[VISTA] Problème étrange vista sp1

[emmanuel123]

Bonjour à tous,

Depuis que j'ai installé le sp1 de vista, les démarrages sont beaucoup plus lent.

Au début, je croyais que j'avais trop de programmes au démarrage mais après avoir en supprimé la quasi-totalité, j'avais toujours le même problème...

Puis, un jour, j'ai ouvert windows task manager (mon pc est en anglais) et j'ai vu un programme qui s'appelait form1 et qui rendais mon cpu usage à 100%. Je dus donc faire end task pour que mon ordi redevienne rapide mais il revient toujours et encore au démarrage de vista...

De plus, avant, je croyais que c'était un virus puis j'ai installé le sp1 chez un pote, et il y a eu le même résultat (form1 qui bouffe le cpu)... donc c'est pas un virus.

Je fais maintenant appelle à vous car je suis désespéré et je ne sais plus quoi faire

Merci de m'aider

[2C.LiryC]

Bonsoir,

Jamais vu "Form1" dans les tâches standard de Vista... Il est possible que ton pote et toi ayez le même malware

Quel est l'anti-virus installé ?

J'ai bien envie de te conseiller un passage par la centra' HijackThis .

[emmanuel123]

Salut,

comme antivirus, j'utilise AVG avec spyware terminator et spyware SnD

Voilà

[snooky]

Il s'agit bien d'une infection ...

[emmanuel123]

Bon je crois que vous avez raison.

Voici mon scan hijackthis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:30:17, on 2008-10-13

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\leclair\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sympatico.msn.ca/defaultf.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Color Calibration.lnk = ?

O4 - Global Startup: GammaTray.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: yayyyaw - yayyyaw.dll (file missing)

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 12382 bytes

[snooky]

1) Désinstalle AVG , Spybot , Spyware Terminator ... etc !!!

2) Lance ce remover AVG :

http://www.avg.com/filedir/util/avg_arm_su.../avgremover.exe

3) Désactive Windows Defender .

4) Supprime ce dossier :

C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe

5) Lance VundoFix et poste le rapport créé:

http://vundofix.atribune.org/

PS : à la fin du scan , clique sur " Remove Vundo "

6) Redémarre le pc et lance ensuite MBAM ... supprime ce qu'il trouve .

[emmanuel123]

Salut, je suis en train de faire ce que tu me dis mais je n'arrive pas à supprimer le dossier Authentium (je suis allé dans propiété et je me suis attribué la permission) mais je n'arrive toujours pas à le supprimer

[snooky]

Passe à la suite

[emmanuel123]

Re,

j'ai fait un scan avec vundo et il n'a rien trouvé...

[snooky]

Passe à la suite ...

[emmanuel123]

Bon j'ai finalement réussi à supprimer le dossier Authentium (en mode sans échec) et j'en ai profiter pour faire un scan complet avec MBAM puis suppression de tout ce qu'il trouve.

Je vous direz les résultats demain

A+

[emmanuel123]

Re,

J'ai terminé avec MBAM, j'aimerais savoir s'il faut que je fasse autre chose et si je peux réinstaller mes antivirus.

Voici le rapport de MBAM après mon scan :

Malwarebytes' Anti-Malware 1.28

Version de la base de données: 1267

Windows 6.0.6001 Service Pack 1

2008-10-14 07:11:53

mbam-log-2008-10-14 (07-11-53).txt

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 383804

Temps écoulé: 1 hour(s), 14 minute(s), 53 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 22

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 4

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Trojan.HumourCanine) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

C:\Program Files\Conduit\Community Alerts\Alert.dll (Trojan.HumourCanine) -> Quarantined and deleted successfully.

C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Users\leclair\AppData\Local\Temp\???????????_10.JPG (Trojan.Extension.Exploit) -> Quarantined and deleted successfully.

C:\Users\leclair\AppData\Local\Temp\pwrmgr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

[snooky]

Ne remet pas TES antivirus ... t'on servit à rien !

Lance ComboFix et poste le rapport créé :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[2C.LiryC]

Ne remet pas TES antivirus ... t'on servit à rien !

...

Je ne peux que plussoyer.

[emmanuel123]

Voici le rapport de combofix :

ComboFix 08-10-14.07 - leclair 2008-10-14 19:16:39.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1172 [GMT -4:00]

Lancé depuis: C:\Users\leclair\Desktop\ComboFix.exe

* Un nouveau point de restauration a été créé

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

C:\Program Files\internet explorer\msimg32.dll

C:\Users\leclair\AUTORUN.INF

C:\Windows\Downloaded Program Files\setup.inf

C:\Windows\system32\x64

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Boonty Games

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))

.

2008-10-14 19:13 . 2008-10-14 19:14 <DIR> d-------- C:\32788R22FWJFW

2008-10-13 22:05 . 2008-10-13 22:05 <DIR> d-------- C:\Users\leclair\AppData\Roaming\Malwarebytes

2008-10-13 22:05 . 2008-10-13 22:05 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-10-13 22:05 . 2008-10-13 22:05 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-10-13 22:05 . 2008-10-13 22:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-10-13 22:05 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-10-13 22:05 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys

2008-10-13 21:26 . 2008-10-13 21:26 <DIR> d-------- C:\VundoFix Backups

2008-10-13 20:55 . 2008-10-13 20:55 <DIR> d-------- C:\Users\All Users\Avg8

2008-10-13 20:55 . 2008-10-13 20:55 <DIR> d-------- C:\ProgramData\Avg8

2008-10-13 12:37 . 2008-10-13 12:37 0 --a------ C:\LOG9E12.tmp

2008-10-12 11:54 . 2008-10-12 11:54 <DIR> d-------- C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP

2008-10-12 11:54 . 2008-10-12 11:54 <DIR> d-------- C:\Program Files\Netdevil

2008-10-12 11:33 . 2008-10-12 11:33 <DIR> d-------- C:\Users\leclair\AppData\Roaming\Download Manager

2008-10-11 18:00 . 2008-10-11 18:00 <DIR> d-------- C:\Users\leclair\AppData\Roaming\InstallShield Installation Information

2008-10-11 17:54 . 2008-10-11 17:54 <DIR> d-------- C:\Program Files\Unreal Tournament 3 Demo

2008-10-11 17:52 . 2008-10-11 17:52 <DIR> d-------- C:\Windows\System32\AGEIA

2008-10-11 17:52 . 2008-10-12 11:30 <DIR> d-------- C:\Program Files\AGEIA Technologies

2008-10-11 14:57 . 2008-10-11 14:57 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2008-10-11 14:53 . 2008-10-11 14:54 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint

2008-10-11 14:05 . 2008-10-11 14:25 <DIR> d-------- C:\Users\All Users\NVIDIA

2008-10-11 14:05 . 2008-10-11 14:25 <DIR> d-------- C:\ProgramData\NVIDIA

2008-10-11 14:00 . 2008-09-17 23:55 1,108,512 --a------ C:\Windows\System32\nvcpluir.dll

2008-10-11 14:00 . 2008-09-17 23:55 797,216 --a------ C:\Windows\System32\nvcplui.exe

2008-10-11 14:00 . 2008-09-17 23:55 420,384 --a------ C:\Windows\System32\nvcpl.cpl

2008-10-11 14:00 . 2007-11-06 19:00 307,200 --a------ C:\Windows\System32\nvexpbar.dll

2008-10-11 13:51 . 2008-09-17 23:55 453,152 --a------ C:\Windows\System32\NVUNINST.EXE

2008-09-28 16:33 . 2008-09-28 16:33 0 --a------ C:\LOGC0C7.tmp

2008-09-28 09:23 . 2008-09-28 09:23 <DIR> d-------- C:\Users\leclair\AppData\Roaming\WinPatrol

2008-09-28 09:22 . 2008-09-28 09:22 <DIR> d-------- C:\Program Files\BillP Studios

2008-09-27 16:52 . 2008-09-27 16:52 56 --ah----- C:\Windows\System32\ezsidmv.dat

2008-09-27 12:17 . 2008-09-27 12:17 0 --a------ C:\LOG7F3D.tmp

2008-09-27 12:08 . 2008-09-27 12:08 0 --a------ C:\LOGE955.tmp

2008-09-26 16:10 . 2008-09-28 09:24 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-09-26 16:08 . 2008-09-26 16:08 332 --a------ C:\Windows\wininit.ini

2008-09-26 15:54 . 2008-09-26 15:57 <DIR> d-------- C:\Program Files\AVG

2008-09-17 21:18 . 2008-09-17 21:18 <DIR> d-------- C:\Program Files\RivaTuner v2.10

2008-09-16 15:55 . 2008-09-16 15:55 268 --ah----- C:\sqmdata03.sqm

2008-09-16 15:55 . 2008-09-16 15:55 244 --ah----- C:\sqmnoopt03.sqm

2008-09-15 19:16 . 2008-09-15 19:16 0 --a------ C:\LOG4130.tmp

2008-09-14 21:44 . 2008-09-17 21:13 <DIR> d-------- C:\Program Files\Motherboard Monitor 5

2008-09-14 21:44 . 2004-04-10 09:42 2,944 --a------ C:\Windows\System32\mbmiodrvr.sys

2008-09-14 21:43 . 2008-09-14 21:44 <DIR> d-------- C:\Program Files\Hmonitor

2008-09-14 21:43 . 2008-06-08 09:23 10,536 --a------ C:\Windows\System32\drivers\Hmonitor.sys

2008-09-14 21:39 . 2008-09-16 21:46 <DIR> d-------- C:\Program Files\SpeedFan

2008-09-14 21:39 . 2008-09-14 21:39 45 --a------ C:\Windows\System32\initdebug.nfo

2008-09-14 19:14 . 2008-09-14 19:15 <DIR> d-------- C:\Users\leclair\TGS Pub 2.2

2008-09-14 19:14 . 2008-07-12 08:18 3,851,784 --a------ C:\Users\leclair\D3DX9_39.dll

2008-09-14 17:35 . 2008-09-14 17:35 <DIR> d-------- C:\Users\leclair\Everything u need

2008-09-14 16:49 . 2008-08-02 23:16 536,667 --a------ C:\Users\leclair\Longevity Chams.dll

2008-09-14 16:45 . 2008-08-02 18:16 15,872 --a------ C:\Users\leclair\HackShield Bypass.dll

2008-09-14 16:07 . 2008-08-09 12:08 839,680 --a------ C:\Users\leclair\d3d9.dll

2008-09-14 11:40 . 2008-09-14 11:40 <DIR> d-------- C:\ATI

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-14 23:29 --------- d-----w C:\Program Files\Common Files\Game Updater

2008-10-14 00:56 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-10-14 00:56 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-10-13 23:27 --------- d---a-w C:\ProgramData\TEMP

2008-10-13 16:38 --------- d-----w C:\Users\leclair\AppData\Roaming\U3

2008-10-12 15:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-10-11 20:28 24 ----a-w C:\Users\leclair\jagex_runescape_preferences.dat

2008-10-11 13:02 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-07 16:35 --------- d-----w C:\Program Files\MSN Messenger

2008-10-07 16:35 --------- d-----w C:\Program Files\Azureus

2008-09-29 21:55 --------- d-----w C:\Users\leclair\AppData\Roaming\uTorrent

2008-09-29 02:11 --------- d-----w C:\Users\leclair\AppData\Roaming\Skype

2008-09-28 21:11 --------- d-----w C:\Users\leclair\AppData\Roaming\skypePM

2008-09-28 19:05 --------- d-----w C:\Users\leclair\AppData\Roaming\LimeWire

2008-09-26 20:14 --------- d-----w C:\Program Files\The All-Seeing Eye

2008-09-18 03:55 7,379,872 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys

2008-09-14 15:57 --------- d-----w C:\Users\leclair\AppData\Roaming\ATI

2008-09-13 20:31 --------- d-----w C:\ProgramData\NexonUS

2008-09-13 19:13 478,023,106 ----a-w C:\Users\leclair\CombatArmsSetup.exe

2008-09-13 17:47 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-09-13 01:30 --------- d-----w C:\Program Files\Driver Cleaner Pro

2008-09-13 01:01 --------- d-----w C:\Program Files\Intel

2008-09-13 00:39 --------- d-----w C:\Users\leclair\AppData\Roaming\Ubisoft

2008-09-13 00:16 --------- d--h--w C:\ProgramData\{0BC8968B-5A12-4C72-ACF4-4CC9A9A6F102}

2008-09-13 00:16 --------- d-----w C:\Program Files\Stardock

2008-09-13 00:06 --------- d-----w C:\Program Files\ma-config.com

2008-09-13 00:05 --------- d-----w C:\ProgramData\ma-config.com

2008-09-12 23:26 --------- d-----w C:\Program Files\oZone3D

2008-09-12 23:22 --------- d-----w C:\Program Files\Microsoft Works

2008-09-12 13:16 --------- d-----w C:\ProgramData\McAfee

2008-09-12 13:16 --------- d-----w C:\Program Files\McAfee

2008-09-02 00:16 --------- d-----w C:\ProgramData\Media Center Programs

2008-08-31 22:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-08-28 20:03 --------- d-----w C:\ProgramData\SiteAdvisor

2008-08-22 15:56 --------- d-----w C:\Program Files\Sun

2008-08-22 15:56 --------- d-----w C:\Program Files\Java

2008-08-22 03:55 1,055,232 ----a-w C:\Users\leclair\Engine.exe

2008-08-20 19:19 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-19 13:37 --------- d-----w C:\Program Files\Undelete NOW! Trial

2008-08-19 03:52 --------- d-----w C:\Program Files\Lavalys

2008-08-18 12:32 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-17 19:06 --------- d-----w C:\ProgramData\FLEXnet

2008-08-17 18:56 --------- d-----w C:\Program Files\Common Files\Macrovision Shared

2008-08-17 17:58 --------- d-----w C:\Program Files\Windows Mail

2008-08-17 17:39 --------- d-----w C:\Program Files\The Witcher

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-13 22:23 28,717,900 ----a-w C:\Users\leclair\sysclean.zip

2008-06-25 18:36 1,949,117 ----a-w C:\Users\leclair\tqvault.zip

2008-06-25 18:34 1,313,899 ----a-w C:\Users\leclair\tqvault_v2.13_beta3.zip

2008-06-25 16:07 2,548,205 ----a-w C:\Users\leclair\titan_quest_immortal_throne_SSTQDefilerFULL.zip

2008-06-13 18:32 1,482,674 ----a-w C:\Users\leclair\DragonNetwork.zip

2008-06-13 17:30 174 --sha-w C:\Program Files\desktop.ini

2008-05-09 21:25 646,912 ----a-w C:\Users\leclair\ksmod22.zip

2008-04-28 21:54 50,688 ----a-w C:\Users\leclair\ATF-Cleaner.exe

2008-04-26 00:49 22,328 ----a-w C:\Users\leclair\AppData\Roaming\PnkBstrK.sys

2008-04-23 19:53 44,814,336 ----a-w C:\Users\leclair\Photoshop.exe

2008-03-16 13:44 844,116 ----a-w C:\Users\leclair\the_elder_scrolls_4_oblivion_black_forest_manor_final.zip

2008-03-07 23:32 1,667,089 ----a-w C:\Users\leclair\obmm.zip

2008-03-07 22:45 491,763,398 ----a-w C:\Users\leclair\Oblivion-Z-1.0999.exe

2008-02-19 03:15 187 ----a-w C:\Users\leclair\realmlist.zip

2008-02-16 01:58 6,864 ----a-w C:\Users\leclair\layout.bin

2008-02-16 01:58 459,400 ----a-w C:\Users\leclair\setup.exe

2008-02-07 23:03 24,278,048 ----a-w C:\Users\leclair\dotnetfx.exe

2008-02-03 22:31 541,817 ----a-w C:\Users\leclair\GameXP.zip

2008-02-01 23:41 1,359,716 ----a-w C:\Users\leclair\atitool_atitool_0.26_anglais_17858.exe

2008-01-27 21:39 659,968 ----a-w C:\Users\leclair\Graphics.dll

2007-12-08 22:42 16 ----a-w C:\Users\leclair\IN.BIN

2007-12-08 22:20 3,381,280 ----a-w C:\Users\leclair\LimeWireWin.exe

2007-11-07 02:33 3,017,216 ----a-w C:\Users\leclair\Call of Duty® 4 - Modern Warfare Singleplayer no-dvd.exe

2007-10-30 21:56 870,400 ----a-w C:\Users\leclair\autorun.dat

2007-10-30 21:56 632,072 ----a-w C:\Users\leclair\msvcr80.dll

2007-10-30 21:56 554,248 ----a-w C:\Users\leclair\msvcp80.dll

2007-10-30 21:56 505,096 ----a-w C:\Users\leclair\msvcp71.dll

2007-10-30 21:56 484,616 ----a-w C:\Users\leclair\msvcm80.dll

2007-10-30 21:56 402,696 ----a-w C:\Users\leclair\AutoRun.exe

2007-10-30 21:56 386,312 ----a-w C:\Users\leclair\server.dll

2007-10-30 21:56 386,312 ----a-w C:\Users\leclair\EASetup.exe

2007-10-30 21:56 353,544 ----a-w C:\Users\leclair\msvcr71.dll

2007-10-30 21:56 1,180,936 ----a-w C:\Users\leclair\msvcr80d.dll

2007-10-30 21:56 1,041,672 ----a-w C:\Users\leclair\msvcp80d.dll

2007-10-30 21:56 1,021,192 ----a-w C:\Users\leclair\msvcm80d.dll

2007-10-25 01:50 258 ----a-w C:\Users\leclair\dat.bin

2007-10-04 07:14 4,498,779 ----a-w C:\Users\leclair\iw3sp.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{da30eff8-ccc6-4162-a20d-67402a26a215}"= "C:\Program Files\Best_Security_Tips\tbBest.dll" [2007-12-19 1514520]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]

2007-12-19 16:53 1514520 --a------ C:\Program Files\Best_Security_Tips\tbBest.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{da30eff8-ccc6-4162-a20d-67402a26a215}"= "C:\Program Files\Best_Security_Tips\tbBest.dll" [2007-12-19 1514520]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"= "C:\Program Files\Best_Security_Tips\tbBest.dll" [2007-12-19 1514520]

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-03-16 138008]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"VideotronSA.exe"="C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" [2007-06-13 2061816]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-17 13580832]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-17 92704]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 44168]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Color Calibration.lnk - C:\Program Files\SEC\MT2.5_RAFF\GammaTray.exe [2007-09-16 36864]

GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2007-09-15 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]

FactoryMode [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

--a------ 2007-07-02 06:27 219520 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

--a------ 2007-06-22 08:45 133576 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

--a------ 2008-01-19 03:33 125952 C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

--a------ 2007-03-16 10:18 154392 C:\Windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-02-17 02:11 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

--a------ 2006-09-28 09:42 65536 c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

--a------ 2008-07-20 17:45 182808 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 15:30 249856 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 15:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

--a------ 2006-12-08 12:16 65536 C:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 15:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]

--a------ 2007-03-14 16:42 321088 C:\Program Files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

--a------ 2007-03-16 10:18 133912 C:\Windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2008-01-20 03:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]

--a------ 2007-03-02 17:55 1441792 C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2008-03-27 19:40 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-09-29 13:03 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{47979CB9-8D97-497A-98A1-D7F56F9AB6AA}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{4BDA2472-0847-4CAA-AA21-969608477352}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{7D3FBCB0-A9AA-42AD-B1E3-B538F7659ADA}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{CFB7A9E2-12E9-4716-B601-F61D5B838E51}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{91E1F0F7-0379-4D8F-807B-769C743F7BEA}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{5FCEF090-3457-4E1B-A81E-90BD23B248A7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{5CF2A95B-D020-40F6-9120-8984AA457D4B}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery

"{030C16F7-DF69-4DFC-BE84-98A695B9EC8E}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery

"{491269BF-97AA-4CB7-B418-5871726309CF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{42A1BFA7-5A11-44C1-B40A-9017D4A7A47D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{6EF74FE0-53FA-46A0-A5CD-D038A1D915E0}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{14405FA1-EB0B-4674-8093-01D760DEBD9A}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{CACD5F5D-CD6F-459C-85C4-4C4FD8924289}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{CD1E0005-C6E1-4ED2-A944-1334DD48BBD0}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{795C016C-1BD0-4656-8940-E95112CB5821}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{0B32388D-4216-43CB-B616-261E8DB8D23B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{6E5244E2-DE8E-4AB8-97EC-46F9ACD68043}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{4A828DAC-CFC6-4AB5-B318-722F830B7249}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{BE806DAF-3941-4C82-B458-266837DA5BE7}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"TCP Query User{A96DEC77-2020-4307-95A7-7A102466D161}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{CEDC14C4-E259-413B-968B-A3CE14763698}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"TCP Query User{D549787C-149D-41E3-B545-32A84947DAF3}C:\\users\\leclair\\documents\\azureus\\azureus.exe"= UDP:C:\users\leclair\documents\azureus\azureus.exe:azureus.exe

"UDP Query User{5EF6ABF5-F4D7-4735-A575-E160B5F6B4CC}C:\\users\\leclair\\documents\\azureus\\azureus.exe"= TCP:C:\users\leclair\documents\azureus\azureus.exe:azureus.exe

"TCP Query User{6741D45B-D1F3-4094-A17C-A7D99F9CA1CD}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{1A15E84F-915E-40AC-AFD0-116756297B71}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{8CD660C6-BE29-47D5-8812-13F7C16C81CB}C:\\program files\\thq\\titan quest\\titan quest.exe"= UDP:C:\program files\thq\titan quest\titan quest.exe:Titan Quest

"UDP Query User{0710D0C9-E3E6-46E2-845C-22AFC33FEAF3}C:\\program files\\thq\\titan quest\\titan quest.exe"= TCP:C:\program files\thq\titan quest\titan quest.exe:Titan Quest

"TCP Query User{6D8D3395-C847-4E96-A61D-E0A8F0FBC53A}C:\\program files\\sierra\\fear\\fpupdate.exe"= UDP:C:\program files\sierra\fear\fpupdate.exe:fpupdate

"UDP Query User{1711A4F5-A56F-4618-BA44-5EA6367B7614}C:\\program files\\sierra\\fear\\fpupdate.exe"= TCP:C:\program files\sierra\fear\fpupdate.exe:fpupdate

"TCP Query User{D376FC54-EBE8-4F39-8DB1-404374609BAB}C:\\program files\\call of duty\\codmp.exe"= UDP:C:\program files\call of duty\codmp.exe:CoDMP

"UDP Query User{493463F4-61D7-49CA-A68E-AEE8BAE2971E}C:\\program files\\call of duty\\codmp.exe"= TCP:C:\program files\call of duty\codmp.exe:CoDMP

"TCP Query User{93A4A083-3FBC-4226-8CEB-8CC1D7BD96D9}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s

"UDP Query User{AFBD8F8B-615D-4CDE-AA97-093A218B71C1}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s

"TCP Query User{214A0622-FC00-4D32-8B01-6FD0D6E3DCF8}C:\\users\\leclair\\appdata\\local\\temp\\nhl-crack.exe"= UDP:C:\users\leclair\appdata\local\temp\nhl-crack.exe:nhl-crack.exe

"UDP Query User{13F4A220-2627-4A1B-AFD2-6EB13391E266}C:\\users\\leclair\\appdata\\local\\temp\\nhl-crack.exe"= TCP:C:\users\leclair\appdata\local\temp\nhl-crack.exe:nhl-crack.exe

"{629E38DE-961C-4A49-A3CF-36D4652E5491}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{7272FB9A-8F29-4038-8DD6-ADAD8336C06C}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{BAD932C9-5425-42E2-8804-BEA608EF3470}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{0E708F07-8D42-44C3-9F70-63FDA0CD08DA}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{267CFBC9-C6E4-43EF-8F39-7AC1D57533D7}C:\\users\\leclair\\desktop\\zulaman-final_fr_f-avi-downloader.exe"= UDP:C:\users\leclair\desktop\zulaman-final_fr_f-avi-downloader.exe:zulaman-final_fr_f-avi-downloader.exe

"UDP Query User{0AC5E78C-BA8E-4FF6-A121-9B2BDC38AD68}C:\\users\\leclair\\desktop\\zulaman-final_fr_f-avi-downloader.exe"= TCP:C:\users\leclair\desktop\zulaman-final_fr_f-avi-downloader.exe:zulaman-final_fr_f-avi-downloader.exe

"{2FB85B15-5376-40CF-AC88-C89F05690AF8}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{7DF4BA3D-5174-497F-A05D-1B2E0ACE0FC5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{05AAE8E5-2214-42F1-86E7-22ABF930E28F}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader

"UDP Query User{E4FA6BCD-25F7-49FF-8BF0-CD941B98B007}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader

"TCP Query User{5EB2B84F-1384-4C27-9D27-73AF104915D7}C:\\users\\leclair\\documents\\starcraft2cinematictrailer_frencheu-avi-downloader.exe"= UDP:C:\users\leclair\documents\starcraft2cinematictrailer_frencheu-avi-downloader.exe:starcraft2cinematictrailer_frencheu-avi-downloader.exe

"UDP Query User{50AC51F7-724C-4FAF-8CCC-E85C835D2C13}C:\\users\\leclair\\documents\\starcraft2cinematictrailer_frencheu-avi-downloader.exe"= TCP:C:\users\leclair\documents\starcraft2cinematictrailer_frencheu-avi-downloader.exe:starcraft2cinematictrailer_frencheu-avi-downloader.exe

"{CD82BE72-794F-472A-95B1-400CA832DE1E}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs

"{10ABBC15-A76D-4AB1-A61E-6B93F00DC505}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs

"TCP Query User{C47FD405-140C-4B55-B067-6795400C49EB}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3

"UDP Query User{02F07346-5065-4383-B0D8-8FA49CBB3AE7}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3

"TCP Query User{E8224325-7420-47E3-B202-585E33A828BE}C:\\users\\leclair\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\leclair\program files\utorrent\utorrent.exe:utorrent.exe

"UDP Query User{FEF840E6-99C3-477B-B375-D89C0A5A19E5}C:\\users\\leclair\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\leclair\program files\utorrent\utorrent.exe:utorrent.exe

"TCP Query User{B49A84C7-8E05-49EC-821E-4B84B863DA89}C:\\windows\\system32\\srvces.exe"= UDP:C:\windows\system32\srvces.exe:Srvces

"UDP Query User{3B65446A-B4BD-493C-BF43-CC82F4250EC1}C:\\windows\\system32\\srvces.exe"= TCP:C:\windows\system32\srvces.exe:Srvces

"TCP Query User{EC2C4F8E-3FF5-4D5D-B0D5-383BC83A6FBD}C:\\program files\\the all-seeing eye\\eye.exe"= UDP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye

"UDP Query User{82D16037-AA4D-4269-99A7-51457C43420F}C:\\program files\\the all-seeing eye\\eye.exe"= TCP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye

"TCP Query User{D931D99E-B19B-48CB-8C13-E37C43D1B659}C:\\windows\\system32\\srvces.exe"= UDP:C:\windows\system32\srvces.exe:Srvces

"UDP Query User{C70652B5-DED5-44BB-AF0E-C931FC41886C}C:\\windows\\system32\\srvces.exe"= TCP:C:\windows\system32\srvces.exe:Srvces

"TCP Query User{CC33E105-661A-4CC7-B1F1-754FEDDB1977}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{9CFFB7FA-B271-4062-A020-BE9489089264}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

"{064DCAC2-DF08-4DCA-8202-09FBDE2183B9}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

"{42DCD354-F6D1-4B6B-8969-384FB21266FC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{4146FF67-2F60-4138-950E-877758738F63}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"TCP Query User{D6B426D4-C82A-4CFA-B7E9-6CF31468AD90}C:\\program files\\thq\\titan quest immortal throne\\tqit.exe"= UDP:C:\program files\thq\titan quest immortal throne\tqit.exe:Tqit

"UDP Query User{46D56E64-B436-45E4-A4CC-A6983B1221DD}C:\\program files\\thq\\titan quest immortal throne\\tqit.exe"= TCP:C:\program files\thq\titan quest immortal throne\tqit.exe:Tqit

"{B6C74284-3981-48BA-A2B6-4BBAFA7AFA11}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{01BCD67F-2661-4D0C-9643-5BA3F0CF4D65}C:\\program files\\rhapsody\\rhapsody.exe"= UDP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody

"UDP Query User{6D522F91-D9BB-4DFE-9D8B-89680F2DD492}C:\\program files\\rhapsody\\rhapsody.exe"= TCP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody

"TCP Query User{3DC9E8E4-8C84-4CD6-9B8A-771F54FE32F4}C:\\users\\leclair\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\leclair\program files\utorrent\utorrent.exe:utorrent.exe

"UDP Query User{6762F73A-57D4-4A6B-B8F3-7DFA1350BFCF}C:\\users\\leclair\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\leclair\program files\utorrent\utorrent.exe:utorrent.exe

"TCP Query User{6F860815-1365-4248-A55E-663B84E570D8}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{CB8B0954-7C98-4BB5-A09B-A62AB09AF782}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"{A679C526-1548-4FDB-A2E8-9C5E33D7A0B1}"= UDP:C:\Users\leclair\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{BF772B1A-9587-4968-8832-B762507D8447}"= TCP:C:\Users\leclair\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{06F352FF-CB6F-426A-A8D3-DB003BF8F6FD}"= UDP:C:\Users\leclair\AppData\Local\VirtualStore\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{B8A4EBD9-E380-4283-A623-289D1F446FF0}"= TCP:C:\Users\leclair\AppData\Local\VirtualStore\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{327F23AB-2688-4D63-945F-53AAF00253DE}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{2914DAB1-89CA-43C9-AB98-CEF7A559D060}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{85DEFEAD-BE11-487F-8EAC-11BFDB9963AD}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{44123F45-07F3-41CE-B4EB-35A0013947BE}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"{33BB1EEA-D88F-4212-99A6-AD3296939BB4}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

"{1A1D2091-6F20-44B0-92EE-D188CBF2D1F2}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

"{C3B061F2-9775-468C-91EF-CF863167F354}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{7B203FC4-DBAF-4BDA-8755-32037A33E826}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{1495E7EF-E7B7-4859-A60C-29893E59F4B9}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{221AA146-1F4C-40FE-A2F2-E645473C73E3}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{9C186AB1-6EF8-4EDD-A845-684222737CC4}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{42289D5C-FD2C-475B-B70B-6C646BAB12C0}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{E0BFB3DA-5E89-4F1D-AC90-3BACCC694241}"= UDP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager

"{0B022E6F-D505-455C-8D14-0AB91692AADF}"= TCP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager

"{12130F98-0C51-4705-B9A7-274A033EA46E}"= UDP:C:\Nexon\Combat Arms\NMService.exe:Nexon Messenger Core

"{91CBC215-92C8-40D8-A9D7-FE3A5E2B7524}"= TCP:C:\Nexon\Combat Arms\NMService.exe:Nexon Messenger Core

"{57A8361A-455D-42AE-A019-F512EF1727B1}"= UDP:C:\Program Files\Combat Arms\NMService.exe:Nexon Messenger Core

"{4078ACB0-1354-4407-B252-46730F3BD614}"= TCP:C:\Program Files\Combat Arms\NMService.exe:Nexon Messenger Core

"{FB0E8EC0-D694-4B8A-978A-71F055DCAAA1}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo

"{50DAEF77-D1CB-46CA-B535-2A90889B542E}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

"C:\\Nexon\\Combat Arms\\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\\Nexon\\Combat Arms\\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"C:\\Program Files\\Combat Arms\\CombatArms.exe"= C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\\Program Files\\Combat Arms\\Engine.exe"= C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe

R1 hmonitor;hmonitor;C:\Windows\system32\drivers\hmonitor.sys [2008-06-08 10536]

R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]

R2 gameupdater;Game Updater;C:\Program Files\Common Files\Game Updater\gameupdater.exe [2008-06-19 12288]

S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]

S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-01 3894272]

S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]

S3 Radialpoint Security Services;Services de sécurité Vidéotron;C:\Windows\system32\dllhost.exe [2006-11-02 7168]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-03 87288]

S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 7680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\shell\AutoRun\command - E:\autorun.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]

\shell\AutoRun\command - L:\autorun.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16cecb3a-67ed-11dc-b5c4-001bfc242aa7}]

\shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2085fa5f-be31-11dc-83e8-001bfc242aa7}]

\shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2085fa61-be31-11dc-83e8-001bfc242aa7}]

\shell\AutoRun\command - N:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a76dff4-63de-11dc-9c2a-806e6f6e6963}]

\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5896df8-b1dc-11dc-b460-001bfc242aa7}]

\shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6d7f837-a7eb-11dc-9832-001bfc242aa7}]

\shell\AutoRun\command - K:\Autorun.exe

.

Contenu du dossier 'Tâches planifiées'

2008-10-14 C:\Windows\Tasks\User_Feed_Synchronization-{F846550B-F91D-4348-B774-5C9F9ECD45A0}.job

- C:\Windows\system32\msfeedssync.exe [2008-01-19 03:33]

2008-10-14 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

.

- - - - ORPHELINS SUPPRIMES - - - -

Notify-yayyyaw - yayyyaw.dll

MSConfigStartUp-441ba586 - C:\Users\leclair\AppData\Local\Temp\yvoncspq.dll

MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-BM4728961a - C:\Users\leclair\AppData\Local\Temp\cmiwitdh.dll

MSConfigStartUp-cmds - C:\Users\leclair\AppData\Local\Temp\efeda.dll

MSConfigStartUp-HPAdvisor - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

MSConfigStartUp-mcagent_exe - C:\Program Files\McAfee.com\Agent\mcagent.exe

MSConfigStartUp-McENUI - C:\PROGRA~1\McAfee\MHN\McENUI.exe

MSConfigStartUp-MSServer - C:\Users\leclair\AppData\Local\Temp\byvut.dll

MSConfigStartUp-StartCCC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

MSConfigStartUp-USB Print - nhl-crack.exe

.

------- Examen supplémentaire -------

.

FireFox -: Profile - C:\Users\leclair\AppData\Roaming\Mozilla\Firefox\Profiles\rbmlgvzm.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-14 19:30:43

Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

C:\Users\leclair\AppData\Local\Temp\leclair.bmp

C:\Users\leclair\AppData\Local\Temp\WER-255950-0.sysdata.xml 69320 bytes

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

C:\Windows\System32\nvvsvc.exe

C:\Windows\System32\Ati2evxx.exe

C:\Windows\System32\audiodg.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\Ati2evxx.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\MagicTune Premium\MagicTuneEngine.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\Windows\System32\PnkBstrA.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Windows\System32\drivers\XAudio.exe

C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\WerFault.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\RacAgent.exe

.

**************************************************************************

.

Heure de fin: 2008-10-14 19:42:55 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-10-14 23:41:49

Avant-CF: 55 679 913 984 bytes free

Après-CF: 58,639,581,184 bytes free

446 --- E O F --- 2008-10-11 18:15:17

[snooky]

Copie (Ctrl+C) le texte ci-dessous :

Files::

C:\32788R22FWJFW

C:\Windows\System32\ezsidmv.dat

C:\windows\system32\srvces.exe

C:\Users\leclair\sysclean.zip

Folder::

C:\ProgramData\Spybot - Search & Destroy

C:\Program Files\Spybot - Search & Destroy

C:\ProgramData\McAfee

C:\Program Files\McAfee

C:\Program Files\Common Files\Symantec Shared

C:\ProgramData\SiteAdvisor

C:\Program Files\Best_Security_Tips

Registre::

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{da30eff8-ccc6-4162-a20d-67402a26a215}"

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{da30eff8-ccc6-4162-a20d-67402a26a215}"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]"{DA30EFF8-CCC6-4162-A20D-67402A26A215}"

[HKEY_CLASSES_ROOT\clsid\{da30eff8-ccc6-4162-a20d-67402a26a215}]

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.

Sauvegarde ce fichier sous le nom de CFScript.txt

Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Ne touche à rien tant que le scan n'est pas terminé.

Poste le nouveau rapport créé par ComboFix .

[emmanuel123]

Salut, ça dit cannot find mesage text for message number 0x8 in the message file for application et

cnnot find message text for message number ox234d in the messag efile for application

[snooky]

En prenant que ce texte pour le script :

Files::

C:\32788R22FWJFW

C:\Windows\System32\ezsidmv.dat

C:\windows\system32\srvces.exe

C:\Users\leclair\sysclean.zip

Folder::

C:\ProgramData\Spybot - Search & Destroy

C:\Program Files\Spybot - Search & Destroy

C:\ProgramData\McAfee

C:\Program Files\McAfee

C:\Program Files\Common Files\Symantec Shared

C:\ProgramData\SiteAdvisor

C:\Program Files\Best_Security_Tips

[emmanuel123]

Re, Voici le nouveau rapport :

ComboFix 08-10-15.05 - leclair 2008-10-15 19:55:08.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1191 [GMT -4:00]

Lancé depuis: C:\Users\leclair\Desktop\ComboFix.exe

Commutateurs utilisés :: C:\Users\leclair\Desktop\CFScript.txt

* Un nouveau point de restauration a été créé

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\Best_Security_Tips

C:\Program Files\Best_Security_Tips\INSTALL.LOG

C:\Program Files\Best_Security_Tips\tbBest.dll

C:\Program Files\Best_Security_Tips\toolbar.cfg

C:\Program Files\Best_Security_Tips\UNWISE.EXE

C:\Program Files\Common Files\Symantec Shared

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll

C:\Program Files\McAfee

C:\Program Files\Spybot - Search & Destroy

C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll

C:\Program Files\Spybot - Search & Destroy\Plugins\Fennel.dll

C:\Program Files\Spybot - Search & Destroy\Plugins\Mate.dll

C:\ProgramData\McAfee

C:\ProgramData\McAfee\MSADP\Cache\SaSubDB.Bak

C:\ProgramData\McAfee\MSADP\SaSubDB.Dat

C:\ProgramData\McAfee\MSC\Cache\McSubDB.Bak

C:\ProgramData\McAfee\MSC\mcini.ini

C:\ProgramData\McAfee\MSC\McSubDB.Dat

C:\ProgramData\SiteAdvisor

C:\ProgramData\SiteAdvisor\guid.txt

C:\ProgramData\SiteAdvisor\service.log

C:\ProgramData\Spybot - Search & Destroy

C:\ProgramData\Spybot - Search & Destroy\Logs\Checks.080428-2108.log

C:\ProgramData\Spybot - Search & Destroy\Logs\Checks.080428-2121.txt

C:\ProgramData\Spybot - Search & Destroy\Logs\Checks.080926-1549.log

C:\ProgramData\Spybot - Search & Destroy\Logs\Checks.080926-1605.txt

C:\ProgramData\Spybot - Search & Destroy\Logs\Checks.080927-1146.log

C:\ProgramData\Spybot - Search & Destroy\Logs\Fixes.080428-2121.txt

C:\ProgramData\Spybot - Search & Destroy\Logs\Fixes.080926-1608.txt

C:\ProgramData\Spybot - Search & Destroy\Logs\Fixes.080926-1609.txt

C:\ProgramData\Spybot - Search & Destroy\Logs\Resident.log

C:\ProgramData\Spybot - Search & Destroy\Logs\Update downloads.log

C:\ProgramData\Spybot - Search & Destroy\Recovery\dBpowerAMP.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\dBpowerAMP1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\dBpowerAMP2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\dBpowerAMP3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\dBpowerAMP4.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\dBpowerAMP5.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\dBpowerAMP6.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\dBpowerAMP7.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante10.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante11.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante12.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante13.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante14.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante15.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante16.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante17.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante18.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante4.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante5.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante6.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante7.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante8.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\DLLpartagemanquante9.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Fichierdaidemanquant.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Fichierdaidemanquant1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Fichierdaidemanquant2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Fichierdaidemanquant3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Fichierdaidemanquant4.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Fichierdaidemanquant5.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Fichierdaidemanquant6.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb10.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb11.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb12.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb13.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb14.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb15.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb16.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb17.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb18.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb19.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb20.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb21.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb22.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb23.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb24.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb25.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb26.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb4.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb5.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb6.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb7.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb8.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWeb9.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts12.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts13.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts14.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts15.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts16.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts17.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts18.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts19.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts20.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts21.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts22.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts23.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts24.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts25.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts26.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts27.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts28.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts30.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts31.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts32.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts33.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts34.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts35.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts36.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts37.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts38.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts39.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts40.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts41.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts42.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts43.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts44.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts45.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts46.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts47.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts48.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts49.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts50.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts51.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts52.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts53.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts54.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Informationdedsinstallationerrone.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Informationdedsinstallationerrone1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\InternetExplorer.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\InternetExplorer2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\InternetExplorer3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\InternetExplorer4.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\InternetExplorer5.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\InternetExplorer6.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Isobuster.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Localisationerrone.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Localisationerrone1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Localisationerrone2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Localisationerrone3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Localisationerrone4.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Localisationerrone5.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Localisationerrone6.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Localisationerrone7.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Localisationerrone8.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MeMediaAdVantage.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MeMediaAdVantage1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MeMediaAdVantage2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MeMediaAdVantage3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSDirectD.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSDirectD1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSDirectD2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSDirectD3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSDirectD4.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSDirectDraw.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSDirectInput.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSDirectInput1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSDirectInput2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSDirectInput3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSManagementConsole.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSMediaPlayer.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSMediaPlayer1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSOffice.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSOffice1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSOfficePowerPoint.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSOfficePowerPoint1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSOfficePowerPoint2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSOfficePowerPoint3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSOfficeWord.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSOfficeWord1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSPaint.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSRegedit.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MSWordpad.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch10.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch11.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch13.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch14.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch15.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch16.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch17.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch18.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch19.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch20.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch22.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch23.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch24.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch25.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch26.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch27.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch28.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch29.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch30.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch31.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch32.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch33.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch35.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch36.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch37.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch38.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch39.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch40.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch41.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch42.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch43.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch44.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch45.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch46.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch47.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch48.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch49.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch50.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch51.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch52.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch53.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch54.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch55.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch56.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch57.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch58.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch59.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch60.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch61.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch62.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch63.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch64.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch65.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch66.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch67.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch68.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch69.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch70.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch71.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch72.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch73.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch74.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch75.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch76.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch77.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch78.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch79.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch80.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch81.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch82.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch83.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch84.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch85.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch86.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch10.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch11.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch12.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch13.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch14.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch15.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch16.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch17.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch18.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch19.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch20.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch4.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch5.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch6.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch7.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch8.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWebSearch9.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\RealOnePlayerakaRealPlayer.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\RealOnePlayerakaRealPlayer1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\RealOnePlayerakaRealPlayer2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\RealOnePlayerakaRealPlayer3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\VirtualDub.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Virtumonde.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\Windows.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsExplorer.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsExplorer1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsExplorer2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsExplorer3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsMediaSDK.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsMediaSDK1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsMediaSDK10.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsMediaSDK11.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsMediaSDK2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsMediaSDK3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsMediaSDK4.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsMediaSDK5.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsMediaSDK6.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsMediaSDK7.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsMediaSDK8.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsMediaSDK9.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsOpenWith.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsOpenWith1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsOpenWith2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsOpenWith3.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WindowsOpenWith4.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WinRAR.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WinRAR1.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WinRAR2.zip

C:\ProgramData\Spybot - Search & Destroy\Recovery\WinRAR3.zip

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-15 au 2008-10-15 ))))))))))))))))))))))))))))))))))))

.

2008-10-13 22:05 . 2008-10-13 22:05 <DIR> d-------- C:\Users\leclair\AppData\Roaming\Malwarebytes

2008-10-13 22:05 . 2008-10-13 22:05 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-10-13 22:05 . 2008-10-13 22:05 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-10-13 22:05 . 2008-10-13 22:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-10-13 22:05 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-10-13 22:05 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys

2008-10-13 21:26 . 2008-10-13 21:26 <DIR> d-------- C:\VundoFix Backups

2008-10-13 20:55 . 2008-10-13 20:55 <DIR> d-------- C:\Users\All Users\Avg8

2008-10-13 20:55 . 2008-10-13 20:55 <DIR> d-------- C:\ProgramData\Avg8

2008-10-13 12:37 . 2008-10-13 12:37 0 --a------ C:\LOG9E12.tmp

2008-10-12 11:54 . 2008-10-12 11:54 <DIR> d-------- C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP

2008-10-12 11:54 . 2008-10-12 11:54 <DIR> d-------- C:\Program Files\Netdevil

2008-10-12 11:33 . 2008-10-12 11:33 <DIR> d-------- C:\Users\leclair\AppData\Roaming\Download Manager

2008-10-11 18:00 . 2008-10-11 18:00 <DIR> d-------- C:\Users\leclair\AppData\Roaming\InstallShield Installation Information

2008-10-11 17:54 . 2008-10-11 17:54 <DIR> d-------- C:\Program Files\Unreal Tournament 3 Demo

2008-10-11 17:52 . 2008-10-11 17:52 <DIR> d-------- C:\Windows\System32\AGEIA

2008-10-11 17:52 . 2008-10-12 11:30 <DIR> d-------- C:\Program Files\AGEIA Technologies

2008-10-11 14:57 . 2008-10-11 14:57 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2008-10-11 14:53 . 2008-10-11 14:54 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint

2008-10-11 14:05 . 2008-10-11 14:25 <DIR> d-------- C:\Users\All Users\NVIDIA

2008-10-11 14:05 . 2008-10-11 14:25 <DIR> d-------- C:\ProgramData\NVIDIA

2008-10-11 14:00 . 2008-09-17 23:55 1,108,512 --a------ C:\Windows\System32\nvcpluir.dll

2008-10-11 14:00 . 2008-09-17 23:55 797,216 --a------ C:\Windows\System32\nvcplui.exe

2008-10-11 14:00 . 2008-09-17 23:55 420,384 --a------ C:\Windows\System32\nvcpl.cpl

2008-10-11 14:00 . 2007-11-06 19:00 307,200 --a------ C:\Windows\System32\nvexpbar.dll

2008-10-11 13:51 . 2008-09-17 23:55 453,152 --a------ C:\Windows\System32\NVUNINST.EXE

2008-09-28 16:33 . 2008-09-28 16:33 0 --a------ C:\LOGC0C7.tmp

2008-09-28 09:23 . 2008-09-28 09:23 <DIR> d-------- C:\Users\leclair\AppData\Roaming\WinPatrol

2008-09-28 09:22 . 2008-09-28 09:22 <DIR> d-------- C:\Program Files\BillP Studios

2008-09-27 16:52 . 2008-09-27 16:52 56 --ah----- C:\Windows\System32\ezsidmv.dat

2008-09-27 12:17 . 2008-09-27 12:17 0 --a------ C:\LOG7F3D.tmp

2008-09-27 12:08 . 2008-09-27 12:08 0 --a------ C:\LOGE955.tmp

2008-09-26 16:10 . 2008-09-28 09:24 <DIR> d-------- C:\Program Files\Enigma Software Group

2008-09-26 16:08 . 2008-09-26 16:08 332 --a------ C:\Windows\wininit.ini

2008-09-26 15:54 . 2008-09-26 15:57 <DIR> d-------- C:\Program Files\AVG

2008-09-17 21:18 . 2008-09-17 21:18 <DIR> d-------- C:\Program Files\RivaTuner v2.10

2008-09-16 15:55 . 2008-09-16 15:55 268 --ah----- C:\sqmdata03.sqm

2008-09-16 15:55 . 2008-09-16 15:55 244 --ah----- C:\sqmnoopt03.sqm

2008-09-15 19:16 . 2008-09-15 19:16 0 --a------ C:\LOG4130.tmp

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-15 23:37 --------- d-----w C:\Program Files\Common Files\Game Updater

2008-10-13 23:27 --------- d---a-w C:\ProgramData\TEMP

2008-10-13 16:38 --------- d-----w C:\Users\leclair\AppData\Roaming\U3

2008-10-12 15:54 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-10-11 20:28 24 ----a-w C:\Users\leclair\jagex_runescape_preferences.dat

2008-10-11 13:02 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-10-07 16:35 --------- d-----w C:\Program Files\MSN Messenger

2008-10-07 16:35 --------- d-----w C:\Program Files\Azureus

2008-09-29 21:55 --------- d-----w C:\Users\leclair\AppData\Roaming\uTorrent

2008-09-29 02:11 --------- d-----w C:\Users\leclair\AppData\Roaming\Skype

2008-09-28 21:11 --------- d-----w C:\Users\leclair\AppData\Roaming\skypePM

2008-09-28 19:05 --------- d-----w C:\Users\leclair\AppData\Roaming\LimeWire

2008-09-26 20:14 --------- d-----w C:\Program Files\The All-Seeing Eye

2008-09-18 01:13 --------- d-----w C:\Program Files\Motherboard Monitor 5

2008-09-17 01:46 --------- d-----w C:\Program Files\SpeedFan

2008-09-15 01:44 --------- d-----w C:\Program Files\Hmonitor

2008-09-14 15:57 --------- d-----w C:\Users\leclair\AppData\Roaming\ATI

2008-09-13 20:31 --------- d-----w C:\ProgramData\NexonUS

2008-09-13 19:13 478,023,106 ----a-w C:\Users\leclair\CombatArmsSetup.exe

2008-09-13 17:54 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe

2008-09-13 17:47 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys

2008-09-13 01:30 --------- d-----w C:\Program Files\Driver Cleaner Pro

2008-09-13 01:01 --------- d-----w C:\Program Files\Intel

2008-09-13 00:39 --------- d-----w C:\Users\leclair\AppData\Roaming\Ubisoft

2008-09-13 00:16 --------- d--h--w C:\ProgramData\{0BC8968B-5A12-4C72-ACF4-4CC9A9A6F102}

2008-09-13 00:16 --------- d-----w C:\Program Files\Stardock

2008-09-13 00:06 --------- d-----w C:\Program Files\ma-config.com

2008-09-13 00:05 --------- d-----w C:\ProgramData\ma-config.com

2008-09-12 23:26 --------- d-----w C:\Program Files\oZone3D

2008-09-12 23:22 --------- d-----w C:\Program Files\Microsoft Works

2008-09-04 13:31 288,024 ----a-w C:\Windows\System32\PhysXCplUI.exe

2008-09-02 00:16 --------- d-----w C:\ProgramData\Media Center Programs

2008-09-01 20:42 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe

2008-08-29 12:57 70,936 ----a-w C:\Windows\System32\PhysXLoader.dll

2008-08-22 15:56 --------- d-----w C:\Program Files\Sun

2008-08-22 15:56 --------- d-----w C:\Program Files\Java

2008-08-22 03:55 1,055,232 ----a-w C:\Users\leclair\Engine.exe

2008-08-20 19:19 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-19 13:37 --------- d-----w C:\Program Files\Undelete NOW! Trial

2008-08-19 03:52 --------- d-----w C:\Program Files\Lavalys

2008-08-18 12:32 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-17 19:06 --------- d-----w C:\ProgramData\FLEXnet

2008-08-17 18:56 --------- d-----w C:\Program Files\Common Files\Macrovision Shared

2008-08-17 17:58 --------- d-----w C:\Program Files\Windows Mail

2008-08-17 17:39 --------- d-----w C:\Program Files\The Witcher

2008-08-09 16:08 839,680 ----a-w C:\Users\leclair\d3d9.dll

2008-08-03 03:16 536,667 ----a-w C:\Users\leclair\Longevity Chams.dll

2008-08-02 22:16 15,872 ----a-w C:\Users\leclair\HackShield Bypass.dll

2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll

2008-08-01 04:47 425,984 ----a-w C:\Windows\System32\ATIDEMGX.dll

2008-08-01 04:47 327,680 ----a-w C:\Windows\System32\atipdlxx.dll

2008-08-01 04:47 258,048 ----a-w C:\Windows\System32\Oemdspif.dll

2008-08-01 04:47 159,744 ----a-w C:\Windows\System32\atitmmxx.dll

2008-08-01 04:46 43,520 ----a-w C:\Windows\System32\ati2edxx.dll

2008-08-01 04:46 270,336 ----a-w C:\Windows\System32\Ati2evxx.dll

2008-08-01 04:45 700,416 ----a-w C:\Windows\System32\Ati2evxx.exe

2008-08-01 04:32 3,823,616 ----a-w C:\Windows\System32\atiumdag.dll

2008-08-01 04:15 4,463,104 ----a-w C:\Windows\System32\atiumdva.dll

2008-08-01 04:10 9,687,040 ----a-w C:\Windows\System32\atioglxx.dll

2008-08-01 04:04 50,688 ----a-w C:\Windows\System32\amdpcom32.dll

2008-08-01 04:03 45,568 ----a-w C:\Windows\System32\atiadlxx.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe

2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll

2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll

2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll

2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll

2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll

2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll

2008-07-19 02:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll

2008-07-19 00:44 31,232 ----a-w C:\Windows\System32\wuapp.exe

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-07-13 22:23 28,717,900 ----a-w C:\Users\leclair\sysclean.zip

2008-07-12 12:18 3,851,784 ----a-w C:\Users\leclair\D3DX9_39.dll

2008-06-25 18:36 1,949,117 ----a-w C:\Users\leclair\tqvault.zip

2008-06-25 18:34 1,313,899 ----a-w C:\Users\leclair\tqvault_v2.13_beta3.zip

2008-06-25 16:07 2,548,205 ----a-w C:\Users\leclair\titan_quest_immortal_throne_SSTQDefilerFULL.zip

2008-06-13 18:32 1,482,674 ----a-w C:\Users\leclair\DragonNetwork.zip

2008-06-13 17:30 174 --sha-w C:\Program Files\desktop.ini

2008-05-09 21:25 646,912 ----a-w C:\Users\leclair\ksmod22.zip

2008-04-28 21:54 50,688 ----a-w C:\Users\leclair\ATF-Cleaner.exe

2008-04-26 00:49 22,328 ----a-w C:\Users\leclair\AppData\Roaming\PnkBstrK.sys

2008-04-23 19:53 44,814,336 ----a-w C:\Users\leclair\Photoshop.exe

2008-03-16 13:44 844,116 ----a-w C:\Users\leclair\the_elder_scrolls_4_oblivion_black_forest_manor_final.zip

2008-03-07 23:32 1,667,089 ----a-w C:\Users\leclair\obmm.zip

2008-03-07 22:45 491,763,398 ----a-w C:\Users\leclair\Oblivion-Z-1.0999.exe

2008-02-19 03:15 187 ----a-w C:\Users\leclair\realmlist.zip

2008-02-16 01:58 6,864 ----a-w C:\Users\leclair\layout.bin

2008-02-16 01:58 459,400 ----a-w C:\Users\leclair\setup.exe

2008-02-07 23:03 24,278,048 ----a-w C:\Users\leclair\dotnetfx.exe

2008-02-03 22:31 541,817 ----a-w C:\Users\leclair\GameXP.zip

2008-02-01 23:41 1,359,716 ----a-w C:\Users\leclair\atitool_atitool_0.26_anglais_17858.exe

2008-01-27 21:39 659,968 ----a-w C:\Users\leclair\Graphics.dll

2007-12-08 22:42 16 ----a-w C:\Users\leclair\IN.BIN

2007-12-08 22:20 3,381,280 ----a-w C:\Users\leclair\LimeWireWin.exe

2007-11-07 02:33 3,017,216 ----a-w C:\Users\leclair\Call of Duty® 4 - Modern Warfare Singleplayer no-dvd.exe

.

((((((((((((((((((((((((((((( snapshot@2008-10-14_19.40.51.24 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-10-14 23:27:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-10-15 23:35:47 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-10-14 23:27:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-10-15 23:35:47 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-10-14 23:30:24 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-10-15 23:36:37 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat

+ 2008-10-15 23:36:37 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-10-14 23:30:24 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-10-16 00:01:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2008-10-16 00:01:56 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-10-14 23:10:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-10-15 23:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-10-14 23:10:31 163,840 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-10-15 23:38:11 163,840 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-10-14 23:10:31 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-10-15 23:38:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-10-14 23:16:30 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

+ 2008-10-15 23:54:01 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat

- 2008-10-11 15:44:16 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

+ 2008-10-15 12:30:50 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat

- 2008-10-11 13:21:44 15,119 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-10-15 12:28:15 48,593,305 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

+ 2008-02-22 05:01:41 64,512 ----a-w C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\WininetPlugin.dll

+ 2007-09-15 23:17:22 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16757_none_f97ccc016eba3585\ieapfltr.dat

+ 2007-09-15 23:17:22 2,455,488 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20927_none_fa26da7687bf7ea3\ieapfltr.dat

+ 2008-01-19 07:36:35 129,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18148_none_47806edf8c9d67e6\sqmapi.dll

+ 2008-01-19 07:34:31 180,736 ----a-w C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18148_none_647f3125ae3840ec\ieui.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-03-16 138008]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"VideotronSA.exe"="C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" [2007-06-13 2061816]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-17 13580832]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-17 92704]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 44168]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Color Calibration.lnk - C:\Program Files\SEC\MT2.5_RAFF\GammaTray.exe [2007-09-16 36864]

GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2007-09-15 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]

FactoryMode [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

--a------ 2007-07-02 06:27 219520 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

--a------ 2007-06-22 08:45 133576 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

--a------ 2008-01-19 03:33 125952 C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

--a------ 2007-03-16 10:18 154392 C:\Windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-02-17 02:11 49152 c:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

--a------ 2006-09-28 09:42 65536 c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

--a------ 2008-07-20 17:45 182808 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 15:30 249856 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 15:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-06-02 11:13 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

--a------ 2006-12-08 12:16 65536 C:\hp\KBD\KbdStub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 15:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]

--a------ 2007-03-14 16:42 321088 C:\Program Files\Pure Networks\Network Magic\nmapp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

--a------ 2007-03-16 10:18 133912 C:\Windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a------ 2008-01-20 03:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SnapfishMediaDetector]

--a------ 2007-03-02 17:55 1441792 C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

--a------ 2008-03-27 19:40 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-09-29 13:03 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{47979CB9-8D97-497A-98A1-D7F56F9AB6AA}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{4BDA2472-0847-4CAA-AA21-969608477352}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{7D3FBCB0-A9AA-42AD-B1E3-B538F7659ADA}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{CFB7A9E2-12E9-4716-B601-F61D5B838E51}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{91E1F0F7-0379-4D8F-807B-769C743F7BEA}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{5FCEF090-3457-4E1B-A81E-90BD23B248A7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{5CF2A95B-D020-40F6-9120-8984AA457D4B}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery

"{030C16F7-DF69-4DFC-BE84-98A695B9EC8E}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery

"{491269BF-97AA-4CB7-B418-5871726309CF}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{42A1BFA7-5A11-44C1-B40A-9017D4A7A47D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{6EF74FE0-53FA-46A0-A5CD-D038A1D915E0}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{14405FA1-EB0B-4674-8093-01D760DEBD9A}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{CACD5F5D-CD6F-459C-85C4-4C4FD8924289}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{CD1E0005-C6E1-4ED2-A944-1334DD48BBD0}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{795C016C-1BD0-4656-8940-E95112CB5821}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{0B32388D-4216-43CB-B616-261E8DB8D23B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

"{6E5244E2-DE8E-4AB8-97EC-46F9ACD68043}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{4A828DAC-CFC6-4AB5-B318-722F830B7249}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"{BE806DAF-3941-4C82-B458-266837DA5BE7}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

"TCP Query User{A96DEC77-2020-4307-95A7-7A102466D161}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus

"UDP Query User{CEDC14C4-E259-413B-968B-A3CE14763698}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus

"TCP Query User{D549787C-149D-41E3-B545-32A84947DAF3}C:\\users\\leclair\\documents\\azureus\\azureus.exe"= UDP:C:\users\leclair\documents\azureus\azureus.exe:azureus.exe

"UDP Query User{5EF6ABF5-F4D7-4735-A575-E160B5F6B4CC}C:\\users\\leclair\\documents\\azureus\\azureus.exe"= TCP:C:\users\leclair\documents\azureus\azureus.exe:azureus.exe

"TCP Query User{6741D45B-D1F3-4094-A17C-A7D99F9CA1CD}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{1A15E84F-915E-40AC-AFD0-116756297B71}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"TCP Query User{8CD660C6-BE29-47D5-8812-13F7C16C81CB}C:\\program files\\thq\\titan quest\\titan quest.exe"= UDP:C:\program files\thq\titan quest\titan quest.exe:Titan Quest

"UDP Query User{0710D0C9-E3E6-46E2-845C-22AFC33FEAF3}C:\\program files\\thq\\titan quest\\titan quest.exe"= TCP:C:\program files\thq\titan quest\titan quest.exe:Titan Quest

"TCP Query User{6D8D3395-C847-4E96-A61D-E0A8F0FBC53A}C:\\program files\\sierra\\fear\\fpupdate.exe"= UDP:C:\program files\sierra\fear\fpupdate.exe:fpupdate

"UDP Query User{1711A4F5-A56F-4618-BA44-5EA6367B7614}C:\\program files\\sierra\\fear\\fpupdate.exe"= TCP:C:\program files\sierra\fear\fpupdate.exe:fpupdate

"TCP Query User{D376FC54-EBE8-4F39-8DB1-404374609BAB}C:\\program files\\call of duty\\codmp.exe"= UDP:C:\program files\call of duty\codmp.exe:CoDMP

"UDP Query User{493463F4-61D7-49CA-A68E-AEE8BAE2971E}C:\\program files\\call of duty\\codmp.exe"= TCP:C:\program files\call of duty\codmp.exe:CoDMP

"TCP Query User{93A4A083-3FBC-4226-8CEB-8CC1D7BD96D9}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s

"UDP Query User{AFBD8F8B-615D-4CDE-AA97-093A218B71C1}C:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:C:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s

"TCP Query User{214A0622-FC00-4D32-8B01-6FD0D6E3DCF8}C:\\users\\leclair\\appdata\\local\\temp\\nhl-crack.exe"= UDP:C:\users\leclair\appdata\local\temp\nhl-crack.exe:nhl-crack.exe

"UDP Query User{13F4A220-2627-4A1B-AFD2-6EB13391E266}C:\\users\\leclair\\appdata\\local\\temp\\nhl-crack.exe"= TCP:C:\users\leclair\appdata\local\temp\nhl-crack.exe:nhl-crack.exe

"{629E38DE-961C-4A49-A3CF-36D4652E5491}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{7272FB9A-8F29-4038-8DD6-ADAD8336C06C}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{BAD932C9-5425-42E2-8804-BEA608EF3470}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{0E708F07-8D42-44C3-9F70-63FDA0CD08DA}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"TCP Query User{267CFBC9-C6E4-43EF-8F39-7AC1D57533D7}C:\\users\\leclair\\desktop\\zulaman-final_fr_f-avi-downloader.exe"= UDP:C:\users\leclair\desktop\zulaman-final_fr_f-avi-downloader.exe:zulaman-final_fr_f-avi-downloader.exe

"UDP Query User{0AC5E78C-BA8E-4FF6-A121-9B2BDC38AD68}C:\\users\\leclair\\desktop\\zulaman-final_fr_f-avi-downloader.exe"= TCP:C:\users\leclair\desktop\zulaman-final_fr_f-avi-downloader.exe:zulaman-final_fr_f-avi-downloader.exe

"{2FB85B15-5376-40CF-AC88-C89F05690AF8}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"{7DF4BA3D-5174-497F-A05D-1B2E0ACE0FC5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour

"TCP Query User{05AAE8E5-2214-42F1-86E7-22ABF930E28F}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader

"UDP Query User{E4FA6BCD-25F7-49FF-8BF0-CD941B98B007}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader

"TCP Query User{5EB2B84F-1384-4C27-9D27-73AF104915D7}C:\\users\\leclair\\documents\\starcraft2cinematictrailer_frencheu-avi-downloader.exe"= UDP:C:\users\leclair\documents\starcraft2cinematictrailer_frencheu-avi-downloader.exe:starcraft2cinematictrailer_frencheu-avi-downloader.exe

"UDP Query User{50AC51F7-724C-4FAF-8CCC-E85C835D2C13}C:\\users\\leclair\\documents\\starcraft2cinematictrailer_frencheu-avi-downloader.exe"= TCP:C:\users\leclair\documents\starcraft2cinematictrailer_frencheu-avi-downloader.exe:starcraft2cinematictrailer_frencheu-avi-downloader.exe

"{CD82BE72-794F-472A-95B1-400CA832DE1E}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs

"{10ABBC15-A76D-4AB1-A61E-6B93F00DC505}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs

"TCP Query User{C47FD405-140C-4B55-B067-6795400C49EB}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= UDP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3

"UDP Query User{02F07346-5065-4383-B0D8-8FA49CBB3AE7}C:\\program files\\microsoft games\\age of empires iii\\age3.exe"= TCP:C:\program files\microsoft games\age of empires iii\age3.exe:Age of Empires 3

"TCP Query User{E8224325-7420-47E3-B202-585E33A828BE}C:\\users\\leclair\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\leclair\program files\utorrent\utorrent.exe:utorrent.exe

"UDP Query User{FEF840E6-99C3-477B-B375-D89C0A5A19E5}C:\\users\\leclair\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\leclair\program files\utorrent\utorrent.exe:utorrent.exe

"TCP Query User{B49A84C7-8E05-49EC-821E-4B84B863DA89}C:\\windows\\system32\\srvces.exe"= UDP:C:\windows\system32\srvces.exe:Srvces

"UDP Query User{3B65446A-B4BD-493C-BF43-CC82F4250EC1}C:\\windows\\system32\\srvces.exe"= TCP:C:\windows\system32\srvces.exe:Srvces

"TCP Query User{EC2C4F8E-3FF5-4D5D-B0D5-383BC83A6FBD}C:\\program files\\the all-seeing eye\\eye.exe"= UDP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye

"UDP Query User{82D16037-AA4D-4269-99A7-51457C43420F}C:\\program files\\the all-seeing eye\\eye.exe"= TCP:C:\program files\the all-seeing eye\eye.exe:Yahoo! All-Seeing Eye

"TCP Query User{D931D99E-B19B-48CB-8C13-E37C43D1B659}C:\\windows\\system32\\srvces.exe"= UDP:C:\windows\system32\srvces.exe:Srvces

"UDP Query User{C70652B5-DED5-44BB-AF0E-C931FC41886C}C:\\windows\\system32\\srvces.exe"= TCP:C:\windows\system32\srvces.exe:Srvces

"TCP Query User{CC33E105-661A-4CC7-B1F1-754FEDDB1977}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire

"UDP Query User{9CFFB7FA-B271-4062-A020-BE9489089264}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

"{064DCAC2-DF08-4DCA-8202-09FBDE2183B9}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

"{42DCD354-F6D1-4B6B-8969-384FB21266FC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes

"{4146FF67-2F60-4138-950E-877758738F63}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

"TCP Query User{D6B426D4-C82A-4CFA-B7E9-6CF31468AD90}C:\\program files\\thq\\titan quest immortal throne\\tqit.exe"= UDP:C:\program files\thq\titan quest immortal throne\tqit.exe:Tqit

"UDP Query User{46D56E64-B436-45E4-A4CC-A6983B1221DD}C:\\program files\\thq\\titan quest immortal throne\\tqit.exe"= TCP:C:\program files\thq\titan quest immortal throne\tqit.exe:Tqit

"{B6C74284-3981-48BA-A2B6-4BBAFA7AFA11}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"TCP Query User{01BCD67F-2661-4D0C-9643-5BA3F0CF4D65}C:\\program files\\rhapsody\\rhapsody.exe"= UDP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody

"UDP Query User{6D522F91-D9BB-4DFE-9D8B-89680F2DD492}C:\\program files\\rhapsody\\rhapsody.exe"= TCP:C:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody

"TCP Query User{3DC9E8E4-8C84-4CD6-9B8A-771F54FE32F4}C:\\users\\leclair\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\leclair\program files\utorrent\utorrent.exe:utorrent.exe

"UDP Query User{6762F73A-57D4-4A6B-B8F3-7DFA1350BFCF}C:\\users\\leclair\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\leclair\program files\utorrent\utorrent.exe:utorrent.exe

"TCP Query User{6F860815-1365-4248-A55E-663B84E570D8}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent

"UDP Query User{CB8B0954-7C98-4BB5-A09B-A62AB09AF782}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent

"{A679C526-1548-4FDB-A2E8-9C5E33D7A0B1}"= UDP:C:\Users\leclair\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{BF772B1A-9587-4968-8832-B762507D8447}"= TCP:C:\Users\leclair\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{06F352FF-CB6F-426A-A8D3-DB003BF8F6FD}"= UDP:C:\Users\leclair\AppData\Local\VirtualStore\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{B8A4EBD9-E380-4283-A623-289D1F446FF0}"= TCP:C:\Users\leclair\AppData\Local\VirtualStore\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{327F23AB-2688-4D63-945F-53AAF00253DE}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{2914DAB1-89CA-43C9-AB98-CEF7A559D060}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{85DEFEAD-BE11-487F-8EAC-11BFDB9963AD}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp

"{44123F45-07F3-41CE-B4EB-35A0013947BE}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp

"{33BB1EEA-D88F-4212-99A6-AD3296939BB4}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

"{1A1D2091-6F20-44B0-92EE-D188CBF2D1F2}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice

"{C3B061F2-9775-468C-91EF-CF863167F354}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{7B203FC4-DBAF-4BDA-8755-32037A33E826}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9

"{1495E7EF-E7B7-4859-A60C-29893E59F4B9}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{221AA146-1F4C-40FE-A2F2-E645473C73E3}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10

"{9C186AB1-6EF8-4EDD-A845-684222737CC4}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{42289D5C-FD2C-475B-B70B-6C646BAB12C0}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update

"{E0BFB3DA-5E89-4F1D-AC90-3BACCC694241}"= UDP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager

"{0B022E6F-D505-455C-8D14-0AB91692AADF}"= TCP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager

"{12130F98-0C51-4705-B9A7-274A033EA46E}"= UDP:C:\Nexon\Combat Arms\NMService.exe:Nexon Messenger Core

"{91CBC215-92C8-40D8-A9D7-FE3A5E2B7524}"= TCP:C:\Nexon\Combat Arms\NMService.exe:Nexon Messenger Core

"{57A8361A-455D-42AE-A019-F512EF1727B1}"= UDP:C:\Program Files\Combat Arms\NMService.exe:Nexon Messenger Core

"{4078ACB0-1354-4407-B252-46730F3BD614}"= TCP:C:\Program Files\Combat Arms\NMService.exe:Nexon Messenger Core

"{FB0E8EC0-D694-4B8A-978A-71F055DCAAA1}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo

"{50DAEF77-D1CB-46CA-B535-2A90889B542E}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

"C:\\Nexon\\Combat Arms\\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\\Nexon\\Combat Arms\\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

"C:\\Program Files\\Combat Arms\\CombatArms.exe"= C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

"C:\\Program Files\\Combat Arms\\Engine.exe"= C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe

R1 hmonitor;hmonitor;C:\Windows\system32\drivers\hmonitor.sys [2008-06-08 10536]

R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]

R2 gameupdater;Game Updater;C:\Program Files\Common Files\Game Updater\gameupdater.exe [2008-06-19 12288]

S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]

S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-08-01 3894272]

S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]

S3 Radialpoint Security Services;Services de sécurité Vidéotron;C:\Windows\system32\dllhost.exe [2006-11-02 7168]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-03 87288]

S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 7680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\shell\AutoRun\command - E:\autorun.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]

\shell\AutoRun\command - L:\autorun.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16cecb3a-67ed-11dc-b5c4-001bfc242aa7}]

\shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2085fa5f-be31-11dc-83e8-001bfc242aa7}]

\shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2085fa61-be31-11dc-83e8-001bfc242aa7}]

\shell\AutoRun\command - N:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a76dff4-63de-11dc-9c2a-806e6f6e6963}]

\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5896df8-b1dc-11dc-b460-001bfc242aa7}]

\shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6d7f837-a7eb-11dc-9832-001bfc242aa7}]

\shell\AutoRun\command - K:\Autorun.exe

*Newly Created Service* - CATCHME

.

Contenu du dossier 'Tâches planifiées'

2008-10-15 C:\Windows\Tasks\User_Feed_Synchronization-{F846550B-F91D-4348-B774-5C9F9ECD45A0}.job

- C:\Windows\system32\msfeedssync.exe [2008-01-19 03:33]

2008-10-15 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

.

- - - - ORPHELINS SUPPRIMES - - - -

BHO-{da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-15 20:02:08

Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

**************************************************************************

.

Heure de fin: 2008-10-15 20:05:30

ComboFix-quarantined-files.txt 2008-10-16 00:04:27

ComboFix2.txt 2008-10-14 23:42:57

Avant-CF: 57,759,498,240 bytes free

Après-CF: 57,717,215,232 bytes free

754 --- E O F --- 2008-10-11 18:15:17

[snooky]

Lance Tools Cleaner : ( Recherche , puis suppresion + Corbeille +Temp )

http://www.pcinpact.com/forum/index.php?sh...l=tools+cleaner

Lance MBAM , supprime tout ce qu'il trouve et poste le rapport céé .

[emmanuel123]

Re, j'ai fais tools cleaner et MBAM puis MBAM n'a rien trouvé :

Malwarebytes' Anti-Malware 1.28

Version de la base de données: 1267

Windows 6.0.6001 Service Pack 1

2008-10-17 07:10:38

mbam-log-2008-10-17 (07-10-38).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)

Eléments examinés: 379670

Temps écoulé: 3 hour(s), 16 minute(s), 45 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

[snooky]

Problème résolu ?

Poste un rapport Hijackthis .

[emmanuel123]

Bon mon problème n'est toujours pas réglé et je ne comprend vraiment pas pourquoi...

Je galère vraiment en ce moment

Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:59:52, on 2008-10-18

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\mobsync.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\leclair\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/defaultf.aspx

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [VideotronSA.exe] "C:\Program Files\Vidéotron\Vidéotron Service Agent\VideotronSA.exe" /AUTORUN

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Color Calibration.lnk = ?

O4 - Global Startup: GammaTray.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: DvpApi (dvpapi) - Unknown owner - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Service de mise a jour pour Services de sécurité Vidéotron (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Vidéotron\Services de sécurité Vidéotron\rpsupdaterR.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 10424 bytes

[snooky]

Coche et fixe ces lignes avec Hijackthis :

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

+ Toutes les lignes 04

O23 - Service: DvpApi (dvpapi) - Unknown owner - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe (file missing)

Tape services.msc dans Exécuter .

Arrête et désactive les services :

Pure Networks\Network Magic

Pure Networks Net2Go

DvpApi (dvpapi)

Désinstalle :

Pure Networks\Network Magic

Pure Networks Net2Go

Poste le lien web d'un rapport GSI :

http://grandpublic.kaspersky.fr/forum/viewtopic.php?t=10143

[emmanuel123]

Re, je fais juste vous dire que je n'ai pas accès à mon ordinateur pour le moment mais j'y aurai accès au début du weekend.

Merci