Bonjour,
 
 
depuis environ 3 semaine, mon antivirus (Avast) me signale la présence d'un spyware : bg3e9.bat .
J'ai essayé plusieuirs technique pour m'en débarasser : accepter que Avast le mette en quarantaine,  accepter qu'il le supprime...
Au démarrage suivant, il réapparait.
 
J'ai fait des recherches sur le net, mais sans trouver de solutions.
 
Et vous de votre coté ? L'avez-vous ? Avez vous trouvé un  moyen de le virer ?
 
Merci !

Bonjour,
 
 
C'est une infection qui se transmet par disque amovible, Avast ne t'aidera pas...
 
 
Télécharge UsbFix (de Chiquitine29 et C_XX) sur ton Bureau
• Lance l'installation avec les paramètres par défaut
• Branche tes sources de données externes à ton PC (clé USB, disque dur externe, lecteur mp3 etc...) sans les ouvrir
• Si tu es sous Windows xp : Double clique sur le raccourci UsbFix sur ton Bureau / Si tu es sous Windows Vista : Fais un clic droit sur le raccourci d'UsbFix et choisis 'Exécuter en tant qu'administrateur'.
• Au menu principal, choisis l'option 1 (recherche)
• Un rapport USBFix.txt apparaitra à la fin, poste le dans ta prochaine réponse stp

Bonjour,
 
 
merci de ta réponse !
 
Voici ce que j'ai :
 
 
#               Intel(R) Pentium(R) 4 CPU 2.40GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090205-1] 4.8.1335 [ Enabled | (!) Outdated ]
 
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 19,53 Go (9,71 Go free) [OS] # NTFS
# D:\ # Disque fixe local # 97,65 Go (31,31 Go free) [Mes docs] # NTFS
# E:\ # Disque fixe local # 97,65 Go (97,58 Go free) [Iena] # NTFS
# F:\ # Disque fixe local # 83,24 Go (28,19 Go free) [Ulm] # NTFS
# G:\ # Disque CD-ROM
# H:\ # Disque CD-ROM
# I:\ # Disque fixe local # 6,02 Go (4,04 Go free) # FAT32
# J:\ # Disque amovible # 958,09 Mo (957,91 Mo free) [USB AT] # FAT32
 
############################## [ Processus actifs ]
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
 
################## [  Registre # Startup ]
 
HKCU_Main:  "Local Page"="C:\\WINDOWS\\system32\\blank.htm"  
HKCU_Main:  "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"  
HKCU_Main:  "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"  
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"  
HKLM_logon: "DefaultUserName"="Ad"  
HKLM_logon: "AltDefaultUserName"="Ad"  
HKLM_logon: "LegalNoticeCaption"=""  
HKLM_logon: "LegalNoticeText"=""  
HKLM_Run:    RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"  
HKLM_Run:    WinampAgent=C:\Program Files\Winamp\winampa.exe  
HKLM_Run:    avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe  
HKLM_Run:    Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"  
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=  
HKCU_Run:    CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe  
HKCU_Run:    hjdsdse=C:\WINDOWS\system32\oukdfgr.exe  
 
################## [ Informations ]
 
# J:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
 
################## [ Fichiers # Dossiers infectieux ]
 
Found ! C:\WINDOWS\system32\bgdferw0.dll  
Found ! C:\WINDOWS\system32\hyrteas0.dll  
Found ! C:\WINDOWS\system32\oukdfgr.exe  
C:\autorun.inf # -> fichier appelé : "C:\bg3e9.bat" ( présent ! )  
Found ! C:\autorun.inf  
D:\autorun.inf # -> fichier appelé : "D:\bg3e9.bat" ( présent ! )  
Found ! D:\autorun.inf  
E:\autorun.inf # -> fichier appelé : "E:\bg3e9.bat" ( présent ! )  
Found ! E:\autorun.inf  
F:\autorun.inf # -> fichier appelé : "F:\bg3e9.bat" ( présent ! )  
Found ! F:\autorun.inf  
I:\autorun.inf # -> fichier appelé : "I:\bg3e9.bat" ( présent ! )  
Found ! I:\autorun.inf  
 
################## [ Registre # Clés Run infectieuses ]
 
Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "hjdsdse"    
Found ! HKU\S-1-5-21-725345543-838170752-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "hjdsdse"    
 
################## [ Registre # Mountpoints2 ]
 
HKCU\Software\Microsoft\....\MountPoints2\{9eb586ba-a1f3-11dc-a6ef-806d6172696f}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{9eb586ba-a1f3-11dc-a6ef-806d6172696f}\Shell\open\Command  
 
################## [ ! Fin du rapport # UsbFix V3.015 ! ]  
 
 

Ok, on peut passer à la suppression :
 
• Branche tous tes disques amovibles (clés USB, lecteurs mp3, disques durs externes, iPod...) et clique sur OK.
• Relance USBFix
• Choisis cette fois l'option 2 (Suppression)
• Ton Bureau va disparaitre, puis l'ordinateur va redémarrer --> c'est normal
• Laisse travailler l'outil jusqu'au bout
• A la fin, le rapport USBFix.txt va s'afficher --> poste le dans ta prochaine réponse stp

Excuse moi pr le délai de réponse, pas mal de boulot/déplacements en ce momment...
 
Après lancement de la "Suppression", voici ce que j'ai eu :
[diverses info sur mon PC et liste de mes disques, puis]
 
############################## [ Processus actifs ]
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
 
################## [  Registre # Startup ]
 
HKCU_Main:  "Local Page"="C:\\WINDOWS\\system32\\blank.htm"  
HKCU_Main:  "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"  
HKCU_Main:  "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"  
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"  
HKLM_logon: "DefaultUserName"="Ad"  
HKLM_logon: "AltDefaultUserName"="Ad"  
HKLM_logon: "LegalNoticeCaption"=""  
HKLM_logon: "LegalNoticeText"=""  
HKLM_Run:    RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"  
HKLM_Run:    WinampAgent=C:\Program Files\Winamp\winampa.exe  
HKLM_Run:    avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe  
HKLM_Run:    Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"  
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=  
HKCU_Run:    CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe  
HKCU_Run:    hjdsdse=C:\WINDOWS\system32\oukdfgr.exe  
 
################## [ Informations ]
 
# J:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
 
################## [ Fichiers # Dossiers infectieux ]
 
Found ! C:\WINDOWS\system32\bgdferw0.dll  
Found ! C:\WINDOWS\system32\hyrteas0.dll  
Found ! C:\WINDOWS\system32\oukdfgr.exe  
C:\autorun.inf # -> fichier appelé : "C:\bg3e9.bat" ( présent ! )  
Found ! C:\autorun.inf  
D:\autorun.inf # -> fichier appelé : "D:\bg3e9.bat" ( présent ! )  
Found ! D:\autorun.inf  
E:\autorun.inf # -> fichier appelé : "E:\bg3e9.bat" ( présent ! )  
Found ! E:\autorun.inf  
F:\autorun.inf # -> fichier appelé : "F:\bg3e9.bat" ( présent ! )  
Found ! F:\autorun.inf  
I:\autorun.inf # -> fichier appelé : "I:\bg3e9.bat" ( présent ! )  
Found ! I:\autorun.inf  
 
################## [ Registre # Clés Run infectieuses ]
 
Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "hjdsdse"    
Found ! HKU\S-1-5-21-725345543-838170752-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "hjdsdse"    
 
################## [ Registre # Mountpoints2 ]
 
HKCU\Software\Microsoft\....\MountPoints2\{9eb586ba-a1f3-11dc-a6ef-806d6172696f}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{9eb586ba-a1f3-11dc-a6ef-806d6172696f}\Shell\open\Command  
 
################## [ ! Fin du rapport # UsbFix V3.015 ! ]  
 
J'ai l'impression que cela s'est bien déroulé. USBFix propose également une option "immuniser vos lecteurs" ou qq chose comme ça, je en sais aps ce que cela vaut.
 
En tout cas merci anthony5151 de m'avoir dégotté cet outil (et merci aux programmeurs qui l'on créé ;-) !

Là c'est encore un rapport de recherche, tu es sûr d'avoir fait suppression ?
 
 

Ce dont tu parles, c'est la vaccination de tes disques. C'est très effiace, ça va créer un dossier autorun.inf invisible et normalement impossible à supprimer, empêchant des infections de ce type de se copier à nouveau sur tes disques amovibles

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-05-18 02:17:14
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 21 GB (60%) free of 35 GB
Total RAM: 1013 MB (43% free)
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:17 VALR, on 18/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\WINDOWS\sttray.exe
C:\Program Files\CyberLink\PowerVCRII\Agent.exe
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\TVApp\TVPro\Remote.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Chatango\Chatango.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingcopta.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxbeaue.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bfmb.exe
C:\Program Files\Star Downloader\stardown.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com?pr=oovoo2_0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = © Windows XP Ultimate Edition VALR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\dtx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\dtx.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Agent] C:\Program Files\CyberLink\PowerVCRII\Agent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:fr
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Run] C:\Program Files\TVApp\TVPro\Remote.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [VisualTaskTip] \Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Chatango] C:\Program Files\Chatango\Chatango.exe
O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTip] \Program Files\VisualTaskTips\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{37C45BC8-6818-4EA3-9F14-B9E2C05AB79F}: NameServer = 213.136.96.2 213.136.96.37
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
 
--
End of file - 10656 bytes
 
======Scheduled tasks folder======
 
C:\WINDOWS\tasks\Defraggler Volume C Task.job
 
======Registry dump======
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-07-28 882416]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
ooVoo Toolbar - C:\Program Files\oovootb\dtx.dll [2009-03-16 87512]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-12 35840]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-12 73728]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
Mininova Toolbar - C:\Program Files\Mininova\tbMini.dll [2009-05-06 2093080]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2008-07-28 160496]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFEF0-5B30-21D4-945D-000000000000}]
C:\PROGRA~1\STARDO~1\SDIEInt.dll [2006-02-26 135680]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll [2008-07-28 882416]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{f592709f-ff4a-4862-b659-4afabda56312} - Mininova Toolbar - C:\Program Files\Mininova\tbMini.dll [2009-05-06 2093080]
{A1FB2F9A-D35E-11DD-8935-E46A56D89593} - ooVoo Toolbar - C:\Program Files\oovootb\dtx.dll [2009-03-16 87512]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"=C:\WINDOWS\VistaDrive\VistaDrive.exe [2006-10-05 354507]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 108400]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2006-05-26 282624]
"Agent"=C:\Program Files\CyberLink\PowerVCRII\Agent.exe [2001-03-07 172032]
"NWEReboot"= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 225280]
"diagnostics"=C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe [2009-04-29 634973]
"FixCamera"=C:\WINDOWS\FixCamera.exe [2007-02-12 20480]
"tsnp2std"=C:\WINDOWS\tsnp2std.exe [2006-11-29 258048]
"snp2std"=C:\WINDOWS\vsnp2std.exe [2006-09-15 675840]
"Run"=C:\Program Files\TVApp\TVPro\Remote.exe [2004-05-15 118784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-12 148888]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-12-12 143360]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-12-12 172032]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-12-12 143360]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-11-11 206088]
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"VisualTaskTip"=\Program Files\VisualTaskTips\VisualTaskTips.exe []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-05-02 1276416]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-08 40960]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-09-03 94208]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-03-18 4441328]
"Chatango"=C:\Program Files\Chatango\Chatango.exe [2008-02-05 356352]
 
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-12-12 217088]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-05-15 200064]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-06 133632]
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=1
"MemCheckBoxInRunDlg"=1
"NoSMBalloonTip"=1
"NoDesktopCleanupWizard"=1
"NoWelcomeScreen"=1
"NoDriveAutorun"=0
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:ipsec"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"D:\L O G I C I E L S\MODEM .  SpeedTouch\ST330v4005 (F)\STHIW\stInstall.exe"="D:\L O G I C I E L S\MODEM .  SpeedTouch\ST330v4005 (F)\STHIW\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"
"C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe"="C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe:*:Enabled:ST330 service"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:ipsec"
"C:\Program Files\tkontrole-client\tkontrole-client.exe"="C:\Program Files\tkontrole-client\tkontrole-client.exe:*:Enabled:Tk DLL"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:ipsec"
"C:\Program Files\Free Music Zilla\FMZilla.exe"="C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla"
"C:\Program Files\wLite\wLite.exe"="C:\Program Files\wLite\wLite.exe:*:Enabled:webcamXP"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\vdp\vdp.exe"="C:\vdp\vdp.exe:*:Enabled:Video surveillance PRO 2008"
"J:\LiberKey\LiberKey.exe"="J:\LiberKey\LiberKey.exe:*:Enabled:ipsec"
"J:\LiberKey\LiberKeyTools\LKsplash.exe"="J:\LiberKey\LiberKeyTools\LKsplash.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ityrx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ityrx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hwugb.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hwugb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gvlqw.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gvlqw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ecbyj.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ecbyj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qhtbi.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qhtbi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkxjcj.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkxjcj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winobkh.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winobkh.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsrtjm.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsrtjm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnvqs.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnvqs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingyqsjs.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingyqsjs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqqqqfj.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqqqqfj.exe:*:Enabled:ipsec"
"C:\Program Files\CyberLink\PowerVCRII\Agent.exe"="C:\Program Files\CyberLink\PowerVCRII\Agent.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvqxyud.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winvqxyud.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uerthw.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uerthw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjwtumq.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjwtumq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxjpos.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxjpos.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gysfo.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gysfo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winotcu.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winotcu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winabpgc.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winabpgc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintbnvd.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintbnvd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sggp.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sggp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\w41326.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\w41326.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sbjxb.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sbjxb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\phns.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\phns.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winitfs.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winitfs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winavcl.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winavcl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winalnkvm.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winalnkvm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mxyplj.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mxyplj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winibjac.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winibjac.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaymxw.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaymxw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wngpnv.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wngpnv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwvjox.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwvjox.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qjrb.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qjrb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mdxpbf.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mdxpbf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winixju.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winixju.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfwtbb.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfwtbb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwmihae.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwmihae.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xxejcd.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xxejcd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winprqudd.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winprqudd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpdejw.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpdejw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsnvdq.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsnvdq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winevul.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winevul.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlrklx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlrklx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dggn.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dggn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winenbr.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winenbr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjnyv.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjnyv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhadvxy.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhadvxy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\icpxkf.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\icpxkf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mkkesy.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mkkesy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjxhvre.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjxhvre.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fqywp.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fqywp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tqnqjn.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tqnqjn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qqtfo.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qqtfo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\imhhbc.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\imhhbc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winidygb.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winidygb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vwkow.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vwkow.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winditjjo.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winditjjo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bpnua.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bpnua.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tgkivp.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tgkivp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qertv.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qertv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winklbrvu.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winklbrvu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qpweij.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qpweij.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winoypaix.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winoypaix.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\takuj.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\takuj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qgucyi.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qgucyi.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlmhos.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlmhos.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qgml.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qgml.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bjtu.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bjtu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winslimqo.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winslimqo.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winogopv.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winogopv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpjbx.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpjbx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ixrykg.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ixrykg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sfqots.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sfqots.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpltm.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winpltm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ggcenm.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ggcenm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmfndg.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmfndg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ncnsa.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ncnsa.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pbaaxq.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pbaaxq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\itakjf.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\itakjf.exe:*:Enabled:ipsec"
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - em8tqm.cmd
shell\open\command - em8tqm.cmd
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - em8tqm.cmd
shell\open\command - em8tqm.cmd
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - em8tqm.cmd
shell\open\command - em8tqm.cmd
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a4044bd-3d91-11de-88e0-4d6564696130}]
shell\AutoPLay\command - rnuvta.exe
shell\AutoRun\command - rnuvta.exe
shell\exPloRe\command - rnuvta.exe
shell\open\command - rnuvta.exe
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77669a0e-265e-11de-b057-0019d10995f6}]
shell\AutoRun\command - J:\em8tqm.cmd
shell\open\command - J:\em8tqm.cmd
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ace32694-2752-11de-b05c-0019d10995f6}]
shell\AutoRun\command - K:\em8tqm.cmd
shell\open\command - K:\em8tqm.cmd
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edf10999-2990-11de-a405-0019d10995f6}]
shell\AutoRun\command - J:\em8tqm.cmd
shell\open\command - J:\em8tqm.cmd
 
 
======List of files/folders created in the last 1 months======
 
2009-05-18 02:17:14 ----D---- C:\rsit
2009-05-18 02:17:14 ----D---- C:\Program Files\trend micro
2009-05-18 01:54:26 ----SHD---- C:\Config.Msi
2009-05-18 01:43:31 ----D---- C:\Program Files\Kaspersky Lab
2009-05-18 00:20:55 ----D---- C:\TEMP
2009-05-17 23:03:44 ----D---- C:\Program Files\AxBx
2009-05-17 22:35:54 ----SHD---- C:\found.000
2009-05-17 07:02:00 ----D---- C:\Documents and Settings\Administrateur\Application Data\ooVoo Details
2009-05-17 07:01:54 ----D---- C:\Documents and Settings\Administrateur\Application Data\EmailNotifier
2009-05-17 07:01:43 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2009-05-17 07:01:43 ----D---- C:\Documents and Settings\Administrateur\Application Data\oovootb
2009-05-17 07:01:42 ----D---- C:\Program Files\oovootb
2009-05-17 07:01:38 ----D---- C:\Program Files\ooVoo
2009-05-16 10:57:24 ----D---- C:\KAV
2009-05-16 05:35:48 ----D---- C:\WINDOWS\Minidump
2009-05-15 12:14:58 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-05-13 17:37:51 ----D---- C:\Documents and Settings\Administrateur\Application Data\Mozilla
2009-05-12 20:04:31 ----D---- C:\Skrabble
2009-05-12 10:48:06 ----D---- C:\Program Files\Fichiers communs\xara
2009-05-12 10:47:30 ----A---- C:\WINDOWS\system32\msxml4a.dll
2009-05-12 10:47:28 ----A---- C:\WINDOWS\system32\MXRestore.exe
2009-05-12 10:47:27 ----A---- C:\WINDOWS\system32\TTIC32.dll
2009-05-12 10:47:27 ----A---- C:\WINDOWS\system32\TTI32.dll
2009-05-12 10:47:27 ----A---- C:\WINDOWS\system32\STRING32.dll
2009-05-12 10:47:27 ----A---- C:\WINDOWS\system32\mgxcdr.txt
2009-05-12 10:47:27 ----A---- C:\WINDOWS\system32\DLLTPO32.dll
2009-05-12 10:47:26 ----A---- C:\WINDOWS\system32\DLLRES32.dll
2009-05-12 10:47:26 ----A---- C:\WINDOWS\system32\DLLRD32.dll
2009-05-12 10:47:25 ----A---- C:\WINDOWS\system32\DLLPTL32.dll
2009-05-12 10:47:24 ----A---- C:\WINDOWS\system32\DLLPRJ32.dll
2009-05-12 10:47:24 ----A---- C:\WINDOWS\system32\DLLPRF32.dll
2009-05-12 10:47:24 ----A---- C:\WINDOWS\system32\DLLPNT32.dll
2009-05-12 10:47:24 ----A---- C:\WINDOWS\system32\DLLMSC32.dll
2009-05-12 10:47:24 ----A---- C:\WINDOWS\system32\DLLIX.dll
2009-05-12 10:47:23 ----A---- C:\WINDOWS\system32\DLLISO32.dll
2009-05-12 10:47:23 ----A---- C:\WINDOWS\system32\DLLIO32.dll
2009-05-12 10:47:23 ----A---- C:\WINDOWS\system32\DLLIMG32.dll
2009-05-12 10:47:23 ----A---- C:\WINDOWS\system32\DLLDRV32.dll
2009-05-12 10:47:23 ----A---- C:\WINDOWS\system32\DLLDIR32.dll
2009-05-12 10:47:22 ----A---- C:\WINDOWS\system32\DLLDEV32.dll
2009-05-12 10:47:22 ----A---- C:\WINDOWS\system32\DLLCPY32.dll
2009-05-12 10:47:22 ----A---- C:\WINDOWS\system32\DLLCDF32.dll
2009-05-12 10:47:22 ----A---- C:\WINDOWS\system32\DLLCDA32.dll
2009-05-12 10:47:21 ----A---- C:\WINDOWS\system32\DLLAV32.dll
2009-05-12 10:46:41 ----D---- C:\Documents and Settings\All Users\Application Data\MAGIX
2009-05-12 10:46:28 ----D---- C:\Program Files\MAGIX
2009-05-12 10:46:28 ----A---- C:\WINDOWS\system32\DLLDEV32i.dll
2009-05-12 10:46:08 ----D---- C:\WINDOWS\system32\MAGIX
2009-05-12 10:46:08 ----A---- C:\WINDOWS\system32\mgxoschk.dll
2009-05-12 10:46:08 ----A---- C:\WINDOWS\mgxoschk.ini
2009-05-12 00:45:14 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-12 00:45:14 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-12 00:45:14 ----A---- C:\WINDOWS\system32\java.exe
2009-05-12 00:45:14 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-05-12 00:44:59 ----D---- C:\Program Files\Java
2009-05-12 00:44:04 ----D---- C:\Documents and Settings\Administrateur\Application Data\Sun
2009-05-11 16:08:46 ----D---- C:\Program Files\iNTERNET Turbo
2009-05-11 06:43:01 ----D---- C:\Program Files\TVApp
2009-05-10 22:55:29 ----D---- C:\vdp
2009-05-10 22:54:49 ----A---- C:\Documents and Settings\Administrateur\Application Data\wss.ini
2009-05-10 22:52:02 ----D---- C:\Documents and Settings\All Users\Application Data\WebacamSurveyor
2009-05-10 22:51:56 ----D---- C:\Program Files\Webcam Surveyor
2009-05-10 19:09:14 ----D---- C:\Program Files\Defraggler
2009-05-08 15:58:20 ----D---- C:\Documents and Settings\Administrateur\Application Data\dvdcss
2009-05-08 10:09:55 ----D---- C:\Program Files\Chatango
2009-05-08 05:08:19 ----D---- C:\Documents and Settings\All Users\Application Data\webcamXP5
2009-05-08 05:00:10 ----D---- C:\Program Files\wLite
2009-05-08 04:13:49 ----D---- C:\downloads
2009-05-08 04:13:49 ----D---- C:\Documents and Settings\Administrateur\Application Data\FMZilla
2009-05-08 04:13:43 ----D---- C:\Program Files\Free Music Zilla
2009-05-07 04:10:56 ----D---- C:\Program Files\uTorrent
2009-05-07 04:10:31 ----D---- C:\Documents and Settings\Administrateur\Application Data\uTorrent
2009-05-07 04:06:34 ----D---- C:\Program Files\Conduit
2009-05-07 04:06:33 ----D---- C:\Program Files\Mininova
2009-05-06 17:13:56 ----D---- C:\Documents and Settings\Administrateur\Application Data\skypePM
2009-05-06 17:10:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\Skype
2009-05-06 17:09:56 ----D---- C:\Program Files\Skype
2009-05-06 17:09:56 ----D---- C:\Program Files\Fichiers communs\Skype
2009-05-06 17:09:48 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-05-06 11:47:57 ----D---- C:\Download
2009-05-04 12:07:23 ----HD---- C:\Program Files\InstallJammer Registry
2009-05-04 12:07:20 ----D---- C:\Program Files\tkontrole-client
2009-05-04 03:47:51 ----D---- C:\Documents and Settings\Administrateur\Application Data\VersionTracker Pro
2009-05-04 03:24:56 ----D---- C:\Program Files\No-IP
2009-04-30 20:04:48 ----A---- C:\WINDOWS\system32\WmiConf.txt
2009-04-30 20:01:57 ----A---- C:\WINDOWS\system32\NicCo2.dll
2009-04-30 16:35:48 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-04-30 16:06:15 ----A---- C:\WINDOWS\FixCamera.exe
2009-04-30 16:06:12 ----A---- C:\WINDOWS\vsnp2std.exe
2009-04-30 16:06:12 ----A---- C:\WINDOWS\tsnp2std.exe
2009-04-30 16:06:11 ----A---- C:\WINDOWS\snp2std.ini
2009-04-30 16:06:07 ----D---- C:\Program Files\Fichiers communs\snp2std
2009-04-30 16:06:07 ----A---- C:\WINDOWS\system32\vsnp2std.dll
2009-04-30 16:06:07 ----A---- C:\WINDOWS\system32\rsnp2std.dll
2009-04-30 16:06:07 ----A---- C:\WINDOWS\system32\csnp2std.dll
2009-04-30 14:25:52 ----D---- C:\WINDOWS\system32\LogFiles
2009-04-29 14:40:34 ----D---- C:\Program Files\Microsoft Silverlight
2009-04-29 14:40:16 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-04-29 14:35:48 ----RSD---- C:\WINDOWS\assembly
2009-04-29 14:34:11 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-29 14:33:30 ----D---- C:\Program Files\Microsoft Sync Framework
2009-04-29 14:32:35 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-04-29 14:31:28 ----D---- C:\Program Files\Microsoft
2009-04-29 14:31:06 ----D---- C:\Program Files\Windows Live SkyDrive
2009-04-29 14:30:39 ----D---- C:\Program Files\Windows Live
2009-04-29 14:05:46 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-04-29 14:05:45 ----D---- C:\WINDOWS\system32\DirectX
2009-04-29 13:34:18 ----D---- C:\Documents and Settings\Administrateur\Application Data\vlc
2009-04-29 13:24:57 ----D---- C:\Program Files\VideoLAN
2009-04-29 12:56:34 ----A---- C:\WINDOWS\system32\igfxCoIn_v5016.dll
2009-04-29 12:50:10 ----A---- C:\WINDOWS\system32\igmedcompkrn.dll
2009-04-29 12:50:10 ----A---- C:\WINDOWS\system32\igklg450.dll
2009-04-29 12:50:10 ----A---- C:\WINDOWS\system32\igklg400.dll
2009-04-29 12:50:10 ----A---- C:\WINDOWS\system32\igfxCoIn_v4926.dll
2009-04-29 12:15:12 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-04-29 11:44:06 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-04-29 11:27:25 ----A---- C:\WINDOWS\system32\CSVer.dll
2009-04-29 11:26:58 ----D---- C:\Intel
2009-04-29 11:17:09 ----D---- C:\Program Files\ma-config.com
2009-04-29 11:17:09 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2009-04-29 10:58:25 ----A---- C:\WINDOWS\Fast800.ini
2009-04-29 10:58:25 ----A---- C:\WINDOWS\adidsl.ini
2009-04-29 10:58:17 ----A---- C:\WINDOWS\adiras.ini
2009-04-29 10:58:16 ----A---- C:\WINDOWS\adirasx64.exe
2009-04-29 10:58:16 ----A---- C:\WINDOWS\adiras.exe
2009-04-29 10:58:13 ----A---- C:\WINDOWS\system32\IPDETECT.EXE
2009-04-29 10:58:13 ----A---- C:\WINDOWS\system32\adadix32.dll
2009-04-29 10:58:05 ----A---- C:\WINDOWS\system32\unaddrv.x64.exe
2009-04-29 10:58:05 ----A---- C:\WINDOWS\system32\unaddrv.exe
2009-04-29 10:58:05 ----A---- C:\WINDOWS\system32\coclassfast.dll
2009-04-29 10:58:05 ----A---- C:\WINDOWS\system32\ADADIX2K.DLL
2009-04-29 10:58:05 ----A---- C:\WINDOWS\system32\ADADIX16.DLL
2009-04-29 10:58:05 ----A---- C:\WINDOWS\enddisk32.exe
2009-04-29 10:58:05 ----A---- C:\WINDOWS\autoclk.exe
2009-04-29 10:57:53 ----D---- C:\Program Files\SAGEM
2009-04-29 10:57:48 ----D---- C:\Documents and Settings\Administrateur\Application Data\InstallShield
2009-04-29 10:57:36 ----RA---- C:\WINDOWS\system32\adinst32.dll
2009-04-25 10:19:55 ----D---- C:\Documents and Settings\Administrateur\Application Data\Help
 
======List of files/folders modified in the last 1 months======
 
2009-05-18 02:17:14 ----D---- C:\Program Files
2009-05-18 01:57:47 ----D---- C:\WINDOWS\system32\drivers
2009-05-18 01:57:45 ----D---- C:\WINDOWS\Temp
2009-05-18 01:57:36 ----D---- C:\WINDOWS
2009-05-18 01:55:15 ----SHD---- C:\WINDOWS\Installer
2009-05-18 01:55:09 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-18 01:54:56 ----D---- C:\WINDOWS\inf
2009-05-18 01:54:51 ----D---- C:\WINDOWS\system32
2009-05-18 01:54:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-18 01:47:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-18 01:43:30 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-05-17 22:31:58 ----D---- C:\Program Files\SuperCopier2
2009-05-17 22:24:54 ----D---- C:\WINDOWS\WinSxS
2009-05-17 19:27:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-17 17:42:54 ----A---- C:\WINDOWS\NeroDigital.ini
2009-05-17 07:53:09 ----D---- C:\WINDOWS\Prefetch
2009-05-17 07:37:59 ----D---- C:\WINDOWS\Registration
2009-05-17 07:01:38 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-16 01:00:04 ----D---- C:\WINDOWS\security
2009-05-13 17:36:40 ----A---- C:\WINDOWS\system.ini
2009-05-12 12:19:37 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-05-12 11:55:45 ----A---- C:\WINDOWS\win.ini
2009-05-12 10:48:36 ----RSD---- C:\WINDOWS\Fonts
2009-05-12 10:48:18 ----D---- C:\Program Files\Fichiers communs
2009-05-10 19:14:26 ----SD---- C:\WINDOWS\Tasks
2009-05-10 14:39:02 ----D---- C:\Program Files\Windows Media Player
2009-05-08 17:10:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-01 18:40:27 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-01 16:50:55 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-04-30 20:06:03 ----D---- C:\Program Files\Intel
2009-04-30 20:05:35 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-30 16:35:48 ----D---- C:\Program Files\Yahoo!
2009-04-30 16:35:43 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-04-30 16:06:11 ----D---- C:\WINDOWS\twain_32
2009-04-30 13:01:11 ----D---- C:\Program Files\Adobe
2009-04-29 15:47:34 ----D---- C:\Program Files\Thomson SpeedTouch
2009-04-29 14:40:16 ----D---- C:\Program Files\Fichiers communs\System
2009-04-29 14:40:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-29 14:34:15 ----D---- C:\WINDOWS\system32\mui
2009-04-29 14:34:15 ----D---- C:\Program Files\Internet Explorer
2009-04-29 14:33:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-29 11:14:50 ----D---- C:\Program Files\Star Downloader
2009-04-27 15:02:32 ----D---- C:\Boby
2009-04-24 11:59:15 ----D---- C:\TempEI4
2009-04-23 15:37:02 ----D---- C:\Documents and Settings\Administrateur\Application Data\Adobe
 
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\nkrsig.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 e4usbaw;USB ADSL2 WAN Adapter; C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-12-12 6048768]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-03-02 12031744]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-26 1177032]
R3 TVProDrv;TVProDrv; \??\C:\PROGRA~1\TVApp\TVPro\TVProDrv.sys []
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys); C:\WINDOWS\System32\Drivers\e4ldr.sys [2007-01-04 69656]
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 Bridge;Pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-03 41728]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ST330;ST330; C:\WINDOWS\system32\drivers\st330.sys [2009-04-11 30464]
S3 STBUS;STBUS; C:\WINDOWS\system32\drivers\stbus.sys [2009-04-11 12672]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\steth.sys [2009-04-17 40320]
S3 stppp;Speedtouch PPP Adapter Adapter; C:\WINDOWS\system32\DRIVERS\stppp.sys [2009-04-11 32000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-06 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-06 82944]
S3 ZSMC302;VIMICRO USB PC Camera; C:\WINDOWS\System32\Drivers\usbVM31b.sys [2004-09-07 90568]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600]
 
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-12 152984]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 st330service;SpeedTouch 330 Manager; C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe [2009-04-29 389215]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-05-26 86016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-04-21 285864]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
 
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-05-18 02:17:43
 
======Uninstall list======
 
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\MAGIX\Speed2_burnR_mxcdr\unwise.exe
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
Acrobat.com-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Alky for Applications (Windows XP)-->MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
ALUpdate-->"C:\Program Files\ESTsoft\ALUpdate\unins000.exe"
ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chatango Message Catcher-->"C:\Program Files\Chatango\uninstall.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CMP-WEBCAM70.75.80.85-->C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe -runfromtemp -l0x040c -removeonly -u
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Free Music Zilla-->"C:\Program Files\Free Music Zilla\unins000.exe"
Gadget Documents récents Microsoft Office 2007-->MsiExec.exe /X{90120000-008A-040C-0000-0000000FF1CE}
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Network Connections 14.0.40.0-->MsiExec.exe /i{888019C0-54D4-40C2-9274-27B9DAB17017} ARPREMOVE=1
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Ma-Config.com-->MsiExec.exe /X{E780E536-16CE-4CD1-8FE0-2D5E52FAA65B}
MAGIX Audio Cleanic 15 deluxe Trial 10.0.2.0 (F)-->C:\Program Files\MAGIX\ACleanic15_deluxe_Version_a_telecharger\unwise.exe
MAGIX Screenshare 4.3.6.1987 (F)-->C:\Program Files\MAGIX\PCVisit\unwise.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mininova Toolbar-->C:\PROGRA~1\Mininova\UNWISE.EXE   /U C:\PROGRA~1\Mininova\INSTALL.LOG  
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Multi Virus Cleaner 2009-->"C:\Program Files\AxBx\Multi Virus Cleaner 2009\unins000.exe"
Nero 7 Premium-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
ooVoo Toolbar (Remove Toolbar Only)-->C:\Program Files\oovootb\uninstall.exe
ooVoo-->"C:\Program Files\InstallShield Installation Information\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\setup.exe" -runfromtemp -l0x040c -removeonly
Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninst  
PowerVCR II-->C:\Program Files\CyberLink\PowerVCRII\Uninstall.exe
Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe"
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
SAGEM F@st 800-840-->C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe -runfromtemp -l0x040c -removeonly
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SpeedTouch 330-->C:\Program Files/Thomson SpeedTouch/ST330/Uninstall/stInstall.exe -s:scen_uninstall_st330.xml -l:fr
Star Downloader Free-->C:\PROGRA~1\STARDO~1\UNWISE.EXE C:\PROGRA~1\STARDO~1\INSTALL.LOG
SUPER © Version 2007.bld.22 (Mar 14, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Tkontrole-Client-->C:\Program Files\tkontrole-client\uninstall.exe
TVPro-->C:\PROGRA~1\TVApp\TVPro\UNWISE.EXE C:\PROGRA~1\TVApp\TVPro\INSTALL.LOG
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Video Surveillance PRO 2008 11.6.0.8-->"C:\vdp\unins000.exe"
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Volet Windows-->RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,UnInstall
Webcam Surveyor 1.7.5-->"C:\Program Files\Webcam Surveyor\unins000.exe"
webcamXP Lite-->"C:\Program Files\wLite\wl-uninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
 
Securitycenter WMI appears to be broken
 
======System event log======
 
Computer Name: PCALR
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{30F3A9B0-BB38-44A8-8FC7-53F42DC75189} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.
 
Record Number: 6387
Source Name: Tcpip
Time Written: 20090511065430.000000+120
Event Type: Informations
User:  
 
Computer Name: PCALR
Event Code: 8033
Message: L'explorateur a forcé une élection sur le réseau \Device\NetBT_Tcpip_{30F3A9B0-BB38-44A8-8FC7-53F42DC75189} car un maître explorateur a été arrêté.
 
Record Number: 6386
Source Name: BROWSER
Time Written: 20090511065406.000000+120
Event Type: Informations
User:  
 
Computer Name: PCALR
Event Code: 4202
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{30F3A9B0-BB38-44A8-8FC7-53F42DC75189} était déconnectée du réseau,
et la configuration réseau de la carte a été abandonnée. Si la carte
réseau n'était pas déconnectée, ceci peut indiquer un disfonctionnement.
Contactez le fabricant pour des pilotes mis à jour.
 
Record Number: 6385
Source Name: Tcpip
Time Written: 20090511065406.000000+120
Event Type: Informations
User:  
 
Computer Name: PCALR
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service TVProDrv.
 
Record Number: 6384
Source Name: Service Control Manager
Time Written: 20090511064325.000000+120
Event Type: Informations
User: PCALR\Administrateur
 
Computer Name: PCALR
Event Code: 64001
Message: Tentative de remplacement du fichier système protégé c:\windows\system32\mpg4ds32.ax.
Ce fichier a été restauré en utilisant sa version initiale pour maintenir la stabilité du
système.
La version du fichier incorrect est 4.1.0.3917, la version du fichier
système actuel est 8.0.0.4487.
 
Record Number: 6383
Source Name: Windows File Protection
Time Written: 20090511064310.000000+120
Event Type: Informations
User:  
 
=====Application event log=====
 
Computer Name: PCALR
Event Code: 103
Message: wuaueng.dll (2152) SUS20ClientDataStore: Le moteur de base de données a arrêté une instance (0).
 
Record Number: 47
Source Name: ESENT
Time Written: 20090411024925.000000+120
Event Type: Informations
User:  
 
Computer Name: PCALR
Event Code: 102
Message: wuaueng.dll (2152) SUS20ClientDataStore: Le moteur de base de données a démarré une nouvelle instance (0).
 
Record Number: 46
Source Name: ESENT
Time Written: 20090411024423.000000+120
Event Type: Informations
User:  
 
Computer Name: PCALR
Event Code: 100
Message: wuauclt (2152) Le moteur de base de données 5.01.2600.5512 est démarré.
 
Record Number: 45
Source Name: ESENT
Time Written: 20090411024423.000000+120
Event Type: Informations
User:  
 
Computer Name: PCALR
Event Code: 11707
Message: Product: Acrobat.com -- Installation completed successfully.
 
Record Number: 44
Source Name: MsiInstaller
Time Written: 20090411023628.000000+120
Event Type: Informations
User: PCALR\Administrateur
 
Computer Name: PCALR
Event Code: 11707
Message: Product: Adobe AIR -- Installation completed successfully.
 
Record Number: 43
Source Name: MsiInstaller
Time Written: 20090411023618.000000+120
Event Type: Informations
User: PCALR\Administrateur
 
======Environment variables======
 
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Alky for Applications\Libraries;C:\Program Files\ESTsoft\ALZip;C:\Program Files\Intel\DMIX
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=040a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
 
-----------------EOF-----------------