Infectes avec un virus win 32 de nouveau type

Résolu

Lo -
ddede67 Messages postés 79 Statut Membre - 26 nov. 2009 à 15:12

Bonjour,

Je suis infecte par une virus de type Win 32 Rectix.A sur mon systeme Windows XP pro.
Je suis equipes d'un Antivirus Avira Antivir qui detecte le Virus Win 32 Rectix.A sur un fichier C:\Windows\linkinfo.dll

Si je clique sur supprimer ou deplacer en quanrantaine, cela ne change rien, le meme message de antivir reaparait regulierement (environ toute les 2 heures).
Je ne vois aucun fichier C:\Windows\linkinfo.dllsur dans mon fichier windows. Et la plupart des scan, ne le detecte pas (mais ils trouvent des fichiers impossible a ouvrir et donc a analyser).

Je ne sais donc pas comment supprimer ce virus Rectix.
Merci par avance de m'aider a trouver une solution a ce probleme (et pour toute l'aide que vous nous apporter sur le net).

bonne journee
Laurent

voici le hijackthis:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-11-26 11:06:59
Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (2%) free of 50 GB
Total RAM: 2047 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:23 AM, on 11/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-515967899-1801674531-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: UltimateBet - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Administrator\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Administrator\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EHttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe

--
End of file - 9217 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-10 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"=DevDetect.exe -autorun []
"USB Antivirus"=C:\Program Files\USB Disk Security\USBGuard.exe [2008-09-23 798720]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2006-06-26 61952]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-16 479232]
"tbhSystray"=C:\Program Files\tbh\base\bin\tbhSystray.exe [2009-11-11 492840]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [2007-02-04 79400]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-06-26 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-05-19 91432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-01-20 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicLinker3]
C:\Program Files\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\MagicLnk.exe [2001-05-11 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2008-07-03 16876032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2008-06-19 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-10 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-02-04 62464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-05-06 6656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2007-02-14 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE [2006-11-10 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-24 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\tbh\base\bin\tbhDaemon.exe"="C:\Program Files\tbh\base\bin\tbhDaemon.exe:*:Enabled:The Browser Highlighter - Daemon"
"C:\Program Files\tbh\monitor\bin\tbhMonitor.exe"="C:\Program Files\tbh\monitor\bin\tbhMonitor.exe:*:Enabled:The Browser Highlighter - Monitor"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2009-11-26 11:06:59 ----D---- C:\rsit
2009-11-26 11:06:59 ----D---- C:\Program Files\trend micro
2009-11-26 09:50:29 ----D---- C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6
2009-11-26 03:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-26 03:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-25 20:04:49 ----D---- C:\WINDOWS\Minidump
2009-11-25 09:44:43 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2009-11-19 03:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-11-19 03:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-11-19 00:21:38 ----D---- C:\Program Files\Tutorial Holdem Manager
2009-11-18 03:04:16 ----D---- C:\WINDOWS\system32\XPSViewer
2009-11-18 03:04:13 ----D---- C:\Program Files\MSBuild
2009-11-18 03:04:08 ----D---- C:\Program Files\Reference Assemblies
2009-11-18 03:03:44 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-11-18 03:03:44 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-11-18 03:03:44 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-11-17 09:20:32 ----A---- C:\WINDOWS\HMHud.INI
2009-11-17 09:08:07 ----D---- C:\Program Files\PostgreSQL
2009-11-17 08:41:17 ----D---- C:\HMArchive
2009-11-17 08:39:43 ----D---- C:\Documents and Settings\All Users\Application Data\XHEO INC
2009-11-17 08:13:17 ----D---- C:\Program Files\RVG Software
2009-11-16 19:58:58 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc
2009-11-16 19:57:52 ----D---- C:\Program Files\VideoLAN
2009-11-16 19:36:18 ----A---- C:\Program Files\vlc-1.0.2-win32.exe
2009-11-16 10:52:57 ----D---- C:\Program Files\UltimateBet
2009-11-16 10:52:26 ----A---- C:\Program Files\ubsetup.exe
2009-11-14 13:54:17 ----N---- C:\WINDOWS\Ctregrun.exe
2009-11-14 13:30:37 ----D---- C:\WINDOWS\Cache
2009-11-14 13:28:59 ----N---- C:\WINDOWS\system32\CTSVCCTL.EXE
2009-11-14 13:28:58 ----N---- C:\WINDOWS\system32\CTSVCCDA.EXE
2009-11-14 13:22:53 ----D---- C:\Program Files\Creative
2009-11-14 11:17:46 ----D---- C:\Documents and Settings\Administrator\Application Data\ACD Systems
2009-11-13 18:03:23 ----D---- C:\Program Files\Full Tilt Poker.Net
2009-11-13 17:33:40 ----A---- C:\FullTiltPokerNetSetup.exe
2009-11-13 03:00:18 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-11-12 09:53:51 ----A---- C:\WINDOWS\MAXLINK.INI
2009-11-12 09:53:48 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-11-12 09:53:46 ----D---- C:\Documents and Settings\Administrator\Application Data\ScanSoft
2009-11-12 09:53:32 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2009-11-12 09:53:32 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2009-11-12 09:53:04 ----D---- C:\Program Files\ScanSoft
2009-11-12 09:49:45 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2009-11-12 09:49:32 ----A---- C:\WINDOWS\system32\CNMLM8R.DLL
2009-11-12 09:49:27 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2009-11-12 09:49:18 ----A---- C:\WINDOWS\system32\cnco140.dll
2009-11-12 09:49:17 ----A---- C:\WINDOWS\system32\CNCL140.DLL
2009-11-12 09:49:17 ----A---- C:\WINDOWS\system32\CNCI140.DLL
2009-11-12 09:49:16 ----A---- C:\WINDOWS\system32\CNCC140.DLL
2009-11-12 09:48:59 ----HD---- C:\Program Files\CanonBJ
2009-11-12 09:48:11 ----D---- C:\Program Files\Canon
2009-11-12 08:57:58 ----D---- C:\Program Files\Everest Poker
2009-11-12 08:57:39 ----A---- C:\Program Files\Everest_Poker.exe
2009-11-12 08:32:51 ----D---- C:\Program Files\Avira
2009-11-12 08:32:51 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-11-12 08:17:43 ----A---- C:\Program Files\avira_antivir_personal_free.exe
2009-11-11 14:58:22 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2009-11-11 14:50:13 ----A---- C:\WINDOWS\DUMP7431.tmp
2009-11-11 14:27:23 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-11 13:54:15 ----D---- C:\Documents and Settings\Administrator\Application Data\UltimateBet
2009-11-11 13:54:07 ----D---- C:\Program Files\_uninstallation_info
2009-11-11 13:34:26 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-11-11 13:34:24 ----D---- C:\Program Files\Alwil Software
2009-11-11 13:08:40 ----A---- C:\Program Files\avast_home_setup.exe
2009-11-11 11:26:39 ----D---- C:\Winamax
2009-11-11 11:26:18 ----A---- C:\Program Files\Install_Winamax.exe
2009-11-11 10:54:15 ----D---- C:\Program Files\MSECache
2009-11-11 10:52:37 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2009-11-11 10:52:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Azureus
2009-11-11 10:52:10 ----D---- C:\Program Files\Vuze
2009-11-11 10:52:10 ----D---- C:\Program Files\AskBarDis
2009-11-11 10:49:29 ----A---- C:\Program Files\FileFormatConverters.exe
2009-11-11 10:46:39 ----A---- C:\Program Files\Vuze_Installer_cnet.exe
2009-11-11 10:42:00 ----A---- C:\Program Files\Everest Poker.exe
2009-11-11 10:41:20 ----D---- C:\WINDOWS\Sun
2009-11-11 10:03:32 ----D---- C:\eye toy
2009-11-11 10:02:12 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM
2009-11-11 10:01:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2009-11-11 09:59:48 ----D---- C:\Program Files\tbh
2009-11-11 09:57:40 ----D---- C:\Program Files\Common Files\Skype
2009-11-11 09:57:38 ----RD---- C:\Program Files\Skype
2009-11-11 09:57:35 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-11-11 09:47:56 ----A---- C:\Program Files\SkypeSetup.exe
2009-11-11 09:43:53 ----RA---- C:\WINDOWS\ov519dib.dll
2009-11-11 09:43:53 ----RA---- C:\WINDOWS\OV519.txt
2009-11-11 09:43:52 ----RA---- C:\WINDOWS\vidcap32.exe
2009-11-11 09:43:52 ----RA---- C:\WINDOWS\amcap.exe
2009-11-11 09:43:49 ----D---- C:\WINDOWS\OvtCam
2009-11-11 09:43:48 ----RA---- C:\WINDOWS\system32\ov519usd.dll
2009-11-11 09:43:48 ----RA---- C:\WINDOWS\system32\ov519ext.dll
2009-11-11 09:43:47 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-11-11 08:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-11-11 08:53:18 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-11-11 08:53:09 ----HDC---- C:\WINDOWS\$NtUninstallKB939373$
2009-11-11 08:52:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-11-11 08:52:49 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-11-11 08:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-11-11 08:52:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-11-11 08:52:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-11-11 08:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-11-11 08:52:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-11-11 08:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-11-11 08:51:55 ----HDC---- C:\WINDOWS\$NtUninstallKB942831$
2009-11-11 08:51:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-11 08:51:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-11-11 08:44:03 ----D---- C:\Program Files\Google
2009-11-11 08:43:26 ----A---- C:\Program Files\GmailInstaller.exe
2009-11-11 08:22:14 ----D---- C:\Program Files\PokerStars
2009-11-11 08:17:10 ----A---- C:\Program Files\PokerStarsInstall.exe
2009-11-11 08:10:13 ----A---- C:\Program Files\Firefox Setup 3.5.5.exe
2009-11-11 03:23:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-11-11 03:23:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-11-11 03:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-11-11 03:22:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-11-11 03:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-11-11 03:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-11-11 03:21:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975254$
2009-11-11 03:20:48 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2009-11-11 03:20:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-11-11 03:19:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-11-11 03:18:17 ----HDC---- C:\WINDOWS\$NtUninstallKB970483$
2009-11-11 03:12:47 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-11 03:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-11-11 03:11:40 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-11-11 03:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-11-11 03:10:01 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$
2009-11-11 03:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-11-11 03:07:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-11-11 03:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-11-11 03:06:56 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-11-11 03:06:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-11-11 03:05:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-11-11 03:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-11-11 03:04:48 ----D---- C:\Program Files\MSXML 6.0
2009-11-11 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-11-11 03:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-11-11 03:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-11-11 03:04:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-11-11 03:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-11-11 03:03:48 ----D---- C:\WINDOWS\ie7updates
2009-11-11 03:03:42 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-11-11 03:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-11-11 03:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-11-11 03:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB942830$
2009-11-11 03:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-11-11 03:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-11-11 03:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-11-11 03:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2009-11-11 03:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-11-11 03:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-11-11 03:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-11-11 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-11-11 03:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-11-10 18:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-11-10 18:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-11-10 17:59:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-11-10 17:59:44 ----D---- C:\Program Files\MSXML 4.0
2009-11-10 17:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-11-10 17:59:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-11-10 17:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-11-10 17:08:58 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-11-10 17:07:05 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-11-10 17:01:16 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-11-10 16:48:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2009-11-10 16:48:20 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2009-11-10 16:46:44 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-11-10 16:46:44 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-11-10 16:44:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-11-10 16:44:39 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-11-10 16:44:39 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-11-10 16:41:01 ----D---- C:\WINDOWS\OPTIONS
2009-11-10 16:41:01 ----D---- C:\Program Files\Realtek
2009-11-10 16:02:08 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-11-10 16:02:08 ----D---- C:\Documents and Settings\Administrator\Application Data\ATI
2009-11-10 15:58:44 ----D---- C:\Program Files\My Company Name
2009-11-10 15:55:24 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-11-10 15:53:45 ----D---- C:\Program Files\ATI Technologies
2009-11-10 15:51:57 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-11-10 13:36:06 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-11-10 13:31:29 ----D---- C:\Program Files\GRETECH
2009-11-10 13:30:10 ----D---- C:\WINDOWS\WBEM
2009-11-10 13:30:10 ----D---- C:\WINDOWS\system32\en-US
2009-11-10 13:29:16 ----HDC---- C:\WINDOWS\ie7
2009-11-10 13:29:06 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-11-10 13:28:43 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-11-10 13:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-11-10 13:28:13 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-10 13:28:09 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-11-10 13:24:25 ----D---- C:\Program Files\Messenger Plus! Live
2009-11-10 13:24:25 ----D---- C:\Program Files\Circle Devlopement
2009-11-10 13:22:47 ----D---- C:\Program Files\Microsoft Silverlight
2009-11-10 13:22:37 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-11-10 13:20:38 ----RSD---- C:\WINDOWS\assembly
2009-11-10 13:20:18 ----D---- C:\WINDOWS\Microsoft.NET
2009-11-10 13:19:45 ----D---- C:\Program Files\Microsoft Sync Framework
2009-11-10 13:19:11 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-11-10 13:19:09 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-11-10 13:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2009-11-10 13:18:47 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-11-10 13:18:47 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-11-10 13:18:46 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-11-10 13:18:17 ----D---- C:\Program Files\Microsoft
2009-11-10 13:18:03 ----D---- C:\Program Files\Windows Live SkyDrive
2009-11-10 13:17:41 ----D---- C:\Program Files\Windows Live
2009-11-10 13:16:22 ----D---- C:\Program Files\Common Files\Windows Live
2009-11-10 13:12:12 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-10 13:12:12 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-10 13:12:12 ----A---- C:\WINDOWS\system32\java.exe
2009-11-10 13:12:12 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-11-10 13:12:05 ----D---- C:\Program Files\Java
2009-11-10 13:11:58 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2009-11-10 13:11:21 ----SHD---- C:\RECYCLER
2009-11-10 13:02:37 ----D---- C:\Program Files\Lavasoft
2009-11-10 13:02:37 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-11-10 13:02:24 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-10 12:53:15 ----A---- C:\WINDOWS\ODBC.INI
2009-11-10 12:52:53 ----D---- C:\Program Files\Microsoft ActiveSync
2009-11-10 12:52:52 ----D---- C:\Program Files\Common Files\DESIGNER
2009-11-10 12:52:48 ----D---- C:\WINDOWS\SHELLNEW
2009-11-10 12:52:48 ----D---- C:\Program Files\Microsoft Office
2009-11-10 12:45:20 ----D---- C:\WINDOWS\system32\appmgmt
2009-11-10 12:44:12 ----RA---- C:\WINDOWS\system32\atiiiexx.dll
2009-11-10 12:44:10 ----RA---- C:\WINDOWS\system32\ATIDEMGX.dll

======List of files/folders modified in the last 1 months======

2009-11-26 11:06:59 ----RD---- C:\Program Files
2009-11-26 11:02:12 ----D---- C:\WINDOWS\AppPatch
2009-11-26 09:51:15 ----D---- C:\WINDOWS\system32\drivers
2009-11-26 09:51:08 ----D---- C:\WINDOWS\Prefetch
2009-11-26 07:27:20 ----D---- C:\Program Files\Mozilla Firefox
2009-11-26 03:26:24 ----D---- C:\WINDOWS\system32\inetsrv
2009-11-26 03:25:07 ----D---- C:\WINDOWS\Temp
2009-11-26 03:24:56 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-26 03:23:58 ----D---- C:\WINDOWS
2009-11-26 03:20:06 ----D---- C:\WINDOWS\system32
2009-11-26 03:17:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-26 03:01:07 ----SHD---- C:\WINDOWS\Installer
2009-11-26 03:00:57 ----HD---- C:\WINDOWS\inf
2009-11-26 03:00:52 ----A---- C:\WINDOWS\imsins.BAK
2009-11-26 03:00:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-26 03:00:22 ----D---- C:\WINDOWS\WinSxS
2009-11-25 15:20:27 ----D---- C:\WINDOWS\system32\config
2009-11-24 13:32:33 ----D---- C:\WINDOWS\Registration
2009-11-24 07:51:25 ----D---- C:\Program Files\UltraISO
2009-11-19 19:48:26 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-19 03:05:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-19 03:01:08 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-18 03:04:11 ----RSD---- C:\WINDOWS\Fonts
2009-11-18 03:03:57 ----D---- C:\WINDOWS\system32\spool
2009-11-18 03:02:12 ----D---- C:\WINDOWS\system32\mui
2009-11-18 03:02:12 ----D---- C:\Program Files\Internet Explorer
2009-11-17 09:08:35 ----D---- C:\Documents and Settings
2009-11-17 08:41:35 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-11-17 03:02:24 ----A---- C:\WINDOWS\win.ini
2009-11-16 03:01:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-14 13:54:14 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-14 13:19:59 ----D---- C:\WINDOWS\security
2009-11-14 08:51:42 ----D---- C:\Program Files\Common Files\Adobe
2009-11-14 08:51:36 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-11-14 08:51:19 ----D---- C:\Program Files\Adobe
2009-11-13 20:25:35 ----D---- C:\WINDOWS\Help
2009-11-12 10:06:38 ----D---- C:\WINDOWS\Media
2009-11-12 09:53:32 ----D---- C:\Program Files\Common Files
2009-11-12 09:53:31 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-12 09:53:31 ----D---- C:\Program Files\Common Files\InstallShield
2009-11-12 09:49:26 ----D---- C:\WINDOWS\twain_32
2009-11-11 15:29:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-11 09:04:34 ----D---- C:\WINDOWS\system32\Setup
2009-11-11 03:30:47 ----D---- C:\WINDOWS\system32\wbem
2009-11-11 03:22:38 ----D---- C:\Program Files\Messenger
2009-11-11 03:18:09 ----SD---- C:\WINDOWS\Tasks
2009-11-11 03:10:05 ----D---- C:\Program Files\Windows Media Player
2009-11-11 03:01:45 ----D---- C:\Program Files\Outlook Express
2009-11-10 17:11:30 ----D---- C:\WINDOWS\system32\Logfiles
2009-11-10 17:08:58 ----D---- C:\WINDOWS\Debug
2009-11-10 16:46:52 ----D---- C:\WINDOWS\SoftwareDistribution
2009-11-10 16:12:34 ----D---- C:\Program Files\MSN
2009-11-10 15:56:04 ----A---- C:\WINDOWS\system.ini
2009-11-10 13:38:34 ----ASH---- C:\boot.ini
2009-11-10 13:22:37 ----D---- C:\Program Files\Common Files\System
2009-11-10 13:22:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-10 13:19:11 ----D---- C:\WINDOWS\system32\DirectX
2009-11-10 12:52:48 ----D---- C:\WINDOWS\pchealth
2009-11-10 12:52:42 ----D---- C:\WINDOWS\system
2009-11-05 09:36:22 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2007-12-21 30216]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-06-26 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-11-13 28520]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-13 55656]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2007-12-21 39944]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-24 3229696]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-20 93696]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2006-06-26 145920]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-06-26 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-04-02 5810]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2005-06-16 31744]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-06-26 27264]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-14 57984]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-06-26 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-12-11 242320]
S3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
S3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-07-04 4745216]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-06-26 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
S3 ovt519;D-Link VGA Webcam; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-10-15 174530]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-06-26 26368]
S3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-06-26 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2006-06-26 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-13 185089]
R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
R2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-24 557056]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2006-06-26 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-10 152984]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2006-06-26 15872]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2009-03-13 65536]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2006-06-26 15872]
R2 tbhMonitor.exe;The Browser Highlighter Monitor; C:\Program Files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-06-26 38912]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2006-06-26 15872]
S2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EHttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-06-08 208896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-11-26 11:07:26

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E392900-1575-427A-9986-1DE085A4A7BA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E392900-1575-427A-9986-1DE085A4A7BA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA32BDBB-A91E-47AB-97F1-4C7007F4953C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42-->"C:\Program Files\Utilities\7-Zip\Uninstall.exe"
ACDSee Pro 2-->MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
ATI - ???????????????????????????????-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Browser Highlighter - Firefox-->MsiExec.exe /X{3B62CF95-5E25-4720-A3D6-B4A2B0501961}
Canon MP Navigator 3.1-->"C:\Program Files\Canon\MP Navigator 3.1\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.1\uninst.ini
Canon MP140 series-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series /L0x0009
Canon Utilities Easy-LayoutPrint-->C:\Program Files\Canon\Easy-LayoutPrint\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Catalyst Control Center - Branding-->MsiExec.exe /I{4893A35F-0A23-48EC-8E74-24969244D6F2}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Vision-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64550CEC-3191-4273-A86F-289C453A1D3A}\SETUP.EXE" -l0x9 /remove
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
D-Link VGA Webcam-->C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
ESET NOD32 Antivirus-->MsiExec.exe /I{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}

Afficher la suite

A voir également:

Infectes avec un virus win 32 de nouveau type
Wannonce nouveau site - Guide
Wannonces nouveau site - Guide
Cle win 8.1 - Guide
32 bits - Guide
Power iso 32 bit - Télécharger - Gravure

3 réponses

Réponse 1 / 3

ddede67 Messages postés 79 Statut Membre 4

Bonjour lo, je ne vois rien de nouveau pour l'instant

Télécharge AD-Remover de C_XX sur ton Bureau :
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
https://www.androidworld.fr/

Ferme toutes les applications en cours, y compris ton navigateur *.
Désactive ton antivirus.

Double-clique sur AD-R.exe et installe-le dans le répertoire par défaut. ( C:\Program files )

Double clique sur l'icône Ad-remover

Au menu principal choisis l'option S Scanner

Poste le rapport qui apparait à la fin du scan.
Il est sauvegardé ici : C:\Ad-report(date).log

* Process.exe, un composant de l'outil, est détecté par certains antivirus, (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
C'est pourquoi il faut désactiver provisoirement ton antivirus.

Réponse 2 / 3

Merci pour ta reponse.

voila le rapport de AD remover

.
======= LOGFILE OF AD-REMOVER 1.1.4.6_D | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 25.11.2009 at 18:47
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 12:51:03, Thu 11/26/2009 | Normal Boot | Option: SCAN
Executed from: C:\Program Files\Ad-Remover\
Operating system: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Computer Name: PC-2008 | Current user: Administrator
.
============== FOUND ELEMENT(S) ==============
.
Service: ASKService
Service: ASKUpgrade
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Everest Poker
C:\Program Files\AskBarDis
C:\Program Files\Everest Poker
C:\Program Files\Mozilla FireFox\Components\AskSearch.js
C:\DOCUME~1\ADMINI~1\Cookies\administrator@ask[2].txt
C:\DOCUME~1\ADMINI~1\Cookies\administrator@ask[3].txt
.
HKCU\software\appdatalow\AskBarDis
HKCU\software\AskBarDis
HKCU\software\Grand Virtual
HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKLM\software\appdatalow\AskBarDis
HKLM\software\AskBarDis
HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\TypeLib\{090ACFA1-1580-11D1-8AC0-00C0F00910F9}
HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
HKLM\Software\Classes\TypeLib\{B4E90801-B83C-11D0-8B40-00C0F00AE35A}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKLM\software\microsoft\windows\currentversion\uninstall\Everest Poker
HKU\s-1-5-21-515967899-1801674531-839522115-500\software\appdatalow\AskBarDis
HKU\s-1-5-21-515967899-1801674531-839522115-500\software\AskBarDis
HKU\s-1-5-21-515967899-1801674531-839522115-500\software\Grand Virtual
.
============== Added scan ==============
.
.
* Mozilla FireFox Version 3.5.5 [en-US] *
.
ProfilePath: uey2g6le.default (Administrator)
.
.
.
* Internet Explorer Version 7.0.5730.13 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://www.microsoft.com
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
default_page_url: hxxp://www.microsoft.com
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6\patch.exe
.
===================================
.
3214 Byte(s) - C:\Ad-Report-SCAN[1].log
.
2 File(s) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
6 File(s) - C:\WINDOWS\Temp
.
1 File(s) - C:\Program Files\Ad-Remover\BACKUP
0 File(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
End at: 13:00:40 | Thu 11/26/2009 - SCAN[1]
.
============== E.O.F ==============
.

Réponse 3 / 3

ddede67 Messages postés 79 Statut Membre 4

RE, on va désinfecter de la façon suivante

Ferme toutes les applications en cours, y compris ton navigateur
.
Relance "Ad-remover".

Au menu principal choisis l'option L lancer le nettoyage
https://i75.servimg.com/u/f75/11/05/93/83/ad-r210.jpg

Poste le rapport qui apparait à la fin.
Il est sauvegardé ici : C:\Ad-report(date).log

//////////////////////////////////////////////////////////////////////////////////////////////////////////

Télécharge :

- CCleaner - Standard Build
http://www.sosordi.net/Telechargement/logiciel-147-ccleaner-standard-build
A son installation décoche la case devant [b][color=#CC0000]Ajouter la Barre d'Outils Yahoo! CCleaner[/b]
[/color]

Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton bureau à partir de ce lien :

http://www.malwarebytes.org/mbam/program/mbam-setup.exe
https://www.malwarebytes.com/

[b]Met le à jour[/b]

[b] Démarre CCleaner[/b]

- Dans Nettoyeur :

- Onglet Windows ne coche pas la case Avancé

- Onglet Applications laisse toutes les cases cochées

- Clique sur le bouton Analyse puis celle-ci fini sur Lancer le nettoyage

[b]- Lance MalwareByte's Anti-Malware[/b]

- Onglet analyse, vérifie que [b]"Exécuter un examen rapide"[/b] est coché et clique sur le bouton [b]Rechercher[/b] pour démarrer l'analyse.

- A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur [b]OK[/b] pour poursuivre.

- Si MalwareByte's n'a rien détecté, clique sur [b]Ok[/b] Un rapport va apparaître ferme-le.

[b]- Si MalwareByte's a détecté des infections:

[u]- clique sur[/u]
[color=#FF0000]Afficher les résultats[/color]

[u]- Puis sur:[/u]
[color=#FF0000]Supprimer la sélection[/color][/b]

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

- Le rapport peut être retrouvé sous l'onglet Rapports/logs

- Ferme MBAM en cliquant sur Quitter.

[b]Note :[/b] MalwareByte's peut être amené à redémarrer pour terminer la suppression, accepte en cliquant sur [b]Ok[/b]

Tutoriel pour MalwareByte's ici https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

-[b]Poste:[/b]

- Le rapport de malwarebyte's

- Un nouveau log RSIT

Discussions similaires

Huawei P8 Lite "nouveau tag ajouté"

Adobe acrobat fich api-ms-win-core-winrt-l1-1-0.dll manquant

Coco Chat : nouveau lien !

Discussions similaires

Newsletters