Deckard's System Scanner v20071014.68
Run by Ben on 2008-07-05 23:11:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
34: 2008-07-05 19:11:57 UTC - RP248 - Windows Update
33: 2008-07-05 17:29:06 UTC - RP247 - Windows Update
32: 2008-07-05 17:23:34 UTC - RP246 - Windows Update
31: 2008-06-29 08:23:03 UTC - RP245 - Windows Update
30: 2008-06-20 09:11:12 UTC - RP244 - Windows Update


-- First Restore Point --
1: 2008-05-21 16:02:26 UTC - RP196 - Point de contrôle planifié


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Ben.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:25, on 05/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Users\Ben\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ben.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobt ... module.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--
End of file - 5208 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: ACPI\TOS1901\2&DABA3FF&1
Manufacturer:
Name:
PNP Device ID: ACPI\TOS1901\2&DABA3FF&1
Service:

Class GUID:
Description: Contrôleur de stockage de masse
Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_FF101179&REV_00\4&2D0CA0EF&0&32F0
Manufacturer:
Name: Contrôleur de stockage de masse
PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_FF101179&REV_00\4&2D0CA0EF&0&32F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-07-05 23:15:03 414 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{0A4FCD39-E5A0-4FD5-81F9-8C9B88CCE149}.job


-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-05 23:15:14 0 d-------- C:\Program Files\Trend Micro
2008-07-05 23:10:53 0 drahs---- C:\autorun.inf
2008-06-10 20:49:37 0 d-------- C:\Users\Ben\TaoUSign


-- Find3M Report ---------------------------------------------------------------

2008-07-05 19:13:40 690832 --a------ C:\Windows\system32\perfh00C.dat
2008-07-05 19:13:40 117572 --a------ C:\Windows\system32\perfc00C.dat
2008-06-16 21:05:53 0 d-------- C:\Program Files\Windows Mail
2008-06-04 14:59:31 0 d-------- C:\Users\Ben\AppData\Roaming\EPSON
2008-06-04 14:56:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-04 14:55:58 0 d-------- C:\Users\Ben\AppData\Roaming\InstallShield
2008-06-04 14:22:47 0 d-------- C:\Users\Ben\AppData\Roaming\InterTrust
2008-06-04 14:22:47 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-04 14:21:16 0 d-------- C:\Program Files\ArcSoft
2008-06-04 14:20:27 0 d-------- C:\Program Files\Common Files\Python
2008-06-04 14:20:21 0 d-------- C:\Program Files\Common Files
2008-06-04 14:17:25 0 d-------- C:\Program Files\EPSON
2008-06-04 14:11:05 0 d-------- C:\Program Files\Common Files\InstallShield


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [29/10/2007 07:02]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [11/07/2006 18:12]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [18/04/2008 23:17]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/01/2008 19:16]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 14:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
Auto\command- AdobeR.exe e
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5132e029-d54e-11dc-b7ce-00a0d14bf067}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79295e8e-bf4d-11dc-b776-00a0d14bf067}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9632cad-d571-11dc-8bde-00a0d14bf067}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3670033-9eb5-11dc-94b2-00a0d14bf067}]
AutoRun\command- E:\SETUP.EXE
configure\command- E:\SETUP.EXE
install\command- E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6bd8b13-d55c-11dc-8199-00a0d14bf067}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-05 23:16:51 ------------

Deckard's System Scanner v20071014.68
Run by Propriétaire on 2008-07-06 11:43:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Propriétaire.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:48, on 06/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Mozilla Sunbird\SunTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Thunderbird-Tray\TBTray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Propriétaire\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PROPRI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Raccourci vers SunTray.lnk = C:\Program Files\Mozilla Sunbird\SunTray.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: TB-Tray.lnk = C:\Program Files\Thunderbird-Tray\TBTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://www.photobox.fr/assets/aurigma/I ... oader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - http://www.photobox.fr/discount/clients ... .2.0.6.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://www.bobtv.fr/download/cfweb_www. ... module.exe
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/So ... b31267.cab
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1\RpcSandraSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8068 bytes

-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-06 11:42:48 0 dr-h----- C:\Documents and Settings\Propriétaire\Recent
2008-07-05 16:46:40 0 d-------- C:\Program Files\ToniArts
2008-07-05 15:16:57 0 drahs---- C:\autorun.inf
2008-07-04 19:03:22 0 d-------- C:\Program Files\Trend Micro
2008-06-29 21:59:52 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-06-29 21:55:18 0 d-------- C:\Documents and Settings\Propriétaire\Application Data\Malwarebytes
2008-06-29 21:55:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-29 21:55:13 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-22 15:03:52 0 d-------- C:\Program Files\Activision
2008-06-18 09:33:18 0 d-------- C:\Program Files\Fichiers communs\SureThing Shared
2008-06-18 09:33:02 0 d-------- C:\Program Files\SureThing CD Labeler 5
2008-06-18 09:31:44 0 d-------- C:\Program Files\UnderCoverXP


-- Find3M Report ---------------------------------------------------------------

2008-07-06 11:37:39 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-07-06 11:37:39 0 d-------- C:\Program Files\Mozilla Sunbird
2008-07-05 16:56:54 0 d-------- C:\Program Files\eMule
2008-07-05 14:53:45 0 d-------- C:\Documents and Settings\Propriétaire\Application Data\Macromedia
2008-07-05 14:53:02 0 d-------- C:\Program Files\Fichiers communs\Adobe
2008-07-05 14:50:13 0 d-------- C:\Program Files\Java
2008-07-05 14:42:30 0 d-------- C:\Program Files\Fichiers communs
2008-07-05 11:42:14 0 d-------- C:\Documents and Settings\Propriétaire\Application Data\CamfrogWEB
2008-06-26 19:10:46 0 d-------- C:\Documents and Settings\Propriétaire\Application Data\Mozilla
2008-06-22 15:06:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 11:42:33 0 d-------- C:\Program Files\PC Inspector File Recovery
2008-06-21 11:31:56 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-21 11:28:50 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-17 22:28:09 0 d-------- C:\Documents and Settings\Propriétaire\Application Data\Ahead
2008-04-18 23:53:59 16 --a----c- C:\WINDOWS\popcinfo.dat
2008-04-11 23:57:23 477072 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-04-11 23:57:23 77916 --a------ C:\WINDOWS\system32\perfc00C.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
24/01/2008 16:10 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [16/04/2008 19:44]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 17:05]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [01/02/2008 00:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen 3.5"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [08/07/2006 10:57]

C:\Documents and Settings\Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Raccourci vers SunTray.lnk - C:\Program Files\Mozilla Sunbird\SunTray.exe [27/06/2008 17:24:41]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [05/03/2007 00:42:09]
TB-Tray.lnk - C:\Program Files\Thunderbird-Tray\TBTray.exe [08/11/2005 22:02:44]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [12/05/2005 00:23:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoCommonGroups"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel Kodak EasyShare.lnk
backup=C:\WINDOWS\pss\Logiciel Kodak EasyShare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^RAID Manager.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\RAID Manager.lnk
backup=C:\WINDOWS\pss\RAID Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TB-Tray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TB-Tray.lnk
backup=C:\WINDOWS\pss\TB-Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^MSN Pictures Displayer.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk
backup=C:\WINDOWS\pss\MSN Pictures Displayer.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Yahoo! Widgets.lnk]
path=C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\Yahoo! Widgets.lnk
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^yoyo^Menu Démarrer^Programmes^Démarrage^desktop.ini]
path=C:\Documents and Settings\yoyo\Menu Démarrer\Programmes\Démarrage\desktop.ini
backup=C:\WINDOWS\pss\desktop.iniStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agendatronic Alarm]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.5]
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAVPersonal50]
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pense-bête]
C:\Program Files\AXEL\Pense-bête\pensebet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raccourci vers la page des propriétés de High Definition Audio]
HDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yodm3D]
C:\Documents and Settings\Propriétaire\Mes documents\custom bureau\yodm3D\Yodm3D.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=2 (0x2)
"SharedAccess"=2 (0x2)
"mnmsrvc"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{429ee028-ae58-11db-97e9-0013d4c13c45}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e




-- End of Deckard's System Scanner: finished at 2008-07-06 11:44:14 ------------

Avira AntiVir Personal
Report file date: samedi 5 juillet 2008 19:19

Scanning for 1378724 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Propriétaire
Computer name: LIONEL-AE999A0A

Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 16/04/2008 17:44:52
AVSCAN.DLL : 8.1.1.0 53505 Bytes 16/04/2008 17:44:52
LUKE.DLL : 8.1.2.9 151809 Bytes 16/04/2008 17:44:53
LUKERES.DLL : 8.1.2.1 12033 Bytes 16/04/2008 17:44:53
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 15:40:01
ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 17:10:25
ANTIVIR3.VDF : 7.0.5.52 2048 Bytes 04/07/2008 17:10:25
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 16/04/2008 17:44:54
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 03/07/2008 17:12:42
AESCN.DLL : 8.1.0.22 119157 Bytes 21/06/2008 10:23:41
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 13:39:57
AEPACK.DLL : 8.1.1.6 364918 Bytes 21/06/2008 10:23:40
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 21/06/2008 10:23:37
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 03/07/2008 17:12:40
AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 16:57:00
AEGEN.DLL : 8.1.0.29 307573 Bytes 21/06/2008 10:23:26
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 08:23:30
AECORE.DLL : 8.1.0.32 168311 Bytes 03/07/2008 17:12:25
AVWINLL.DLL : 1.0.0.7 14593 Bytes 16/04/2008 17:44:52
AVPREF.DLL : 8.0.0.1 25857 Bytes 16/04/2008 17:44:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 16/04/2008 17:44:52
AVARKT.DLL : 1.0.0.23 307457 Bytes 16/04/2008 17:44:52
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 16/04/2008 17:44:52
SQLITE3.DLL : 3.3.17.1 339968 Bytes 16/04/2008 17:44:53
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 16/04/2008 17:44:53
NETNT.DLL : 8.0.0.1 7937 Bytes 16/04/2008 17:44:53
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 16/04/2008 17:44:49
RCTEXT.DLL : 8.0.32.0 86273 Bytes 16/04/2008 17:44:49

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: A:, C:, D:, E:, F:, G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 5 juillet 2008 19:19

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Start scanning boot sectors:
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Begin scan in 'F:\'
F:\folder.htt
[DETECTION] Is the Trojan horse TR/Starter.E.1
[NOTE] The file was moved to '48dbf4ca.qua'!
Begin scan in 'G:\'


End of the scan: dimanche 6 juillet 2008 00:23
Used time: 5:04:08 min

The scan has been done completely.

11083 Scanning directories
289890 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
289889 Files not concerned
2705 Archives were scanned
1 Warnings
1 Notes

Deckard's System Scanner v20071014.68
Run by Ben on 2008-07-06 13:29:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Ben.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:29:58, on 06/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ben\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ben.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://bobtv.fr/download/cfweb_www.bobt ... module.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--
End of file - 5208 bytes

-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-06 13:04:10 0 d-------- C:\Program Files\CCleaner
2008-07-05 23:15:14 0 d-------- C:\Program Files\Trend Micro
2008-07-05 23:10:53 0 drahs---- C:\autorun.inf
2008-06-10 20:49:37 0 d-------- C:\Users\Ben\TaoUSign


-- Find3M Report ---------------------------------------------------------------

2008-07-06 11:05:22 690832 --a------ C:\Windows\system32\perfh00C.dat
2008-07-06 11:05:22 117572 --a------ C:\Windows\system32\perfc00C.dat
2008-06-16 21:05:53 0 d-------- C:\Program Files\Windows Mail
2008-06-04 14:59:31 0 d-------- C:\Users\Ben\AppData\Roaming\EPSON
2008-06-04 14:56:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-04 14:55:58 0 d-------- C:\Users\Ben\AppData\Roaming\InstallShield
2008-06-04 14:22:47 0 d-------- C:\Users\Ben\AppData\Roaming\InterTrust
2008-06-04 14:22:47 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-04 14:21:16 0 d-------- C:\Program Files\ArcSoft
2008-06-04 14:20:27 0 d-------- C:\Program Files\Common Files\Python
2008-06-04 14:20:21 0 d-------- C:\Program Files\Common Files
2008-06-04 14:17:25 0 d-------- C:\Program Files\EPSON
2008-06-04 14:11:05 0 d-------- C:\Program Files\Common Files\InstallShield


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [29/10/2007 07:02]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [11/07/2006 18:12]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [18/04/2008 23:17]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/01/2008 19:16]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 14:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\Windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
Auto\command- AdobeR.exe e
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5132e029-d54e-11dc-b7ce-00a0d14bf067}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79295e8e-bf4d-11dc-b776-00a0d14bf067}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9632cad-d571-11dc-8bde-00a0d14bf067}]
AutoRun\command- F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3670033-9eb5-11dc-94b2-00a0d14bf067}]
AutoRun\command- E:\SETUP.EXE
configure\command- E:\SETUP.EXE
install\command- E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6bd8b13-d55c-11dc-8199-00a0d14bf067}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-06 13:30:18 ------------

Avira AntiVir Personal
Report file date: dimanche 6 juillet 2008 01:02

Scanning for 1378724 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Save mode
Username: Ben
Computer name: MON-PC-A-MOI

Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/04/2008 21:17:25
AVSCAN.DLL : 8.1.1.0 53505 Bytes 18/04/2008 21:17:25
LUKE.DLL : 8.1.2.9 151809 Bytes 18/04/2008 21:17:26
LUKERES.DLL : 8.1.2.1 12033 Bytes 18/04/2008 21:17:26
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 08:25:44
ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 17:11:36
ANTIVIR3.VDF : 7.0.5.52 2048 Bytes 04/07/2008 17:11:37
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 18/04/2008 21:17:26
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 05/07/2008 17:11:48
AESCN.DLL : 8.1.0.22 119157 Bytes 29/06/2008 08:26:32
AERDL.DLL : 8.1.0.20 418165 Bytes 28/04/2008 09:18:31
AEPACK.DLL : 8.1.1.6 364918 Bytes 29/06/2008 08:26:29
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 29/06/2008 08:26:24
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 05/07/2008 17:11:46
AEHELP.DLL : 8.1.0.15 115063 Bytes 31/05/2008 17:05:25
AEGEN.DLL : 8.1.0.29 307573 Bytes 29/06/2008 08:25:53
AEEMU.DLL : 8.1.0.6 430451 Bytes 09/05/2008 20:10:41
AECORE.DLL : 8.1.0.32 168311 Bytes 05/07/2008 17:11:39
AVWINLL.DLL : 1.0.0.7 14593 Bytes 18/04/2008 21:17:25
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/04/2008 21:17:25
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 18/04/2008 21:17:25
AVARKT.DLL : 1.0.0.23 307457 Bytes 18/04/2008 21:17:25
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 18/04/2008 21:17:25
SQLITE3.DLL : 3.3.17.1 339968 Bytes 18/04/2008 21:17:26
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 18/04/2008 21:17:26
NETNT.DLL : 8.0.0.1 7937 Bytes 18/04/2008 21:17:26
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 18/04/2008 21:17:16
RCTEXT.DLL : 8.0.32.0 86273 Bytes 18/04/2008 21:17:16

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 6 juillet 2008 01:02

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
17 processes with 17 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '6' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: dimanche 6 juillet 2008 01:41
Used time: 38:46 min

The scan has been done completely.

14449 Scanning directories
217531 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
217531 Files not concerned
1071 Archives were scanned
2 Warnings
0 Notes