/2003|23:45] C:\DOCUME~1\PROPRI~1\APPLIC~1\Help> in the current context!
Error: Unable to interpret < [02/01/2003|13:45] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities> in the current context!
Error: Unable to interpret < [29/05/2008|21:33] C:\DOCUME~1\PROPRI~1\APPLIC~1\InstallShield> in the current context!
Error: Unable to interpret < [02/01/2003|14:37] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterTrust> in the current context!
Error: Unable to interpret < [20/10/2003|09:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterVideo> in the current context!
Error: Unable to interpret < [07/01/2006|01:56] C:\DOCUME~1\PROPRI~1\APPLIC~1\Jetico Personal Firewall> in the current context!
Error: Unable to interpret < [30/12/2006|19:01] C:\DOCUME~1\PROPRI~1\APPLIC~1\Lavasoft> in the current context!
Error: Unable to interpret < [14/01/2004|00:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Leadertech> in the current context!
Error: Unable to interpret < [18/09/2003|21:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia> in the current context!
Error: Unable to interpret < [21/09/2008|11:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\Malwarebytes> in the current context!
Error: Unable to interpret < [27/08/2008|22:38] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft> in the current context!
Error: Unable to interpret < [26/02/2005|11:49] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft Web Folders> in the current context!
Error: Unable to interpret < [06/09/2008|19:26] C:\DOCUME~1\PROPRI~1\APPLIC~1\Mozilla> in the current context!
Error: Unable to interpret < [15/01/2006|17:32] C:\DOCUME~1\PROPRI~1\APPLIC~1\MSN6> in the current context!
Error: Unable to interpret < [04/02/2006|20:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\MSNInstaller> in the current context!
Error: Unable to interpret < [18/03/2004|22:01] C:\DOCUME~1\PROPRI~1\APPLIC~1\Nikon> in the current context!
Error: Unable to interpret < [03/01/2006|10:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\PC Tools> in the current context!
Error: Unable to interpret < [06/07/2004|22:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real> in the current context!
Error: Unable to interpret < [20/09/2008|09:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\RegClean> in the current context!
Error: Unable to interpret < [02/01/2003|14:44] C:\DOCUME~1\PROPRI~1\APPLIC~1\SampleView> in the current context!
Error: Unable to interpret < [18/08/2008|22:27] C:\DOCUME~1\PROPRI~1\APPLIC~1\Samsung> in the current context!
Error: Unable to interpret < [09/12/2003|23:10] C:\DOCUME~1\PROPRI~1\APPLIC~1\ScanSoft> in the current context!
Error: Unable to interpret < [15/09/2008|09:28] C:\DOCUME~1\PROPRI~1\APPLIC~1\Simply Super Software> in the current context!
Error: Unable to interpret < [02/01/2003|14:36] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sonic> in the current context!
Error: Unable to interpret < [10/05/2004|23:01] C:\DOCUME~1\PROPRI~1\APPLIC~1\SpamPal> in the current context!
Error: Unable to interpret < [09/09/2008|23:00] C:\DOCUME~1\PROPRI~1\APPLIC~1\streamripper> in the current context!
Error: Unable to interpret < [11/01/2006|00:08] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun> in the current context!
Error: Unable to interpret < [01/01/2003|18:42] C:\DOCUME~1\PROPRI~1\APPLIC~1\Symantec> in the current context!
Error: Unable to interpret < [06/05/2006|22:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\TaoUSign> in the current context!
Error: Unable to interpret < [13/12/2006|23:43] C:\DOCUME~1\PROPRI~1\APPLIC~1\Temporary> in the current context!
Error: Unable to interpret < [15/09/2008|08:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\TmpRecentIcons> in the current context!
Error: Unable to interpret < [13/12/2006|00:59] C:\DOCUME~1\PROPRI~1\APPLIC~1\TransRender> in the current context!
Error: Unable to interpret < [19/09/2003|16:35] C:\DOCUME~1\PROPRI~1\APPLIC~1\VERITAS> in the current context!
Error: Unable to interpret < [17/11/2007|20:05] C:\DOCUME~1\PROPRI~1\APPLIC~1\WinRAR> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks> in the current context!
Error: Unable to interpret < [23/09/2008 21:19][--a------] C:\WINDOWS\tasks\Connexion facile … Internet.job> in the current context!
Error: Unable to interpret < [22/01/2003 06:58][-rah-----] C:\WINDOWS\tasks\desktop.ini> in the current context!
Error: Unable to interpret < [22/09/2008 09:11][--ah-----] C:\WINDOWS\tasks\SA.DAT> in the current context!
Error: Unable to interpret < --------------------\\ Listing des dossiers dans C:\Program Files> in the current context!
Error: Unable to interpret < [27/05/2008|22:28] C:\Program Files\Adobe> in the current context!
Error: Unable to interpret < [11/03/2007|20:26] C:\Program Files\Ahead> in the current context!
Error: Unable to interpret < [04/09/2008|01:00] C:\Program Files\Apple Software Update> in the current context!
Error: Unable to interpret < [20/09/2006|22:29] C:\Program Files\ArcSoft> in the current context!
Error: Unable to interpret < [20/09/2008|19:44] C:\Program Files\a-squared Free> in the current context!
Error: Unable to interpret < [18/09/2003|21:11] C:\Program Files\ATI Technologies> in the current context!
Error: Unable to interpret < [08/07/2008|20:21] C:\Program Files\Avanquest update> in the current context!
Error: Unable to interpret < [30/05/2008|19:17] C:\Program Files\AVG> in the current context!
Error: Unable to interpret < [20/09/2008|16:21] C:\Program Files\AxBx> in the current context!
Error: Unable to interpret < [21/09/2008|02:23] C:\Program Files\BitDefender> in the current context!
Error: Unable to interpret < [28/07/2008|23:09] C:\Program Files\BitLord> in the current context!
Error: Unable to interpret < [04/09/2008|01:04] C:\Program Files\Bonjour> in the current context!
Error: Unable to interpret < [16/06/2004|20:53] C:\Program Files\BoontyGames> in the current context!
Error: Unable to interpret < [03/01/2006|00:14] C:\Program Files\Canon> in the current context!
Error: Unable to interpret < [05/02/2006|22:30] C:\Program Files\caws> in the current context!
Error: Unable to interpret < [05/01/2006|00:20] C:\Program Files\CCleaner> in the current context!
Error: Unable to interpret < [19/09/2005|00:10] C:\Program Files\CDBurnerXP Pro 3> in the current context!
Error: Unable to interpret < [27/11/2004|19:13] C:\Program Files\Clic d'Api Nø18> in the current context!
Error: Unable to interpret < [14/01/2004|22:59] C:\Program Files\Clic d'Api Nø18(2)> in the current context!
Error: Unable to interpret < [19/11/2006|18:25] C:\Program Files\Clic d'Api Nø19> in the current context!
Error: Unable to interpret < [04/07/2006|17:47] C:\Program Files\Clic d'Api Nø20> in the current context!
Error: Unable to interpret < [30/04/2006|11:41] C:\Program Files\Clic d'Api Nø21> in the current context!
Error: Unable to interpret < [31/05/2008|00:55] C:\Program Files\DAEMON Tools> in the current context!
Error: Unable to interpret < [04/10/2003|18:08] C:\Program Files\Disney Interactive> in the current context!
Error: Unable to interpret < [14/06/2008|06:56] C:\Program Files\DivX> in the current context!
Error: Unable to interpret < [18/09/2005|23:48] C:\Program Files\DivX Video Duplicator> in the current context!
Error: Unable to interpret < [28/01/2007|21:29] C:\Program Files\D-Tools> in the current context!
Error: Unable to interpret < [13/07/2005|19:07] C:\Program Files\DV 5700> in the current context!
Error: Unable to interpret < [19/08/2008|09:19] C:\Program Files\Easy Internet signup> in the current context!
Error: Unable to interpret < [22/02/2007|23:32] C:\Program Files\eMule> in the current context!
Error: Unable to interpret < [07/03/2007|00:58] C:\Program Files\ESTsoft> in the current context!
Error: Unable to interpret < [21/09/2008|02:17] C:\Program Files\Fichiers communs> in the current context!
Error: Unable to interpret < [21/09/2008|02:18] C:\Program Files\Flock> in the current context!
Error: Unable to interpret < [18/09/2005|22:12] C:\Program Files\Gabest> in the current context!
Error: Unable to interpret < [20/12/2007|23:07] C:\Program Files\Google> in the current context!
Error: Unable to interpret < [30/05/2008|19:18] C:\Program Files\Grisoft> in the current context!
Error: Unable to interpret < [06/01/2006|09:05] C:\Program Files\HJT> in the current context!
Error: Unable to interpret < [28/04/2005|23:35] C:\Program Files\IncrediMail> in the current context!
Error: Unable to interpret < [29/05/2008|21:34] C:\Program Files\InstallShield Installation Information> in the current context!
Error: Unable to interpret < [03/11/2005|18:46] C:\Program Files\InterActual> in the current context!
Error: Unable to interpret < [17/08/2008|03:05] C:\Program Files\Internet Explorer> in the current context!
Error: Unable to interpret < [02/01/2003|14:34] C:\Program Files\InterVideo> in the current context!
Error: Unable to interpret < [01/09/2008|17:37] C:\Program Files\Iomega> in the current context!
Error: Unable to interpret < [04/09/2008|01:05] C:\Program Files\iPod> in the current context!
Error: Unable to interpret < [04/09/2008|01:05] C:\Program Files\iTunes> in the current context!
Error: Unable to interpret < [09/07/2008|22:10] C:\Program Files\Java> in the current context!
Error: Unable to interpret < [20/04/2005|22:29] C:\Program Files\Kit ADSL> in the current context!
Error: Unable to interpret < [30/12/2006|19:01] C:\Program Files\Lavasoft> in the current context!
Error: Unable to interpret < [14/01/2006|20:18] C:\Program Files\LIVEUPDATE> in the current context!
Error: Unable to interpret < [11/03/2007|19:32] C:\Program Files\LucasArts> in the current context!
Error: Unable to interpret < [21/09/2008|11:17] C:\Program Files\Malwarebytes' Anti-Malware> in the current context!
Error: Unable to interpret < [22/04/2004|09:48] C:\Program Files\Matroska Pack> in the current context!
Error: Unable to interpret < [27/08/2008|23:25] C:\Program Files\messenger> in the current context!
Error: Unable to interpret < [15/10/2007|22:35] C:\Program Files\Microsoft ActiveSync> in the current context!
Error: Unable to interpret < [16/10/2005|17:16] C:\Program Files\Microsoft Encarta> in the current context!
Error: Unable to interpret < [28/03/2007|21:08] C:\Program Files\microsoft frontpage> in the current context!
Error: Unable to interpret < [26/11/2003|00:12] C:\Program Files\Microsoft Games> in the current context!
Error: Unable to interpret < [01/01/2003|19:20] C:\Program Files\Microsoft Office> in the current context!
Error: Unable to interpret < [01/01/2003|19:21] C:\Program Files\Microsoft Visual Studio> in the current context!
Error: Unable to interpret < [01/01/2003|19:24] C:\Program Files\Microsoft Works> in the current context!
Error: Unable to interpret < [14/04/2004|11:08] C:\Program Files\Mindscape> in the current context!
Error: Unable to interpret < [14/01/2006|20:22] C:\Program Files\mobile PhoneTools> in the current context!
Error: Unable to interpret < [14/01/2006|20:23] C:\Program Files\Motorola Phone Tools> in the current context!
Error: Unable to interpret < [27/08/2008|23:16] C:\Program Files\Movie Maker> in the current context!
Error: Unable to interpret < [22/09/2008|21:34] C:\Program Files\Mozilla Firefox> in the current context!
Error: Unable to interpret < [04/01/2006|00:31] C:\Program Files\mozilla.org> in the current context!
Error: Unable to interpret < [27/08/2008|22:37] C:\Program Files\MSECACHE> in the current context!
Error: Unable to interpret < [02/01/2003|13:41] C:\Program Files\MSN> in the current context!
Error: Unable to interpret < [27/12/2005|16:52] C:\Program Files\MSN Apps> in the current context!
Error: Unable to interpret < [02/01/2003|13:41] C:\Program Files\MSN Gaming Zone> in the current context!
Error: Unable to interpret < [27/08/2008|23:58] C:\Program Files\MSN Messenger> in the current context!
Error: Unable to interpret < [30/05/2008|19:21] C:\Program Files\MSXML 4.0> in the current context!
Error: Unable to interpret < [19/09/2003|16:16] C:\Program Files\MuseTools> in the current context!
Error: Unable to interpret < [21/09/2008|17:31] C:\Program Files\Navilog1> in the current context!
Error: Unable to interpret < [09/09/2008|23:43] C:\Program Files\NCH Swift Sound> in the current context!
Error: Unable to interpret < [27/08/2008|23:08] C:\Program Files\NetMeeting> in the current context!
Error: Unable to interpret < [20/09/2006|22:36] C:\Program Files\Nikon> in the current context!
Error: Unable to interpret < [27/09/2007|22:21] C:\Program Files\nLite> in the current context!
Error: Unable to interpret < [04/03/2007|01:33] C:\Program Files\Norton AntiVirus> in the current context!
Error: Unable to interpret < [27/08/2008|23:08] C:\Program Files\Outlook Express> in the current context!
Error: Unable to interpret < [08/10/2005|17:49] C:\Program Files\QSuite> in the current context!
Error: Unable to interpret < [06/09/2008|18:54] C:\Program Files\QuickTime> in the current context!
Error: Unable to interpret < [07/03/2007|01:13] C:\Program Files\QuickZip4> in the current context!
Error: Unable to interpret < [06/07/2004|22:23] C:\Program Files\Real> in the current context!
Error: Unable to interpret < [02/01/2003|14:36] C:\Program Files\RecordNow> in the current context!
Error: Unable to interpret < [18/08/2008|23:17] C:\Program Files\RegCleaner> in the current context!
Error: Unable to interpret < [04/09/2008|00:15] C:\Program Files\Registry Mechanic> in the current context!
Error: Unable to interpret < [18/08/2008|22:26] C:\Program Files\Samsung> in the current context!
Error: Unable to interpret < [09/12/2003|23:09] C:\Program Files\ScanSoft> in the current context!
Error: Unable to interpret < [02/01/2003|14:51] C:\Program Files\Services en ligne> in the current context!
Error: Unable to interpret < [03/03/2007|23:40] C:\Program Files\SiSLan> in the current context!
Error: Unable to interpret < [26/10/2005|00:46] C:\Program Files\SlySoft> in the current context!
Error: Unable to interpret < [26/02/2005|11:55] C:\Program Files\Snapshot Viewer> in the current context!
Error: Unable to interpret < [29/05/2008|21:34] C:\Program Files\Sony Ericsson> in the current context!
Error: Unable to interpret < [11/05/2004|09:57] C:\Program Files\SpamPal> in the current context!
Error: Unable to interpret < [20/09/2008|00:49] C:\Program Files\Spybot - Search & Destroy> in the current context!
Error: Unable to interpret < [05/10/2003|20:55] C:\Program Files\Star Downloader> in the current context!
Error: Unable to interpret < [20/09/2008|19:44] C:\Program Files\StreamCast> in the current context!
Error: Unable to interpret < [09/09/2008|23:05] C:\Program Files\Streamripper> in the current context!
Error: Unable to interpret < [16/03/2005|22:40] C:\Program Files\SuperLink> in the current context!
Error: Unable to interpret < [04/03/2007|01:32] C:\Program Files\Symantec> in the current context!
Error: Unable to interpret < [03/11/2005|18:47] C:\Program Files\Synchro Arts Ltd> in the current context!
Error: Unable to interpret < [20/09/2008|00:49] C:\Program Files\TeaTimer (Spybot - Search & Destroy)> in the current context!
Error: Unable to interpret < [26/10/2003|19:32] C:\Program Files\The Learning Company> in the current context!
Error: Unable to interpret < [22/04/2004|20:27] C:\Program Files\Torrent Search> in the current context!
Error: Unable to interpret < [21/09/2008|19:03] C:\Program Files\Trend Micro> in the current context!
Error: Unable to interpret < [04/03/2007|19:33] C:\Program Files\Trojan Remover> in the current context!
Error: Unable to interpret < [02/10/2003|21:02] C:\Program Files\TryMedia> in the current context!
Error: Unable to interpret < [02/01/2003|13:48] C:\Program Files\Uninstall Information> in the current context!
Error: Unable to interpret < [15/10/2007|23:22] C:\Program Files\ViaMichelin> in the current context!
Error: Unable to interpret < [01/04/2005|07:54] C:\Program Files\Vodei> in the current context!
Error: Unable to interpret < [18/09/2003|21:39] C:\Program Files\Wanadoo> in the current context!
Error: Unable to interpret < [27/09/2004|22:12] C:\Program Files\WAV to MP3 Encoder> in the current context!
Error: Unable to interpret < [18/09/2005|22:22] C:\Program Files\WinASPI> in the current context!
Error: Unable to interpret < [27/08/2008|22:38] C:\Program Files\Windows Installer Clean Up> in the current context!
Error: Unable to interpret < [27/08/2008|23:17] C:\Program Files\Windows Media Player> in the current context!
Error: Unable to interpret < [27/08/2008|23:08] C:\Program Files\Windows NT> in the current context!
Error: Unable to interpret < [04/03/2007|01:38] C:\Program Files\WindowsUpdate> in the current context!
Error: Unable to interpret < [10/09/2008|22:36] C:\Program Files\WindSolutions> in the current context!
Error: Unable to interpret < [10/06/2008|01:12] C:\Program Files\WinRAR> in the current context!
Error: Unable to interpret < [28/01/2006|19:12] C:\Program Files\WLAN> in the current context!
Error: Unable to interpret < [02/01/2003|13:45] C:\Program Files\xerox> in the current context!
Error: Unable to interpret < [09/09/2008|23:19] C:\Program Files\Xi> in the current context!
Error: Unable to interpret < [31/03/2004|00:47] C:\Program Files\XviD> in the current context!
Error: Unable to interpret < [04/01/2006|00:28] C:\Program Files\Yahoo!> in the current context!
Error: Unable to interpret < --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs> in the current context!
Error: Unable to interpret < [27/05/2008|22:29] C:\Program Files\Fichiers communs\Adobe> in the current context!
Error: Unable to interpret < [08/10/2005|17:44] C:\Program Files\Fichiers communs\Ahead> in the current context!
Error: Unable to interpret < [04/09/2008|00:59] C:\Program Files\Fichiers communs\Apple> in the current context!
Error: Unable to interpret < [21/09/2008|02:23] C:\Program Files\Fichiers communs\BitDefender> in the current context!
Error: Unable to interpret < [23/09/2003|15:06] C:\Program Files\Fichiers communs\Copernic> in the current context!
Error: Unable to interpret < [01/01/2003|19:21] C:\Program Files\Fichiers communs\Designer> in the current context!
Error: Unable to interpret < [29/02/2008|00:35] C:\Program Files\Fichiers communs\InstallShield> in the current context!
Error: Unable to interpret < [10/04/2007|23:02] C:\Program Files\Fichiers communs\Java> in the current context!
Error: Unable to interpret < [16/06/2004|20:53] C:\Program Files\Fichiers communs\Macrovision Shared> in the current context!
Error: Unable to interpret < [29/05/2008|21:45] C:\Program Files\Fichiers communs\Microsoft Shared> in the current context!
Error: Unable to interpret < [06/05/2004|23:02] C:\Program Files\Fichiers communs\mozilla.org> in the current context!
Error: Unable to interpret < [02/01/2003|13:42] C:\Program Files\Fichiers communs\MSSoap> in the current context!
Error: Unable to interpret < [20/09/2006|22:30] C:\Program Files\Fichiers communs\Nikon> in the current context!
Error: Unable to interpret < [12/06/2004|02:05] C:\Program Files\Fichiers communs\nnnfcbpd> in the current context!
Error: Unable to interpret < [02/01/2003|13:38] C:\Program Files\Fichiers communs\ODBC> in the current context!
Error: Unable to interpret < [06/07/2004|22:23] C:\Program Files\Fichiers communs\Real> in the current context!
Error: Unable to interpret < [03/01/2006|00:15] C:\Program Files\Fichiers communs\ScanSoft Shared> in the current context!
Error: Unable to interpret < [04/03/2007|06:17] C:\Program Files\Fichiers communs\Services> in the current context!
Error: Unable to interpret < [02/01/2003|14:36] C:\Program Files\Fichiers communs\Sonic> in the current context!
Error: Unable to interpret < [02/01/2003|13:38] C:\Program Files\Fichiers communs\SpeechEngines> in the current context!
Error: Unable to interpret < [22/09/2008|09:12] C:\Program Files\Fichiers communs\Symantec Shared> in the current context!
Error: Unable to interpret < [27/08/2008|23:08] C:\Program Files\Fichiers communs\System> in the current context!
Error: Unable to interpret < [20/10/2003|09:40] C:\Program Files\Fichiers communs\Wise Installation Wizard> in the current context!
Error: Unable to interpret < [06/07/2004|22:23] C:\Program Files\Fichiers communs\xing shared> in the current context!
Error: Unable to interpret < --------------------\\ Process> in the current context!
Error: Unable to interpret < ( 44 Processes )> in the current context!
Error: Unable to interpret < ... OK !> in the current context!
Error: Unable to interpret < --------------------\\ Recherche avec S_Lop> in the current context!
Error: Unable to interpret < Aucun fichier / dossier Lop trouvé !> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < --------------------\\ Recherche de Fichiers / Dossiers Lop> in the current context!
Error: Unable to interpret < C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < --------------------\\ Verification du Registre> in the current context!
Error: Unable to interpret < [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] > in the current context!
Error: Unable to interpret < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < ..... OK !> in the current context!
Error: Unable to interpret < --------------------\\ Verification du fichier Hosts> in the current context!
Error: Unable to interpret < Fichier Hosts MODIFIE> in the current context!
Error: Unable to interpret < 127.0.0.1 bin.errorprotector.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 br.errorsafe.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 br.winantivirus.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 br.winfixer.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 cdn.drivecleaner.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 cdn.errorsafe.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 cdn.winsoftware.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 de.errorsafe.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 de.winantivirus.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 download.cdn.errorsafe.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 download.cdn.winsoftware.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 download.errorsafe.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 download.systemdoctor.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 download.winantispyware.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 download.windrivecleaner.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 download.winfixer.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 drivecleaner.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 dynamique.drivecleaner.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 errorprotector.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 errorsafe.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 es.winantivirus.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 fr.winantivirus.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 fr.winfixer.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 go.drivecleaner.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 go.errorsafe.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 go.winantispyware.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 go.winantivirus.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 hk.winantivirus.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 instlog.errorsafe.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 instlog.winantivirus.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 instlog.winfixer.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 jsp.drivecleaner.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 kb.errorsafe.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 kb.winantivirus.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 nl.errorsafe.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 se.errorsafe.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 secure.drivecleaner.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 secure.errorsafe.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 secure.winantispam.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 secure.winantispy.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 secure.winantivirus.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 support.winantivirus.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 trial.updates.winsoftware.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 ulog.winantivirus.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 utils.errorsafe.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 utils.winantivirus.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 utils.winfixer.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 winantispyware.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 winantivirus.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 winfixer.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 winfixer2006.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 winsoftware.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 www.drivecleaner.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 www.errorprotector.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 www.errorsafe.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 www.systemdoctor.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 www.utils.winfixer.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 www.win-virus-pro.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 www.winantispam.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 www.winantispy.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 www.winantispyware.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 www.winantivirus.com ## added by CiD> in the current context!
Error: Unable to interpret < 127.0.0.1 www.winantiviruspro.com ## added by CiD> in the current context!
Error: Unable to interpret < 12
  • 0

#6
Rorschach112
Posted 23 September 2008 - 02:51 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Didn't ask you to do anything with LOP S+D

Can you post the OTMoveIt3 log
  • 0

#7
Phil9999
Posted 23 September 2008 - 03:31 PM

Phil9999

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Sorry, my mistake, this was not the LOP S+D but the result I got from OTMoveIt3.

Here is also combofix now.

Thanks.



ComboFix 08-09-22.05 - Propri‚taire 2008-09-23 22:40:23.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.189 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\system32\windows_update.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((((((( Fichiers créés du 2008-08-23 au 2008-09-23 ))))))))))))))))))))))))))))))))))))
.

2008-09-23 23:02 . 2008-09-23 23:04 <REP> d-------- C:\WINDOWS\LastGood
2008-09-23 21:38 . 2008-09-23 21:51 <REP> d-------- C:\Lop SD
2008-09-21 19:03 . 2008-09-21 19:03 <REP> d-------- C:\Program Files\Trend Micro
2008-09-21 14:28 . 2008-09-21 14:28 3,748 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-21 14:24 . 2008-09-21 17:31 <REP> d-------- C:\Program Files\Navilog1
2008-09-21 14:24 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-21 14:24 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-21 14:24 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-21 14:24 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-21 14:24 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-09-21 14:24 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-21 14:24 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-21 14:24 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-21 14:24 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-21 14:24 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-21 13:43 . 2008-09-21 13:43 <REP> d-------- C:\VundoFix Backups
2008-09-21 11:17 . 2008-09-21 11:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-21 11:17 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-09-21 11:17 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-09-21 11:17 . 2008-09-21 11:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-21 11:17 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-21 11:17 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 02:37 . 2008-09-21 02:37 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-09-21 02:37 . 2008-09-21 02:37 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-09-21 02:24 . 2008-09-21 02:24 <REP> d-------- C:\WINDOWS\system32\logs
2008-09-21 02:24 . <REP> C:\Documents and Settings\Propriétaire\Application Data\BitDefender
2008-09-21 02:24 . <REP> C:\Documents and Settings\Propriétaire\Application Data\BitDefender
2008-09-21 02:23 . 2008-09-21 02:23 <REP> d-------- C:\Program Files\BitDefender
2008-09-21 02:23 . 2008-09-21 02:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-09-21 02:17 . 2008-09-21 02:23 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-09-21 02:14 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Flock
2008-09-21 02:14 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Flock
2008-09-21 02:13 . 2008-09-21 02:18 <REP> d-------- C:\Program Files\Flock
2008-09-20 16:25 . 2008-09-20 19:44 <REP> d-------- C:\Program Files\a-squared Free
2008-09-20 16:21 . 2008-09-20 16:21 <REP> d-------- C:\Program Files\AxBx
2008-09-20 00:49 . 2008-09-20 00:49 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-19 21:58 . 2008-09-19 21:58 977,361 ---hs---- C:\WINDOWS\system32\sjpxmopc.ini
2008-09-15 09:29 . 2000-07-15 05:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-09-15 09:29 . 2001-03-28 22:02 89,088 --a------ C:\WINDOWS\system32\ProgressBar4.ocx
2008-09-15 09:29 . 1999-01-26 19:36 11,012 --a------ C:\WINDOWS\system32\threadapi.tlb
2008-09-15 09:28 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Simply Super Software
2008-09-15 09:28 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Simply Super Software
2008-09-15 09:26 . 2003-11-19 15:59 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-09-15 09:26 . 2004-05-11 11:56 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll
2008-09-15 09:26 . 2004-02-05 22:53 389,120 --a------ C:\WINDOWS\system32\ACTSKN43.OCX
2008-09-15 09:26 . 2004-01-09 12:54 188,416 --a------ C:\WINDOWS\system32\actsplash.ocx
2008-09-15 08:56 . 2008-09-20 22:02 1,109,864 ---hs---- C:\WINDOWS\system32\imquqgiy.ini
2008-09-14 23:25 . 2003-01-02 14:38 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\WINDOWS
2008-09-14 23:25 . 2003-01-02 13:38 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Voisinage r‚seau
2008-09-14 23:25 . 2003-01-02 13:38 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Voisinage d'impression
2008-09-14 23:25 . 2008-09-14 23:25 <REP> d---s---- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\UserData
2008-09-14 23:25 . 2008-09-14 23:25 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\ModŠles
2008-09-14 23:25 . 2008-09-20 16:25 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Mes documents
2008-09-14 23:25 . 2007-03-04 06:16 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Menu D‚marrer
2008-09-14 23:25 . 2007-03-04 06:16 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Favoris
2008-09-14 23:25 . 2008-09-20 16:24 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Bureau
2008-09-14 23:25 . 2003-09-19 16:35 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\VERITAS
2008-09-14 23:25 . 2006-12-13 00:59 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\TransRender
2008-09-14 23:25 . 2006-12-13 23:43 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Temporary
2008-09-14 23:25 . 2006-05-06 22:34 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\TaoUSign
2008-09-14 23:25 . 2003-01-01 18:42 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Symantec
2008-09-14 23:25 . 2004-05-10 23:01 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\SpamPal
2008-09-14 23:25 . 2003-01-02 14:36 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Sonic
2008-09-14 23:25 . 2003-12-09 23:10 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\ScanSoft
2008-09-14 23:25 . 2006-12-13 00:56 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Samsung
2008-09-14 23:25 . 2003-01-02 14:44 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\SampleView
2008-09-14 23:25 . 2006-01-03 10:18 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\PC Tools
2008-09-14 23:25 . 2004-03-18 22:01 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Nikon
2008-09-14 23:25 . 2006-02-04 20:17 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\MSNInstaller
2008-09-14 23:25 . 2006-01-15 17:32 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\MSN6
2008-09-14 23:25 . 2005-02-26 11:49 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Microsoft Web Folders
2008-09-14 23:25 . 2004-01-14 00:12 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Leadertech
2008-09-14 23:25 . 2006-12-30 19:01 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Lavasoft
2008-09-14 23:25 . 2006-01-07 01:56 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Jetico Personal Firewall
2008-09-14 23:25 . 2003-10-20 09:19 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\InterVideo
2008-09-14 23:25 . 2003-01-02 14:37 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\InterTrust
2008-09-14 23:25 . 2007-01-07 19:54 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\ESTsoft
2008-09-14 23:25 . 2003-09-23 15:06 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Copernic
2008-09-14 23:25 . 2006-12-13 23:55 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\ConvertTemp
2008-09-14 23:25 . 2003-12-09 23:07 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Canon
2008-09-14 23:25 . 2006-01-06 10:02 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\AVG7
2008-09-14 23:25 . 2006-07-12 21:54 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\ArcSoft
2008-09-14 23:25 . 2008-09-04 00:28 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Apple Computer
2008-09-14 23:25 . 2006-01-06 00:31 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Ahead
2008-09-14 23:25 . 2006-06-29 07:17 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\AdobeUM
2008-09-14 23:25 . 2006-08-17 21:34 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\AdobeAUM
2008-09-14 23:25 . 2006-01-14 20:21 24,192 --a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\usbsermptxp.sys
2008-09-14 23:25 . 2006-01-14 20:21 22,768 --a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\usbsermpt.sys
2008-09-14 23:24 . 2008-09-19 22:55 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ
2008-09-14 22:59 . 2008-09-14 22:59 1,068,375 ---hs---- C:\WINDOWS\system32\qhmbvvui.ini
2008-09-14 22:53 . 2008-09-14 22:53 1,068,315 ---hs---- C:\WINDOWS\system32\yfjulxgf.ini
2008-09-14 22:47 . 2008-09-19 23:13 539,624 --a------ C:\WINDOWS\system32\RCdJRqss.ini2
2008-09-14 22:47 . 2008-09-19 23:15 534,912 --ahs---- C:\WINDOWS\system32\RCdJRqss.ini
2008-09-14 22:39 . <REP> C:\Documents and Settings\Propriétaire\Application Data\TmpRecentIcons
2008-09-14 22:39 . <REP> C:\Documents and Settings\Propriétaire\Application Data\TmpRecentIcons
2008-09-14 22:39 . 2008-09-12 22:03 151,552 --a------ C:\WINDOWS\eeqb.exe
2008-09-10 22:38 . <REP> C:\Documents and Settings\Propriétaire\Application Data\CopyTrans
2008-09-10 22:38 . <REP> C:\Documents and Settings\Propriétaire\Application Data\CopyTrans
2008-09-10 22:36 . 2008-09-10 22:36 <REP> d-------- C:\Program Files\WindSolutions
2008-09-10 22:36 . <REP> C:\Documents and Settings\Propriétaire\Application Data\CopyTransControlCenter
2008-09-10 22:36 . <REP> C:\Documents and Settings\Propriétaire\Application Data\CopyTransControlCenter
2008-09-10 22:36 . 2008-09-10 22:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CopyTransControlCenter
2008-09-09 23:43 . 2008-09-09 23:43 <REP> d-------- C:\Program Files\NCH Swift Sound
2008-09-09 23:19 . 2008-09-09 23:19 <REP> d-------- C:\Program Files\Xi
2008-09-09 23:00 . <REP> C:\Documents and Settings\Propriétaire\Application Data\streamripper
2008-09-09 23:00 . <REP> C:\Documents and Settings\Propriétaire\Application Data\streamripper
2008-09-09 22:49 . 2008-09-09 23:05 <REP> d-------- C:\Program Files\Streamripper
2008-09-04 01:05 . 2008-09-04 01:05 <REP> d-------- C:\Program Files\iPod
2008-09-04 01:04 . 2008-09-04 01:05 <REP> d-------- C:\Program Files\iTunes
2008-09-04 01:04 . 2008-09-04 01:04 <REP> d-------- C:\Program Files\Bonjour
2008-09-04 01:00 . 2008-09-04 01:00 <REP> d-------- C:\Program Files\Apple Software Update
2008-09-04 01:00 . 2008-07-22 20:32 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-04 00:59 . 2008-09-04 00:59 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-09-04 00:59 . 2008-09-04 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-04 00:49 . 2008-09-04 00:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-04 00:49 . 2008-09-04 00:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-04 00:46 . 2008-09-06 18:54 <REP> d-------- C:\Program Files\QuickTime
2008-09-04 00:15 . 2008-09-23 23:00 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-01 17:37 . 2008-09-01 17:37 <REP> d-------- C:\Program Files\Iomega
2008-08-27 23:16 . 2008-08-27 23:16 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-27 23:16 . 2008-08-27 23:16 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-27 22:38 . 2008-08-27 22:38 <REP> d-------- C:\Program Files\Windows Installer Clean Up
2008-08-27 22:37 . 2008-08-27 22:37 <REP> d-------- C:\Program Files\MSECACHE
2008-08-26 01:38 . 2008-04-14 04:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-26 01:37 . 2008-04-14 04:31 290,816 -----c--- C:\WINDOWS\system32\dllcache\l3codeca.acm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 20:58 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared
2008-09-20 17:44 --------- d-----w C:\Program Files\StreamCast
2008-09-20 07:20 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\RegClean
2008-09-20 07:20 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\RegClean
2008-09-19 22:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-19 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-14 20:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-10 23:18 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-10 23:18 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-06 17:26 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Mozilla
2008-09-06 17:26 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Mozilla
2008-09-03 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-03 22:28 --------- d-----w C:\Documents and Settings\Philippe\Application Data\Apple Computer
2008-08-29 09:35 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-27 21:58 --------- d-----w C:\Program Files\MSN Messenger
2008-08-27 20:38 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Microsoft
2008-08-27 20:38 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Microsoft
2008-08-19 07:19 --------- d---a-w C:\Program Files\Easy Internet signup
2008-08-18 21:17 --------- d-----w C:\Program Files\RegCleaner
2008-08-18 20:27 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Samsung
2008-08-18 20:27 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Samsung
2008-08-18 20:26 --------- d-----w C:\Program Files\Samsung
2008-08-14 16:54 102,208 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-08-12 16:40 228,672 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2008-08-12 16:40 108,864 ----a-w C:\WINDOWS\system32\drivers\bdfm.sys
2008-07-28 21:09 --------- d-----w C:\Program Files\BitLord
2007-03-11 18:23 262,144 ----a-w C:\Documents and Settings\PropriÚtaire\NTUSER.DAT
2007-03-11 18:23 262,144 ----a-w C:\Documents and Settings\PropriÚtaire\NTUSER.DAT
2006-01-14 18:21 24,192 ----a-w C:\WINDOWS\system32\config\systemprofile\usbsermptxp.sys
2006-01-14 18:21 24,192 ----a-w C:\Documents and Settings\Propriétaire\usbsermptxp.sys
2006-01-14 18:21 24,192 ----a-w C:\Documents and Settings\Philippe\usbsermptxp.sys
2006-01-14 18:21 24,192 ----a-w C:\Documents and Settings\Default User\usbsermptxp.sys
2006-01-14 18:21 22,768 ----a-w C:\WINDOWS\system32\config\systemprofile\usbsermpt.sys
2006-01-14 18:21 22,768 ----a-w C:\Documents and Settings\Propriétaire\usbsermpt.sys
2006-01-14 18:21 22,768 ----a-w C:\Documents and Settings\Philippe\usbsermpt.sys
2006-01-14 18:21 22,768 ----a-w C:\Documents and Settings\Default User\usbsermpt.sys
2006-01-12 23:03 29,968 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2006-01-12 23:03 29,968 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"NVIEW"="nview.dll" [2003-03-04 C:\WINDOWS\system32\nview.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-04 4595712]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-12 114688]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"NAV CfgWiz"="c:\PROGRA~1\NORTON~1\Cfgwiz.exe" [2002-11-26 496784]
"ccRegVfy"="c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2002-11-20 59056]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2002-11-20 54960]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-21 716800]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 C:\WINDOWS\system32\Ati2mdxx.exe]
"nwiz"="nwiz.exe" [2003-03-04 C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll jnwlox.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-08 00:04 52736 c:\WINDOWS\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-16 22:13 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
--a------ 2003-03-04 02:44 831557 C:\WINDOWS\system32\nview.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 76040]
R2 BDVEDISK;BDVEDISK;C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R3 bdfm;BDFM;C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-08-14 102208]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Arrakis3;BitDefender Arrakis Server;C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{149F11BC-D5BF-4491-B94E-C72FB081F35D} - (no file)
BHO-{29584041-FAE1-4E38-BD99-57A6FB61B1B8} - (no file)
Toolbar-{D355A751-C166-4351-8112-0EB0775E1B16} - (no file)
ShellExecuteHooks-{149F11BC-D5BF-4491-B94E-C72FB081F35D} - (no file)
SSODL-dtseqrxk-{EC26EC56-4EF6-436B-A9A0-C4C902204CC8} - (no file)
Notify-nnnmkHBu - nnnmkHBu.dll


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Start Page = about:blank

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 23:00:39
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


C:\WINDOWS\system32\wuapi.dll.wusetup.501750.bak 549720 bytes executable
C:\WINDOWS\system32\wuauclt.exe.wusetup.510562.bak 53080 bytes executable

Scan terminé avec succès
Fichiers cachés: 2

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
.
**************************************************************************
.
Heure de fin: 2008-09-23 23:18:15 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-23 21:17:14

Avant-CF: 20ÿ470ÿ951ÿ936 octets libres
Après-CF: 20,704,944,128 octets libres

303 --- E O F --- 2008-09-11 21:13:58
  • 0

#8
Rorschach112
Posted 23 September 2008 - 03:42 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Are you being helped on a french forum ?

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\RCdJRqss.ini
C:\WINDOWS\system32\RCdJRqss.ini2
C:\WINDOWS\system32\sjpxmopc.ini
C:\WINDOWS\system32\imquqgiy.ini
C:\WINDOWS\system32\qhmbvvui.ini
C:\WINDOWS\system32\yfjulxgf.ini
C:\WINDOWS\system32\RCdJRqss.ini2
C:\WINDOWS\system32\RCdJRqss.ini


Folder::
C:\Program Files\BoontyGames
C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data

Registry::
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Start Page = about:blank

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\WINDOWS\system32\wuapi.dll.wusetup
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#9
Phil9999
Posted 23 September 2008 - 07:31 PM

Phil9999

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi,


I posted a log last Sunday on a french site but did not get any answer since.


So here is the Combo Fix Log.

ComboFix 08-09-22.05 - Propri‚taire 2008-09-24 0:11:07.2 - NTFSx86
Lancé depuis: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Propri‚taire\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
C:\WINDOWS\system32\imquqgiy.ini
C:\WINDOWS\system32\qhmbvvui.ini
C:\WINDOWS\system32\RCdJRqss.ini
C:\WINDOWS\system32\RCdJRqss.ini2
C:\WINDOWS\system32\sjpxmopc.ini
C:\WINDOWS\system32\yfjulxgf.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\ALLUSE~1\APPLIC~1\flag ace stupid data
C:\Program Files\BoontyGames
C:\Program Files\BoontyGames\Components\bureau.url
C:\Program Files\BoontyGames\Components\Joystick.ico
C:\Program Files\BoontyGames\Components\start.url
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\BALLOFF1.BMP
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\BALLOFF2.BMP
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\BALLOFF3.BMP
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\BALLON1.BMP
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\BALLON2.BMP
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\BALLON3.BMP
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\BOMBOFF1.BMP
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\BOMBOFF2.BMP
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\BOMBOFF3.BMP
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\BOMBON1.BMP
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\BOMBON2.BMP
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\BOMBON3.BMP
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\circularoff1.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\circularoff2.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\circularoff3.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\circularon1.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\circularon2.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\circularon3.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\CURSOR1.BMP
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\CURSOR2.BMP
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\figureoff1.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\figureoff2.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\figureoff3.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\figureon1.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\figureon2.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\figureon3.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\stat2line1.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\stat2line2.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\stat2line3.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\stat2linefull1.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\stat2linefull2.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\stat2linefull3.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\statline1.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\statline2.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\statline3.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\statlinefull1.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\statlinefull2.bmp
C:\Program Files\BoontyGames\Tetris4000\BITMAPS\statlinefull3.bmp
C:\Program Files\BoontyGames\Tetris4000\config.dat
C:\Program Files\BoontyGames\Tetris4000\CONV.BAT
C:\Program Files\BoontyGames\Tetris4000\FONTS\font1.bmp
C:\Program Files\BoontyGames\Tetris4000\FONTS\Font1.jpg
C:\Program Files\BoontyGames\Tetris4000\FONTS\font2.bmp
C:\Program Files\BoontyGames\Tetris4000\FONTS\Font2.jpg
C:\Program Files\BoontyGames\Tetris4000\FONTS\font3.bmp
C:\Program Files\BoontyGames\Tetris4000\FONTS\Font3.jpg
C:\Program Files\BoontyGames\Tetris4000\FONTS\font4.bmp
C:\Program Files\BoontyGames\Tetris4000\FONTS\Font4.jpg
C:\Program Files\BoontyGames\Tetris4000\FONTS\font5.bmp
C:\Program Files\BoontyGames\Tetris4000\FONTS\Font5.jpg
C:\Program Files\BoontyGames\Tetris4000\GLOBAL.DAT
C:\Program Files\BoontyGames\Tetris4000\History.txt
C:\Program Files\BoontyGames\Tetris4000\ICON.ICO
C:\Program Files\BoontyGames\Tetris4000\ICONS\ICON.ICO
C:\Program Files\BoontyGames\Tetris4000\ICONS\SETUP.ICO
C:\Program Files\BoontyGames\Tetris4000\license.txt
C:\Program Files\BoontyGames\Tetris4000\LOCAL.DAT
C:\Program Files\BoontyGames\Tetris4000\LOGO.BMP
C:\Program Files\BoontyGames\Tetris4000\mail\ICON.ICO
C:\Program Files\BoontyGames\Tetris4000\mail\icon1.ico
C:\Program Files\BoontyGames\Tetris4000\mail\icon10.ico
C:\Program Files\BoontyGames\Tetris4000\mail\icon2.ico
C:\Program Files\BoontyGames\Tetris4000\mail\icon3.ico
C:\Program Files\BoontyGames\Tetris4000\mail\icon4.ico
C:\Program Files\BoontyGames\Tetris4000\mail\icon5.ico
C:\Program Files\BoontyGames\Tetris4000\mail\icon6.ico
C:\Program Files\BoontyGames\Tetris4000\mail\icon7.ico
C:\Program Files\BoontyGames\Tetris4000\mail\icon8.ico
C:\Program Files\BoontyGames\Tetris4000\mail\icon9.ico
C:\Program Files\BoontyGames\Tetris4000\mail\main.ico
C:\Program Files\BoontyGames\Tetris4000\mail\text1.txt
C:\Program Files\BoontyGames\Tetris4000\mail\text10.txt
C:\Program Files\BoontyGames\Tetris4000\mail\text2.txt
C:\Program Files\BoontyGames\Tetris4000\mail\text3.txt
C:\Program Files\BoontyGames\Tetris4000\mail\text4.txt
C:\Program Files\BoontyGames\Tetris4000\mail\text5.txt
C:\Program Files\BoontyGames\Tetris4000\mail\text6.txt
C:\Program Files\BoontyGames\Tetris4000\mail\text7.txt
C:\Program Files\BoontyGames\Tetris4000\mail\text8.txt
C:\Program Files\BoontyGames\Tetris4000\mail\text9.txt
C:\Program Files\BoontyGames\Tetris4000\mailsetup.ini
C:\Program Files\BoontyGames\Tetris4000\MAIN.CFG
C:\Program Files\BoontyGames\Tetris4000\MODELS\BOMB.X
C:\Program Files\BoontyGames\Tetris4000\MODELS\bounce.x
C:\Program Files\BoontyGames\Tetris4000\MODELS\BOX1.X
C:\Program Files\BoontyGames\Tetris4000\MODELS\BOX2.X
C:\Program Files\BoontyGames\Tetris4000\MODELS\BOX3.X
C:\Program Files\BoontyGames\Tetris4000\MODELS\CIRCULAR.X
C:\Program Files\BoontyGames\Tetris4000\MODELS\FITIL.X
C:\Program Files\BoontyGames\Tetris4000\MODELS\FRAME.X
C:\Program Files\BoontyGames\Tetris4000\MUSIC\MUSIC1.MID
C:\Program Files\BoontyGames\Tetris4000\MUSIC\MUSIC10.MID
C:\Program Files\BoontyGames\Tetris4000\MUSIC\MUSIC11.MID
C:\Program Files\BoontyGames\Tetris4000\MUSIC\MUSIC2.MID
C:\Program Files\BoontyGames\Tetris4000\MUSIC\MUSIC3.MID
C:\Program Files\BoontyGames\Tetris4000\MUSIC\MUSIC4.MID
C:\Program Files\BoontyGames\Tetris4000\MUSIC\MUSIC5.MID
C:\Program Files\BoontyGames\Tetris4000\MUSIC\MUSIC6.MID
C:\Program Files\BoontyGames\Tetris4000\MUSIC\MUSIC7.MID
C:\Program Files\BoontyGames\Tetris4000\MUSIC\MUSIC8.MID
C:\Program Files\BoontyGames\Tetris4000\MUSIC\MUSIC9.MID
C:\Program Files\BoontyGames\Tetris4000\other.ini
C:\Program Files\BoontyGames\Tetris4000\PLAYLIST.CFG
C:\Program Files\BoontyGames\Tetris4000\SETUP.EXE
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\bombexplode.wav
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\bombprepare.wav
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\bounce1.WAV
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\bounce2.WAV
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\bounce3.WAV
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\Boxhit.wav
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\DisplayBox.WAV
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\DROP.WAV
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\earthstrike.wav
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\exbounce.WAV
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\Explode.WAV
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\GAMEOVER.WAV
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\menuclick.wav
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\menuscroll.wav
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\menuupdown.wav
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\nextlevel.WAV
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\PREPARE.WAV
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\TIMER.WAV
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\VOICE1.WAV
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\VOICE2.WAV
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\VOICE3.WAV
C:\Program Files\BoontyGames\Tetris4000\SOUNDS\VOICE4.WAV
C:\Program Files\BoontyGames\Tetris4000\Tell.exe
C:\Program Files\BoontyGames\Tetris4000\Tetris4000.exe
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\bkgnd.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\BKGND.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\bkgnd2.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\BKGND2.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\bkgnd3.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\BKGND3.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\bkgnd4.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\BKGND4.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\bkgnd5.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\BKGND5.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\bkgnd6.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\BKGND6.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\bounce.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\CONV.EXE
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\dynamics1.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\FF0.BMP
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\FF1.BMP
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\FF2.BMP
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\FF3.BMP
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\FF4.BMP
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\FF5.BMP
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\FF6.BMP
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\FF7.BMP
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\FF8.BMP
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\FF9.BMP
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\FrameBack.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\intro.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\intro.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\LINE.BMP
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\loadingline.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\loadingline1.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\loadingline2.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\LONGLINE.BMP
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\MenuBkgnd.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\MenuLight.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\nag1.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\NAG1.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\nag2.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\NAG2.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\nag3.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\NAG3.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\nag4.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\NAG4.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\scrollbar.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\SCROLLER.BMP
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\t11.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\T11.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\t12.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\T12.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\t13.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\T13.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\t14.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\T14.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\t15.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\T15.JPG
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\TEXTURE2.BMP
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\Thumbs.db
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\title.bmp
C:\Program Files\BoontyGames\Tetris4000\TEXTURES\TITLE.JPG
C:\Program Files\BoontyGames\Tetris4000\unins000.dat
C:\Program Files\BoontyGames\Tetris4000\unins000.exe
C:\Program Files\BoontyGames\Tetris4000\uninstal.exe
C:\Program Files\BoontyGames\Tetris4000\uninstal.ini
C:\Program Files\BoontyGames\Tetris4000\Updater.exe
C:\Program Files\BoontyGames\Tetris4000\Version.dat
C:\Program Files\BoontyGames\Tetris4000\website.url
C:\WINDOWS\system32\imquqgiy.ini
C:\WINDOWS\system32\qhmbvvui.ini
C:\WINDOWS\system32\RCdJRqss.ini
C:\WINDOWS\system32\RCdJRqss.ini2
C:\WINDOWS\system32\sjpxmopc.ini
C:\WINDOWS\system32\yfjulxgf.ini

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-23 au 2008-09-23 ))))))))))))))))))))))))))))))))))))
.

2008-09-23 23:02 . 2008-09-23 23:04 <REP> d-------- C:\WINDOWS\LastGood
2008-09-23 21:38 . 2008-09-23 21:51 <REP> d-------- C:\Lop SD
2008-09-21 19:03 . 2008-09-21 19:03 <REP> d-------- C:\Program Files\Trend Micro
2008-09-21 14:28 . 2008-09-21 14:28 3,748 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-21 14:24 . 2008-09-21 17:31 <REP> d-------- C:\Program Files\Navilog1
2008-09-21 14:24 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-21 14:24 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-21 14:24 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-21 14:24 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-21 14:24 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-09-21 14:24 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-21 14:24 . 2008-09-19 12:26 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-21 14:24 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-21 14:24 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-21 14:24 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-21 13:43 . 2008-09-21 13:43 <REP> d-------- C:\VundoFix Backups
2008-09-21 11:17 . 2008-09-21 11:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-21 11:17 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-09-21 11:17 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-09-21 11:17 . 2008-09-21 11:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-21 11:17 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-21 11:17 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-21 02:37 . 2008-09-21 02:37 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2008-09-21 02:37 . 2008-09-21 02:37 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2008-09-21 02:24 . 2008-09-21 02:24 <REP> d-------- C:\WINDOWS\system32\logs
2008-09-21 02:24 . <REP> C:\Documents and Settings\Propriétaire\Application Data\BitDefender
2008-09-21 02:24 . <REP> C:\Documents and Settings\Propriétaire\Application Data\BitDefender
2008-09-21 02:23 . 2008-09-21 02:23 <REP> d-------- C:\Program Files\BitDefender
2008-09-21 02:23 . 2008-09-21 02:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-09-21 02:17 . 2008-09-21 02:23 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-09-21 02:14 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Flock
2008-09-21 02:14 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Flock
2008-09-21 02:13 . 2008-09-21 02:18 <REP> d-------- C:\Program Files\Flock
2008-09-20 16:25 . 2008-09-20 19:44 <REP> d-------- C:\Program Files\a-squared Free
2008-09-20 16:21 . 2008-09-20 16:21 <REP> d-------- C:\Program Files\AxBx
2008-09-20 00:49 . 2008-09-20 00:49 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-15 09:29 . 2000-07-15 05:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-09-15 09:29 . 2001-03-28 22:02 89,088 --a------ C:\WINDOWS\system32\ProgressBar4.ocx
2008-09-15 09:29 . 1999-01-26 19:36 11,012 --a------ C:\WINDOWS\system32\threadapi.tlb
2008-09-15 09:28 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Simply Super Software
2008-09-15 09:28 . <REP> C:\Documents and Settings\Propriétaire\Application Data\Simply Super Software
2008-09-15 09:26 . 2003-11-19 15:59 512,688 --a------ C:\WINDOWS\system32\XceedCry.dll
2008-09-15 09:26 . 2004-05-11 11:56 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll
2008-09-15 09:26 . 2004-02-05 22:53 389,120 --a------ C:\WINDOWS\system32\ACTSKN43.OCX
2008-09-15 09:26 . 2004-01-09 12:54 188,416 --a------ C:\WINDOWS\system32\actsplash.ocx
2008-09-14 23:25 . 2003-01-02 14:38 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\WINDOWS
2008-09-14 23:25 . 2003-01-02 13:38 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Voisinage r‚seau
2008-09-14 23:25 . 2003-01-02 13:38 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Voisinage d'impression
2008-09-14 23:25 . 2008-09-14 23:25 <REP> d---s---- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\UserData
2008-09-14 23:25 . 2008-09-14 23:25 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\ModŠles
2008-09-14 23:25 . 2008-09-20 16:25 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Mes documents
2008-09-14 23:25 . 2007-03-04 06:16 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Menu D‚marrer
2008-09-14 23:25 . 2007-03-04 06:16 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Favoris
2008-09-14 23:25 . 2008-09-20 16:24 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Bureau
2008-09-14 23:25 . 2003-09-19 16:35 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\VERITAS
2008-09-14 23:25 . 2006-12-13 00:59 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\TransRender
2008-09-14 23:25 . 2006-12-13 23:43 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Temporary
2008-09-14 23:25 . 2006-05-06 22:34 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\TaoUSign
2008-09-14 23:25 . 2003-01-01 18:42 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Symantec
2008-09-14 23:25 . 2004-05-10 23:01 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\SpamPal
2008-09-14 23:25 . 2003-01-02 14:36 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Sonic
2008-09-14 23:25 . 2003-12-09 23:10 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\ScanSoft
2008-09-14 23:25 . 2006-12-13 00:56 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Samsung
2008-09-14 23:25 . 2003-01-02 14:44 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\SampleView
2008-09-14 23:25 . 2006-01-03 10:18 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\PC Tools
2008-09-14 23:25 . 2004-03-18 22:01 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Nikon
2008-09-14 23:25 . 2006-02-04 20:17 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\MSNInstaller
2008-09-14 23:25 . 2006-01-15 17:32 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\MSN6
2008-09-14 23:25 . 2005-02-26 11:49 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Microsoft Web Folders
2008-09-14 23:25 . 2004-01-14 00:12 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Leadertech
2008-09-14 23:25 . 2006-12-30 19:01 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Lavasoft
2008-09-14 23:25 . 2006-01-07 01:56 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Jetico Personal Firewall
2008-09-14 23:25 . 2003-10-20 09:19 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\InterVideo
2008-09-14 23:25 . 2003-01-02 14:37 <REP> d-a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\InterTrust
2008-09-14 23:25 . 2007-01-07 19:54 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\ESTsoft
2008-09-14 23:25 . 2003-09-23 15:06 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Copernic
2008-09-14 23:25 . 2006-12-13 23:55 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\ConvertTemp
2008-09-14 23:25 . 2003-12-09 23:07 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Canon
2008-09-14 23:25 . 2006-01-06 10:02 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\AVG7
2008-09-14 23:25 . 2006-07-12 21:54 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\ArcSoft
2008-09-14 23:25 . 2008-09-04 00:28 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Apple Computer
2008-09-14 23:25 . 2006-01-06 00:31 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\Ahead
2008-09-14 23:25 . 2006-06-29 07:17 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\AdobeUM
2008-09-14 23:25 . 2006-08-17 21:34 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\Application Data\AdobeAUM
2008-09-14 23:25 . 2006-01-14 20:21 24,192 --a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\usbsermptxp.sys
2008-09-14 23:25 . 2006-01-14 20:21 22,768 --a------ C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ\usbsermpt.sys
2008-09-14 23:24 . 2008-09-19 22:55 <REP> d-------- C:\Documents and Settings\Administrateur.NOM-K5WGBUATAIQ
2008-09-14 22:39 . <REP> C:\Documents and Settings\Propriétaire\Application Data\TmpRecentIcons
2008-09-14 22:39 . <REP> C:\Documents and Settings\Propriétaire\Application Data\TmpRecentIcons
2008-09-14 22:39 . 2008-09-12 22:03 151,552 --a------ C:\WINDOWS\eeqb.exe
2008-09-10 22:38 . <REP> C:\Documents and Settings\Propriétaire\Application Data\CopyTrans
2008-09-10 22:38 . <REP> C:\Documents and Settings\Propriétaire\Application Data\CopyTrans
2008-09-10 22:36 . 2008-09-10 22:36 <REP> d-------- C:\Program Files\WindSolutions
2008-09-10 22:36 . <REP> C:\Documents and Settings\Propriétaire\Application Data\CopyTransControlCenter
2008-09-10 22:36 . <REP> C:\Documents and Settings\Propriétaire\Application Data\CopyTransControlCenter
2008-09-10 22:36 . 2008-09-10 22:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CopyTransControlCenter
2008-09-09 23:43 . 2008-09-09 23:43 <REP> d-------- C:\Program Files\NCH Swift Sound
2008-09-09 23:19 . 2008-09-09 23:19 <REP> d-------- C:\Program Files\Xi
2008-09-09 23:00 . <REP> C:\Documents and Settings\Propriétaire\Application Data\streamripper
2008-09-09 23:00 . <REP> C:\Documents and Settings\Propriétaire\Application Data\streamripper
2008-09-09 22:49 . 2008-09-09 23:05 <REP> d-------- C:\Program Files\Streamripper
2008-09-04 01:05 . 2008-09-04 01:05 <REP> d-------- C:\Program Files\iPod
2008-09-04 01:04 . 2008-09-04 01:05 <REP> d-------- C:\Program Files\iTunes
2008-09-04 01:04 . 2008-09-04 01:04 <REP> d-------- C:\Program Files\Bonjour
2008-09-04 01:00 . 2008-09-04 01:00 <REP> d-------- C:\Program Files\Apple Software Update
2008-09-04 01:00 . 2008-07-22 20:32 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-04 00:59 . 2008-09-04 00:59 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-09-04 00:59 . 2008-09-04 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-04 00:49 . 2008-09-04 00:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-04 00:49 . 2008-09-04 00:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-04 00:46 . 2008-09-06 18:54 <REP> d-------- C:\Program Files\QuickTime
2008-09-04 00:15 . 2008-09-23 23:00 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-01 17:37 . 2008-09-01 17:37 <REP> d-------- C:\Program Files\Iomega
2008-08-27 23:16 . 2008-08-27 23:16 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-27 23:16 . 2008-08-27 23:16 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-27 22:38 . 2008-08-27 22:38 <REP> d-------- C:\Program Files\Windows Installer Clean Up
2008-08-27 22:37 . 2008-08-27 22:37 <REP> d-------- C:\Program Files\MSECACHE
2008-08-26 01:38 . 2008-04-14 04:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-26 01:37 . 2008-04-14 04:31 290,816 -----c--- C:\WINDOWS\system32\dllcache\l3codeca.acm
2008-08-26 01:36 . 2008-04-14 04:33 651,264 --------- C:\WINDOWS\system32\dot3ui.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 20:58 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared
2008-09-20 17:44 --------- d-----w C:\Program Files\StreamCast
2008-09-20 07:20 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\RegClean
2008-09-20 07:20 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\RegClean
2008-09-19 22:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-19 22:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-14 20:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-10 23:18 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-10 23:18 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2008-09-06 17:26 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Mozilla
2008-09-06 17:26 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Mozilla
2008-09-03 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-03 22:28 --------- d-----w C:\Documents and Settings\Philippe\Application Data\Apple Computer
2008-08-29 09:35 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-27 21:58 --------- d-----w C:\Program Files\MSN Messenger
2008-08-27 20:38 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Microsoft
2008-08-27 20:38 --------- d---a-w C:\Documents and Settings\Propriétaire\Application Data\Microsoft
2008-08-19 07:19 --------- d---a-w C:\Program Files\Easy Internet signup
2008-08-18 21:17 --------- d-----w C:\Program Files\RegCleaner
2008-08-18 20:27 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Samsung
2008-08-18 20:27 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Samsung
2008-08-18 20:26 --------- d-----w C:\Program Files\Samsung
2008-08-14 16:54 102,208 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-08-12 16:40 228,672 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2008-08-12 16:40 108,864 ----a-w C:\WINDOWS\system32\drivers\bdfm.sys
2008-07-28 21:09 --------- d-----w C:\Program Files\BitLord
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 06:32 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-03-11 18:23 262,144 ----a-w C:\Documents and Settings\PropriÚtaire\NTUSER.DAT
2007-03-11 18:23 262,144 ----a-w C:\Documents and Settings\PropriÚtaire\NTUSER.DAT
2006-01-14 18:21 24,192 ----a-w C:\WINDOWS\system32\config\systemprofile\usbsermptxp.sys
2006-01-14 18:21 24,192 ----a-w C:\Documents and Settings\Propriétaire\usbsermptxp.sys
2006-01-14 18:21 24,192 ----a-w C:\Documents and Settings\Philippe\usbsermptxp.sys
2006-01-14 18:21 24,192 ----a-w C:\Documents and Settings\Default User\usbsermptxp.sys
2006-01-14 18:21 22,768 ----a-w C:\WINDOWS\system32\config\systemprofile\usbsermpt.sys
2006-01-14 18:21 22,768 ----a-w C:\Documents and Settings\Propriétaire\usbsermpt.sys
2006-01-14 18:21 22,768 ----a-w C:\Documents and Settings\Philippe\usbsermpt.sys
2006-01-14 18:21 22,768 ----a-w C:\Documents and Settings\Default User\usbsermpt.sys
2006-01-12 23:03 29,968 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2006-01-12 23:03 29,968 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-09-23_23.15.13.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-30 17:19:32 325,976 ----a-w C:\WINDOWS\LastGood\system32\wucltui.dll
+ 2007-07-30 17:18:40 33,624 ----a-w C:\WINDOWS\LastGood\system32\wups.dll
+ 2007-07-30 17:19:12 43,352 ----a-w C:\WINDOWS\LastGood\system32\wups2.dll
+ 2007-07-30 17:19:46 203,096 ----a-w C:\WINDOWS\LastGood\system32\wuweb.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"NVIEW"="nview.dll" [2003-03-04 C:\WINDOWS\system32\nview.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-04 4595712]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-12 114688]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 315392]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-08-01 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"NAV CfgWiz"="c:\PROGRA~1\NORTON~1\Cfgwiz.exe" [2002-11-26 496784]
"ccRegVfy"="c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe" [2002-11-20 59056]
"ccApp"="c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2002-11-20 54960]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" [2008-09-21 716800]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 C:\WINDOWS\system32\Ati2mdxx.exe]
"nwiz"="nwiz.exe" [2003-03-04 C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll jnwlox.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-08 00:04 52736 c:\WINDOWS\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-05-16 22:13 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
--a------ 2003-03-04 02:44 831557 C:\WINDOWS\system32\nview.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-24 00:28:02
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


**************************************************************************
.
Heure de fin: 2008-09-24 0:38:20
ComboFix-quarantined-files.txt 2008-09-23 22:36:33
ComboFix2.txt 2008-09-23 21:18:24

Avant-CF: 22ÿ257ÿ725ÿ440 octets libres
Après-CF: 22,236,336,128 octets libres

473 --- E O F --- 2008-09-11 21:13:58





I scanned wuapi.dll and wuapi.dll.mui as I could not find the wuapi.dll.wusetup. Both files seems to be clean as only Fortinet found them suspicious.
Sorry could not manage to find the clipboard and paste it.


Thanks.
  • 0

#10
Rorschach112
Posted 24 September 2008 - 06:23 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Could you post me the link to the French board
  • 0

Advertisements

#11
Phil9999
Posted 24 September 2008 - 08:09 AM

Phil9999

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi,

It's on commentcamarche.net.

It's on the sécurité forum, my post is called Vundo. 21 September at 18:25.

Anything wrong ?

Thanks.

Philippe.

PS/ Not at home, writing from office.
  • 0

#12
Rorschach112
Posted 24 September 2008 - 12:27 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No nothing wrong, can you tell them you are being helped here so that another helper doesn't waste their time. We are nearly done as well


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please do an online scan with Kaspersky WebScanner

Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also post a new HJT log
  • 0

#13
Phil9999
Posted 25 September 2008 - 11:51 AM

Phil9999

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi,

Thanks for this. I will.

Sorry for the delay, it took a while to scan with Kapersky.



Here are the logs:

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1203
Windows 5.1.2600 Service Pack 3

25/09/2008 00:06:40
mbam-log-2008-09-25 (00-06-40).txt

Type de recherche: Examen rapide
Eléments examinés: 55456
Temps écoulé: 9 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, September 25, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, September 24, 2008 16:26:54
Records in database: 1255995
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 163735
Threat name: 13
Infected objects: 22
Suspicious objects: 0
Duration of the scan: 06:10:56


File name / Threat name / Threats count
C:\Documents and Settings\Default User\Bureau\Divers Philippe à trier\overnet0.50.1.exe Infected: not-a-virus:Server-Proxy.Win32.Overnet 1
C:\Documents and Settings\Default User\Bureau\Divers Philippe à trier\overnet0.50.1.exe Infected: not-a-virus:AdWare.Win32.Ucmore.a 1
C:\Documents and Settings\Default User\Bureau\Divers Philippe à trier\overnet0.50.1.exe Infected: not-a-virus:AdWare.Win32.Ucmore 1
C:\Documents and Settings\Propriétaire\Bureau\Divers Philippe à trier\overnet0.50.1.exe Infected: not-a-virus:Server-Proxy.Win32.Overnet 1
C:\Documents and Settings\Propriétaire\Bureau\Divers Philippe à trier\overnet0.50.1.exe Infected: not-a-virus:AdWare.Win32.Ucmore.a 1
C:\Documents and Settings\Propriétaire\Bureau\Divers Philippe à trier\overnet0.50.1.exe Infected: not-a-virus:AdWare.Win32.Ucmore 1
C:\Mes téléchargements\Divers\setupwavtomp3.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d 1
C:\Mes téléchargements\Divers\setupwavtomp3.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b 2
C:\Mes téléchargements\Divers\setupwavtomp3.exe Infected: not-a-virus:AdWare.Win32.NavExcel 1
C:\Mes téléchargements\Divers\setupwavtomp3.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i 1
C:\Mes téléchargements\Divers\setupwavtomp3.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z 1
C:\Mes téléchargements\Divers\setupwavtomp3.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.h 2
C:\Mes téléchargements\Divers\setupwavtomp3.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.e 1
C:\Mes téléchargements\Divers\setupwavtomp3.exe Infected: not-a-virus:AdWare.Win32.EZula.o 1
C:\WINDOWS\system32\config\systemprofile\Bureau\Divers Philippe à trier\overnet0.50.1.exe Infected: not-a-virus:Server-Proxy.Win32.Overnet 1
C:\WINDOWS\system32\config\systemprofile\Bureau\Divers Philippe à trier\overnet0.50.1.exe Infected: not-a-virus:AdWare.Win32.Ucmore.a 1
C:\WINDOWS\system32\config\systemprofile\Bureau\Divers Philippe à trier\overnet0.50.1.exe Infected: not-a-virus:AdWare.Win32.Ucmore 1
G:\Torrents\setupxv.exe Infected: not-a-virus:FraudTool.Win32.SpywareStop.er 1
G:\Torrents\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
G:\Torrents\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The selected area was scanned.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49, on 25/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1064443174-1331414849-1639698294-1008\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User '?')
O4 - HKUS\S-1-5-21-1064443174-1331414849-1639698294-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1064443174-1331414849-1639698294-500\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User 'Administrateur')
O4 - HKUS\S-1-5-21-1064443174-1331414849-1639698294-500\..\RunOnce: [SpybotDeletingB8017] command /c del "C:\WINDOWS\dtseqrxk.dll_tobedeleted_old" (User 'Administrateur')
O4 - Global Startup: customize__IE.lnk = C:\HP\region\customizeIe.wsf
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1211917055031
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll jnwlox.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 9237 bytes
  • 0

#14
Rorschach112
Posted 25 September 2008 - 05:29 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKUS\S-1-5-21-1064443174-1331414849-1639698294-500\..\RunOnce: [SpybotDeletingB8017] command /c del "C:\WINDOWS\dtseqrxk.dll_tobedeleted_old" (User 'Administrateur')
O20 - AppInit_DLLs: avgrsstx.dll jnwlox.dll


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe


:Files
C:\Documents and Settings\Default User\Bureau\Divers Philippe à trier\overnet0.50.1.exe
C:\Mes téléchargements\Divers\setupwavtomp3.exe
C:\WINDOWS\system32\config\systemprofile\Bureau\Divers Philippe à trier\overnet0.50.1.exe
G:\Torrents\setupxv.exe
C:\WINDOWS\dtseqrxk.dll_tobedeleted_old

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




Please download DirLook by jpshortstuff from here.
  • Double-click DirLook.exe to run it.
  • Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
  • Copy the content of the following codebox into the main textfield:

    G:\Torrents
  • Click the DirLook button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\dl_log.txt)
Note: Scanning may take longer for large folders.


Also post a new HJT log
  • 0

#15
Phil9999
Posted 25 September 2008 - 08:13 PM

Phil9999

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello again,

Here we are.


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\Default User\Bureau\Divers Philippe à trier\overnet0.50.1.exe moved successfully.
C:\Mes téléchargements\Divers\setupwavtomp3.exe moved successfully.
C:\WINDOWS\system32\config\systemprofile\Bureau\Divers Philippe à trier\overnet0.50.1.exe moved successfully.
G:\Torrents\setupxv.exe moved successfully.
File/Folder C:\WINDOWS\dtseqrxk.dll_tobedeleted_old not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\etilqs_397HfOzvdO0D6V6ykCZm scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\entou0cc.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\entou0cc.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\entou0cc.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\entou0cc.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\entou0cc.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.2.2 log created on 09262008_035158

Files moved on Reboot...
File C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\etilqs_397HfOzvdO0D6V6ykCZm not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\entou0cc.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\entou0cc.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\entou0cc.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\entou0cc.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Mozilla\Firefox\Profiles\entou0cc.default\urlclassifier3.sqlite moved successfully.






DirLook.exe by jpshortstuff
Log created at 4:08:26 on 26/09/2008

==============================

Contents of "G:\Torrents" (inc. hidden/system files/folders)

---FOLDERS---

SmitfraudFix (created: 20/09/2008 12:46) d--------

---FILES---

ccsetup210.exe (2922072 bytes, created: 18/08/2008 23:24) --a------
ccsetup211.exe (2928600 bytes, created: 03/09/2008 22:16) --a------
ComboFix.exe (2855782 bytes, created: 23/09/2008 22:18) --a------
DirLook.exe (166912 bytes, created: 26/09/2008 04:07) --a------
flock-1.2.5.en-US.win32.exe (11253024 bytes, created: 21/09/2008 02:12) --a------
Google_Earth_BZXD.exe (13413048 bytes, created: 20/12/2007 22:04) --a------
HJTInstall.exe (812344 bytes, created: 21/09/2008 19:02) --a------
Install_CopyTrans_Suite.exe (943024 bytes, created: 10/09/2008 22:36) --a------
Iso-burner.exe (657104 bytes, created: 23/09/2007 00:02) --a------
iTunesSetup.exe (63530280 bytes, created: 18/08/2008 22:38) --a------
LopSD.exe (521694 bytes, created: 23/09/2008 21:38) --a------
mbam-setup(2).exe (2182784 bytes, created: 24/09/2008 23:48) --a------
mbam-setup.exe (2189864 bytes, created: 21/09/2008 11:12) --a------
msicuu2.exe (359656 bytes, created: 27/08/2008 22:37) --a------
Navilog1.exe (571505 bytes, created: 21/09/2008 13:23) --a------
OTMoveIt3(2).exe (335360 bytes, created: 26/09/2008 03:49) --a------
RegCleaner.exe (553687 bytes, created: 18/08/2008 23:05) --a------
rminstall.exe (7507296 bytes, created: 04/09/2008 00:13) --a------
SmitfraudFix.exe (1658005 bytes, created: 21/09/2008 13:23) --a------
switchsetup.exe (363008 bytes, created: 09/09/2008 23:42) --a------
V6_PND_Update_MichelinGuide_FRANCE.exe (13693182 bytes, created: 21/12/2007 19:03) --a------
VirtumundoBeGone.exe (96978 bytes, created: 21/09/2008 12:56) --a------
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe (4627688 bytes, created: 23/09/2008 22:23) --a------
WindowsXP-KB936929-SP3-x86-FRA.exe (324222504 bytes, created: 18/08/2008 23:59) --a------

==============================

=EOF=











Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:10, on 26/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NAV CfgWiz] c:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1064443174-1331414849-1639698294-1008\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User '?')
O4 - HKUS\S-1-5-21-1064443174-1331414849-1639698294-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1064443174-1331414849-1639698294-500\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User 'Administrateur')
O4 - HKUS\S-1-5-21-1064443174-1331414849-1639698294-500\..\RunOnce: [SpybotDeletingD6041] cmd /c del "C:\WINDOWS\dtseqrxk.dll_tobedeleted_old" (User 'Administrateur')
O4 - Global Startup: customize__IE.lnk = C:\HP\region\customizeIe.wsf
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1211917055031
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 8994 bytes
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP