Merci Mister Masque
voili le rapport
Logfile of random's system information tool 1.05 (written by random/random)
Run by Christelle at 2009-03-21 12:42:19
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 6 GB (31%) free of 19 GB
Total RAM: 383 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:35, on 21/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\SCOL\UsmWin.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\Documents and Settings\Christelle\Bureau\rsit.exe
C:\Documents and Settings\Christelle\Bureau\Christelle.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\system32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.orange.frR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.myexexex.com/searchbar.phpR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: 64.237.53.4 ad.doubleclick.net
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [o74V3EQ] skeput8.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zwv9ROc9P] raswmi.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Mon agenda personnel Etam.lnk = C:\Program Files\Agenda Etam\calendrier.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Scol.lnk = C:\Program Files\SCOL\UsmWin.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?873bf66715e1415bb01048f0d9fb408a
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?873bf66715e1415bb01048f0d9fb408a
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
O9 - Extra button: Microsoft® JavaScript® Console - {D6D0A0E7-AAB2-4DD6-A09D-D435AC5B5C95} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {D6D0A0E7-AAB2-4DD6-A09D-D435AC5B5C95} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} -
http://www.orange.fr (file missing) (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {D6D0A0E7-AAB2-4DD6-A09D-D435AC5B5C95} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {D6D0A0E7-AAB2-4DD6-A09D-D435AC5B5C95} - C:\WINDOWS\system32\comdlg32.ocx (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file:///C:/Documents%20and%20Settings/Christelle/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2_fr.1.0.0.70.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) -
http://jeuxenligne.orange.fr/orange2.0/games/channel--110167437/lc--fr/room--451a1c1a-17be-4a81-bec4-8e56bd2037e3/online/zenerchi/fr/ZenerchiWeb.1.0.0.10.cabO16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - file:///C:/Documents%20and%20Settings/Christelle/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/ddfotg.1.0.0.37.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) -
http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cabO16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - file:///C:/Documents%20and%20Settings/Christelle/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash.1.0.0.98.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) -
http://jeuxenligne.orange.fr/orange2.0/games/channel--110167437/lc--fr/room--d6234c68-8dad-4630-8197-bce4dfa81ea0/online/wedding_dash/fr/WeddingDash.1.0.0.47.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - file:///C:/Documents%20and%20Settings/Christelle/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/Sweetopia.1.0.0.46.cab
O16 - DPF: {FDE6B956-B80A-4578-9A10-4C24609412F1} -
http://64.158.165.147/output/060571/fr/fullgames/fullgames.exeO23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O24 - Desktop Component 0: (no name) -
http://64.4.30.250/cgi-bin/getmsg/cat4.jpg?curmbox=F000000001&a=9e9b6d94d073f868c59128edc847c335&msg=MSG1081277623.9&start=86481&len=40542&mimepart=3&disk=64.4.30.65_d1178&login=chrislunique&domain=hotmail%2ecom&hm___sig=695768dd01c41cd3db6d70ef3836740710d5d2c58d05c1a1--
End of file - 10993 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 744960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-21 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-10-10 544032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-21 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-21 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-10-10 544032]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2003-12-26 26112]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-08-15 77824]
"o74V3EQ"=skeput8.exe []
"SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2006-01-01 40960]
"V0220Mon.exe"=C:\WINDOWS\V0220Mon.exe [2006-06-28 32768]
"AVFX Engine"=C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe [2006-10-19 20480]
"WOOWATCH"=C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480]
"WOOTASKBARICON"=C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-21 136600]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe [2004-12-15 176128]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]
"Zwv9ROc9P"=raswmi.exe []
"WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880]
"SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [2006-01-01 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]
C:\PROGRA~1\Wanadoo\CnxMon.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe [2004-10-05 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Christelle\Menu Démarrer\Programmes\Démarrage
Mon agenda personnel Etam.lnk - C:\Program Files\Agenda Etam\calendrier.exe
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Scol.lnk - C:\Program Files\SCOL\UsmWin.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOW
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Documents and Settings\Christelle\Mes documents\Mes fichiers reçus\Blobby_Volley\volley.exe"="C:\Documents and Settings\Christelle\Mes documents\Mes fichiers reçus\Blobby_Volley\volley.exe:*:Disabled:volley"
"C:\Program Files\dark-oberon\doberon.exe"="C:\Program Files\dark-oberon\doberon.exe:*:Enabled:doberon"
"C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe"="C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe:*:Enabled:Livecom"
"C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\EconfV4\ftplayer.exe"="C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\EconfV4\ftplayer.exe:*:Enabled:Livecom Media"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SightSpeed\SightSpeed.exe"="C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\Program Files\SCOL\UsmWin.exe"="C:\Program Files\SCOL\UsmWin.exe:*:Disabled:UsmWin"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe"="C:\PROGRA~1\Livecom\APPLIC~1\Exe\Livecom.exe:*:Enabled:Livecom"
"C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\EconfV4\ftplayer.exe"="C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\EconfV4\ftplayer.exe:*:Enabled:Livecom Media"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.scr - open -
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2009-03-21 12:42:19 ----D---- C:\rsit
2009-03-21 11:19:13 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-21 11:19:13 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-21 11:19:13 ----A---- C:\WINDOWS\system32\java.exe
2009-03-21 11:19:13 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-21 11:09:44 ----D---- C:\WINDOWS\LastGood
2009-03-21 10:46:55 ----D---- C:\WINDOWS\LastGood(3)
2009-03-21 10:43:04 ----D---- C:\WINDOWS\LastGood(2)
2009-03-20 22:59:30 ----D---- C:\Documents and Settings\Christelle\Application Data\Malwarebytes
2009-03-20 22:59:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-20 22:59:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-18 21:22:59 ----D---- C:\Documents and Settings\All Users\Application Data\WotT
2009-03-18 20:27:52 ----D---- C:\Documents and Settings\All Users\Application Data\Gogii
2009-03-17 22:22:40 ----D---- C:\Documents and Settings\Christelle\Application Data\Boolat Games
2009-03-15 22:04:31 ----D---- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2009-03-15 22:00:42 ----D---- C:\Documents and Settings\All Users\Application Data\PlayPond
2009-03-15 21:58:22 ----D---- C:\Documents and Settings\All Users\Application Data\TonkyPonky
2009-03-14 22:20:48 ----D---- C:\Documents and Settings\Christelle\Application Data\Oberon Media
2009-03-14 21:17:44 ----D---- C:\Documents and Settings\All Users\Application Data\Intenium
2009-03-14 19:36:47 ----D---- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
2009-03-13 22:48:24 ----D---- C:\Documents and Settings\Christelle\Application Data\ZEMNOTT
2009-03-13 21:20:46 ----D---- C:\Documents and Settings\Christelle\Application Data\MiniIT Games
2009-03-08 21:59:09 ----D---- C:\Documents and Settings\All Users\Application Data\Fugazo
2009-03-08 18:24:18 ----D---- C:\Documents and Settings\All Users\Application Data\SugarGames
2009-03-07 15:43:58 ----D---- C:\Documents and Settings\Christelle\Application Data\EleFun Games
2009-03-06 19:04:47 ----D---- C:\Documents and Settings\Christelle\Application Data\ITTNord
2009-03-04 20:30:03 ----D---- C:\Documents and Settings\Christelle\Application Data\blg
2009-03-04 20:30:03 ----D---- C:\Documents and Settings\All Users\Application Data\blg
2009-02-24 22:49:45 ----DC---- C:\WINDOWS\$NtUninstallKB967715$
======List of files/folders modified in the last 1 months======
2009-03-21 12:42:20 ----D---- C:\WINDOWS\Prefetch
2009-03-21 12:33:42 ----D---- C:\Program Files\Wanadoo
2009-03-21 12:32:52 ----D---- C:\WINDOWS\Temp
2009-03-21 12:23:12 ----AD---- C:\Program Files\Fichiers communs
2009-03-21 12:07:36 ----D---- C:\WINDOWS\system32\drivers
2009-03-21 12:07:29 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-03-21 12:07:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-21 12:07:28 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-21 12:07:13 ----HD---- C:\WINDOWS\inf
2009-03-21 12:00:26 ----D---- C:\WINDOWS\Debug
2009-03-21 12:00:26 ----D---- C:\WINDOWS
2009-03-21 11:35:00 ----D---- C:\WINDOWS\system32
2009-03-21 11:34:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-03-21 11:23:21 ----SHD---- C:\WINDOWS\Installer
2009-03-21 11:23:21 ----HD---- C:\Config.Msi
2009-03-21 11:23:21 ----AD---- C:\Program Files
2009-03-21 11:18:43 ----D---- C:\Program Files\Java
2009-03-21 11:00:15 ----D---- C:\WINDOWS\system32\config
2009-03-21 10:59:53 ----D---- C:\WINDOWS\system32\wbem
2009-03-21 10:59:53 ----D---- C:\WINDOWS\Registration
2009-03-21 10:59:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-21 10:59:28 ----D---- C:\Program Files\Internet Explorer
2009-03-21 10:59:22 ----DC---- C:\WINDOWS\$NtUninstallKB951748$
2009-03-21 10:54:38 ----D---- C:\Program Files\Oberon Media
2009-03-21 10:54:34 ----D---- C:\Program Files\GamesBar
2009-03-21 10:47:17 ----D---- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2009-03-21 10:41:34 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-03-20 23:25:16 ----D---- C:\WINDOWS\pss
2009-03-20 23:25:15 ----A---- C:\WINDOWS\win.ini
2009-03-20 23:25:15 ----A---- C:\WINDOWS\system.ini
2009-03-19 21:35:51 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-19 20:34:42 ----D---- C:\Documents and Settings\Christelle\Application Data\Flood Light Games
2009-03-15 23:27:21 ----D---- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
2009-03-09 20:11:55 ----D---- C:\temp
2009-03-07 16:55:42 ----D---- C:\WINDOWS\system32\DirectX
2009-03-02 22:07:21 ----D---- C:\Documents and Settings\Christelle\Application Data\Boomzap
2009-02-24 22:17:09 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Pilote de
processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2003-12-26 8552]
R2 Devx;Devx; C:\WINDOWS\System32\drivers\Devx.sys [2001-09-06 4448]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-04 11868]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R2 VtPr;VtPr; C:\WINDOWS\System32\drivers\VtPr.sys [2001-10-10 3328]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-04 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-04 220032]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 SiS7012;Service for AC'97 Sample Driver (WDM); C:\WINDOWS\system32\drivers\sis7012.sys [2001-11-26 165760]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-04 685056]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S1 vspf;vspf; \??\C:\WINDOWS\system32\drivers\vspf5.sys []
S1 vspf_hk;vspf_hk; \??\C:\WINDOWS\system32\drivers\vspf_hk5.sys []
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007]
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [2004-03-02 127065]
S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 GcKernel;Pilote de filtre Microsoft SideWinder Value Add; C:\WINDOWS\System32\DRIVERS\GcKernel.sys [2008-04-13 59136]
S3 hidgame;Activateur de port HID à manette de jeu Microsoft; C:\WINDOWS\System32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 HIDSwvd;Minipilote de périphérique Microsoft SideWinder HID virtuel; C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744]
S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 LwAdiHid;Périphériques numériques WingMan Logitech (détection automatique); C:\WINDOWS\System32\DRIVERS\LwAdiHid.sys [2002-08-28 20864]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 V0220Dev;Live! Cam Video IM; C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 146112]
S3 V0220Vfx;V0220VFX; C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 6272]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 ZDCndis5;ZDCndis5 Protocol Driver; \??\C:\WINDOWS\system32\ZDCndis5.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-21 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-10 38912]
S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
S4 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2001-04-06 32256]
S4 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe [2000-11-17 114688]
S4 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
-----------------EOF-----------------