scheuch

Euh donc j'ai lancé Malwarebytes' Anti-Malware (MBAM) après avoir fait les mises à jour, seulement au bout de quelques heures le pc a redemarré, lancant une analyse du disque (gt pas derriere le pc...) cette analyse ne s'est jamais fini g donc du redémarré le pc, et au redemarrage il m'a dit que windows a du recupere d'un arret non planifié... par contre cette fois ci le faux antivirus ne s'est pas lancé...

alors j'ai donc commencé par rkill (j'ai desactivé le pare feu pendant ce temps...) le log lui semble vide, je suppose que c'est du au fait qu'en faisant un clic droit je n'ai pas trouvé l'option executer en tant qu'administrateur... voici quand même le fameux log : This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Lorelei on 21/03/2010 at 15:27:25. Processes terminated by Rkill or while it was running: C:\Users\Lorelei\Desktop\rkill.pif Rkill completed on 21/03/2010 at 15:27:29. PS : Quand je l'ai enregestré sur le bureau, en fait il s'agit d'un raccourci rkill sur le bureau

Bon j'ai un problème la... Hijack this ne s'installe pas!!! HijackThis setup was interrupted. Your system has not been modified. To install this program at a later time, please run the installation again. Click the finish button to exit the Setup Wizard. Je ne sais pas quoi faire du coup

Ok dsl pour mon profil, je suis sous windows vista, avec ie8, ce fameux antivirus c'est installé avant hier et : s'il vous faut un log hijackthis, je vais me charger de vous mettre ca. Merci d'avance,

Personne pour m'aider???

Bonjour à tous, Je suis infecté par un virus...ou plutôt un faux antivirus vista qui se lance des que je demarre le pc ou que je lance iexplorer, je ne sais pas comment m'en débarasser, la j'ai réussi à terminer le processus via le gestionnaire des tâches mais il est tres genant!!! Merci d'avance pour vos conseils. A+++ Seb

Ok, pendant le scan j'ai perdu la connexion ultravnc... j'aurai du y penser lol Bon voila donc le rapport combofix : ComboFix 09-01-10.03 - Sylvain 2009-01-11 14:17:22.7 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.627 [GMT 1:00] Lancé depuis: d:\sécurité\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\All Users\Menu Démarrer\Programmes\VirusRemover2008 c:\documents and settings\All Users\Menu Démarrer\Programmes\VirusRemover2008\VirusRemover2008.lnk c:\documents and settings\Sylvain\Menu Démarrer\Programmes\PlayMP3z c:\documents and settings\Sylvain\Menu Démarrer\Programmes\PlayMP3z\Run PlayMP3z.lnk c:\windows\clofghls.dll c:\windows\system32\g4.exe c:\windows\system32\mfcans32.DLL c:\windows\system32\mfcuia32.dll c:\windows\system32\msexcl35.dll c:\windows\system32\msltus35.dll c:\windows\system32\mspdox35.dll c:\windows\system32\mstext35.dll c:\windows\system32\msxbse35.dll ----- BITS: Il y a peut-être des sites infectés ----- hxxp://premium.virginmega.fr . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 )))))))))))))))))))))))))))))))))))) . 2009-01-10 16:19 . 2009-01-10 16:20 <REP> d-------- C:\rsit 2009-01-09 22:59 . 2009-01-09 22:59 <REP> d-------- c:\program files\CCleaner 2009-01-09 16:09 . 2009-01-09 16:10 <REP> d-------- c:\documents and settings\Sylvain\Application Data\Corel 2009-01-05 20:12 . 2009-01-05 20:12 684,544 --a------ c:\windows\system32\nslF8.dll 2009-01-03 11:04 . 2009-01-03 11:04 <REP> d-------- c:\documents and settings\Sylvain\Application Data\.wyzo 2009-01-01 19:20 . 2009-01-01 19:23 <REP> d-------- c:\program files\PartyGaming 2008-12-30 14:24 . 2008-12-30 14:24 <REP> d-------- c:\program files\DynDNS Updater 2008-12-30 14:24 . 2008-12-30 14:24 <REP> d-------- c:\documents and settings\All Users\Application Data\DynDNS 2008-12-30 13:06 . 2004-06-26 15:22 6,016 --a------ c:\windows\system32\drivers\vnccom.SYS 2008-12-30 13:06 . 2008-12-30 13:06 28 --a------ c:\windows\system32\' 2008-12-30 13:05 . 2008-12-30 13:21 <REP> d-------- c:\program files\UltraVNC 2008-12-30 13:05 . 2005-06-11 00:02 12,800 --a------ c:\windows\system32\vncdrv.dll 2008-12-30 13:05 . 2004-06-26 15:21 5,760 --a------ c:\windows\system32\vnchelp.dll 2008-12-30 13:05 . 2004-06-26 15:22 4,736 --a------ c:\windows\system32\drivers\vncdrv.sys 2008-12-29 17:13 . 2008-12-29 17:14 <REP> d-------- c:\windows\system32\Adobe 2008-12-29 12:53 . 2008-12-29 12:53 1,440,054 --a------ C:\screenshot.bmp 2008-12-29 09:39 . 2008-12-29 16:54 <REP> d-------- c:\program files\Bobble Puzzle 2008-12-17 15:31 . 2009-01-09 15:27 <REP> d-------- c:\documents and settings\Mireille\Application Data\948 Series 2008-12-16 18:10 . 2008-12-21 13:22 <REP> d-------- c:\program files\Bejeweled 2 Deluxe 2008-12-16 18:10 . 2008-12-16 18:10 720,896 --a------ c:\windows\iun6002ev.exe 2008-12-16 10:33 . 2008-12-16 10:33 <REP> d-------- c:\documents and settings\Sylvain\Application Data\948 Series 2008-12-16 10:21 . 2009-01-09 18:53 3,140 --ahs---- c:\windows\system32\KGyGaAvL.sys 2008-12-16 10:21 . 2009-01-09 18:53 88 -r-hs---- c:\windows\system32\CA9C025042.sys 2008-12-16 10:20 . 2009-01-09 18:53 <REP> d-------- c:\documents and settings\Mireille\Application Data\Corel 2008-12-16 10:03 . 2009-01-10 12:40 <REP> d-------- c:\documents and settings\All Users\Dl_cats 2008-12-16 10:02 . 2008-12-16 10:02 <REP> d-------- C:\logs 2008-12-16 10:01 . 2007-05-08 19:48 692,224 --a------ c:\windows\system32\dldfdrs.dll 2008-12-16 10:01 . 2007-05-03 20:50 348,160 --a------ c:\windows\system32\dldfcoin.dll 2008-12-16 10:01 . 2007-03-12 23:17 69,632 --a------ c:\windows\system32\dldfcnv4.dll 2008-12-16 10:01 . 2007-05-22 15:17 65,536 --a------ c:\windows\system32\dldfcaps.dll 2008-12-16 10:01 . 2006-08-01 06:53 40,960 --a------ c:\windows\system32\dldfvs.dll 2008-12-16 09:59 . 2008-12-16 10:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Corel 2008-12-16 09:58 . 2008-12-16 09:58 <REP> d-------- c:\program files\Fichiers communs\Corel 2008-12-16 09:58 . 2008-12-16 09:58 <REP> d-------- c:\program files\Corel 2008-12-16 09:58 . 2008-12-16 09:58 1,373,776 --a------ c:\documents and settings\All Users\Application Data\pswi_preloaded.exe 2008-12-16 09:56 . 2008-12-16 09:58 <REP> d-------- c:\program files\Abbyy FineReader 6.0 Sprint 2008-12-16 09:56 . 2007-04-10 19:23 339,968 --a------ c:\windows\system32\IMGMAN32.DLL 2008-12-16 09:56 . 2007-04-10 19:23 98,345 --a------ c:\windows\system32\IMHOST32.DLL 2008-12-16 09:56 . 2007-04-10 19:23 98,304 --a------ c:\windows\system32\IM31XPNG.DEL 2008-12-16 09:56 . 2007-04-10 19:23 69,632 --a------ c:\windows\system32\IM31XTIF.DEL 2008-12-16 09:56 . 2007-04-10 19:23 49,152 --a------ c:\windows\system32\IM31IMG.DIL 2008-12-16 09:56 . 2007-05-04 07:23 49,152 --a------ c:\windows\system32\dldfoem.dll 2008-12-16 09:56 . 2007-09-17 15:19 45,056 --a------ c:\windows\system32\DLDFPMON.DLL 2008-12-16 09:56 . 2007-09-17 15:19 32,768 --a------ c:\windows\system32\DLDFFXPU.DLL 2008-12-16 09:56 . 2007-09-17 15:21 12,288 --a------ c:\windows\system32\DLDFPMRC.DLL 2008-12-16 09:55 . 2008-12-16 09:55 <REP> d-------- c:\documents and settings\All Users\Application Data\948 Series 2008-12-16 09:53 . 2009-01-10 09:28 <REP> d-------- c:\program files\Dell AIO Printer 948 2008-12-14 15:30 . 2008-12-29 00:47 <REP> d-------- c:\program files\Milehighads Games Collection 2008-12-14 15:30 . 2009-01-06 16:52 85,239 --a------ c:\windows\system32\cont_milehighads-remove.exe 2008-12-14 15:30 . 2008-12-29 17:20 68,513 --a------ c:\windows\system32\gsnlxqnzxzllim.dll-uninst.exe 2008-12-14 15:30 . 2008-12-29 17:19 47,576 --a------ c:\windows\system32\jljkmnecepcn.exe 2008-12-14 09:56 . 2008-12-14 09:57 <REP> d-------- c:\program files\WMV9_VCM 2008-12-14 09:51 . 2003-06-23 02:44 1,415,680 --a------ c:\windows\system32\wmv9vcm.dll 2008-12-14 09:51 . 2003-08-29 00:55 423,424 --a------ c:\windows\system32\WMAVDS32.ax 2008-12-14 09:51 . 2001-03-26 03:41 245,760 --a------ c:\windows\system32\mp4sds32.ax 2008-12-13 21:02 . 2008-12-13 21:02 <REP> d-------- c:\documents and settings\Sylvain\Application Data\Apple Computer 2008-12-13 20:59 . 2008-12-13 20:59 <REP> d-------- c:\program files\Fichiers communs\Apple 2008-12-13 20:59 . 2008-12-13 20:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-13 20:58 . 2008-12-13 20:58 <REP> d-------- c:\program files\Apple Software Update 2008-12-13 20:58 . 2008-12-13 20:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple 2008-12-13 20:28 . 1995-06-16 02:03 51,797 --a------ c:\windows\CGMINIVW.HLP 2008-12-13 17:41 . 2008-12-13 17:49 138 --a------ c:\windows\IMSI_EZ.INI 2008-12-13 17:41 . 2008-12-13 17:41 3 --a------ c:\windows\IMSI_EZN.INI 2008-12-13 17:39 . 2008-12-13 17:39 <REP> d-------- C:\IMSI 2008-12-13 16:49 . 1997-07-19 17:00 129,808 --------- c:\windows\system32\comdlg32.ocx 2008-12-13 16:48 . 1997-07-19 17:00 155,920 --------- c:\windows\system32\comct232.ocx 2008-12-13 16:43 . 2008-12-13 17:03 <REP> d-------- c:\program files\Microsoft Games 2008-12-13 16:35 . 2008-12-13 16:36 <REP> d-------- C:\Westwood 2008-12-13 16:26 . 2008-12-13 16:30 <REP> d-------- C:\CFLEET98 2008-12-13 16:23 . 1998-09-02 14:31 28,362 --a------ c:\windows\INSTALL.DAT 2008-12-13 16:18 . 2008-12-13 16:18 <REP> d-------- c:\program files\Serif 2008-12-13 16:14 . 2008-12-13 16:19 <REP> d-------- c:\program files\Broderbund 2008-12-13 16:03 . 2008-12-13 16:03 0 --a------ c:\windows\PROTOCOL.INI 2008-12-13 15:58 . 2008-12-13 15:58 744,960 --a------ c:\windows\system32\IR41_32.DLL 2008-12-13 15:57 . 2008-12-13 15:58 <REP> d-------- c:\windows\UbiSoft 2008-12-13 15:42 . 2008-12-13 15:42 <REP> d-------- C:\COKTEL 2008-12-13 15:42 . 2008-12-13 15:42 <REP> d-------- C:\~WING.TMP 2008-12-13 15:41 . 2008-12-13 15:41 7 --a------ C:\WMDO.CFG 2008-12-13 10:02 . 2008-12-13 10:02 <REP> d-------- c:\windows\Sun 2008-12-11 09:34 . 2008-12-11 09:34 <REP> d-------- c:\program files\VirginMega 2008-12-11 09:12 . 2004-08-19 16:09 221,184 --a------ c:\windows\system32\wmpns.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-11 10:08 --------- d-----w c:\program files\Everest Poker 2009-01-11 10:02 --------- d-----w c:\documents and settings\All Users\Application Data\4D 2009-01-11 08:38 --------- d-----w c:\documents and settings\Sylvain\Application Data\OnlineArmor 2009-01-11 08:22 --------- d-----w c:\documents and settings\Mireille\Application Data\OnlineArmor 2009-01-10 13:55 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-08 21:27 --------- d-----w c:\program files\BitTorrent Fastest Tool 2009-01-08 19:25 --------- d-----w c:\documents and settings\Sylvain\Application Data\LimeWire 2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-20 11:37 --------- d-----w c:\documents and settings\Sylvain\Application Data\AdobeUM 2008-12-18 16:51 --------- d-----w c:\program files\Astonsoft 2008-12-17 18:28 --------- d-----w c:\program files\LimeWire 2008-12-16 16:45 --------- d-----w c:\program files\Jewel Quest 2008-12-15 17:35 --------- d-----w c:\program files\Dl_cats 2008-12-13 20:00 --------- d-----w c:\program files\QuickTime 2008-12-13 14:58 199,168 ----a-w c:\windows\system32\IR32_32.DLL 2008-12-13 09:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-07 15:24 --------- d-----w c:\program files\VstPlugins 2008-12-07 15:23 --------- d-----w c:\program files\Image-Line 2008-12-06 08:10 --------- d-----w c:\program files\NovaLogic 2008-12-04 17:04 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-04 17:04 --------- d-----w c:\program files\Java 2008-12-04 14:53 --------- d-----w c:\program files\Come2PlayK2P 2008-12-04 07:27 --------- d-----w c:\program files\Multi_Media_France 2008-12-02 09:16 --------- d-----w c:\documents and settings\Sylvain\Application Data\dvdcss 2008-11-27 12:38 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-27 12:38 --------- d-----w c:\program files\Fichiers communs\Sony Shared 2008-11-27 12:35 --------- d-----w c:\documents and settings\Sylvain\Application Data\Sony Corporation 2008-11-27 08:02 68,826 ----a-w c:\windows\system32\uninst.exe 2008-11-24 19:38 --------- d-----w c:\program files\SmartGenealogy_2.8c 2008-11-24 19:34 --------- d-----w c:\program files\Fichiers communs\Borland Shared 2008-11-24 18:50 --------- d-----w c:\program files\MyHeritage 2008-11-24 18:50 --------- d-----w c:\documents and settings\Sylvain\Application Data\The Complete Genealogy Reporter - FTB 2008-11-23 19:47 --------- d-----w c:\documents and settings\Sylvain\Application Data\GameHouse 2008-11-23 14:44 --------- d-----w c:\program files\Tall Emu 2008-11-23 14:44 --------- d-----w c:\documents and settings\All Users\Application Data\OnlineArmor 2008-11-23 13:36 --------- d-----w c:\program files\Avira 2008-11-23 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2008-11-22 16:03 --------- d-----w c:\program files\AxBx 2008-11-22 15:58 --------- d-----w c:\program files\Avira GmbH 2008-11-19 09:26 --------- d-----w c:\documents and settings\Sylvain\Application Data\WinButler 2008-11-19 08:01 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-19 08:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-18 16:38 --------- d-----w c:\program files\Code Postal 2008-11-18 10:50 --------- d-----w c:\program files\CDex_150 2008-11-17 23:07 102,400 ----a-w c:\windows\tskerxag.exe 2008-11-17 13:30 --------- d-----w c:\program files\Codutil 59 2008-11-13 11:14 --------- d-----w c:\program files\Iminent 2008-11-12 18:36 --------- d-----w c:\documents and settings\Mireille\Application Data\AdobeUM 2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-16 10:38 663,552 ----a-w c:\windows\system32\wininet.dll 2008-06-11 10:11 0 ----a-w c:\program files\temp01 2009-01-02 16:31 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-02 16:31 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-02 16:31 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-05 19:12 653,824 ----a-w c:\program files\mozilla firefox\components\nsmilehighads.dll 2009-01-02 16:31 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-02 16:31 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll 2008-08-04 14:08 2 --shatr c:\windows\winstart.bat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{b8a5b62c-517f-42a5-85ae-29b5497fb15f}"= "c:\program files\Come2PlayK2P\tbCome.dll" [2008-08-20 1780248] [HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}] 2008-08-20 23:03 1780248 --a------ c:\program files\Come2PlayK2P\tbCome.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe9ee228-582f-0489-7784-9912362322ec}] 2009-01-05 20:12 684544 --a------ c:\windows\system32\nslF8.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{b8a5b62c-517f-42a5-85ae-29b5497fb15f}"= "c:\program files\Come2PlayK2P\tbCome.dll" [2008-08-20 1780248] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{B8A5B62C-517F-42A5-85AE-29B5497FB15F}"= "c:\program files\Come2PlayK2P\tbCome.dll" [2008-08-20 1780248] [HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay] @="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}" [HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}] 2007-08-06 14:20 1222576 --a------ c:\windows\system32\RlShellExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay] @="{F594B094-8768-4632-8143-12852EBBD688}" [HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}] 2007-08-06 14:20 1222576 --a------ c:\windows\system32\RlShellExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay] @="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}" [HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}] 2007-08-06 14:20 1222576 --a------ c:\windows\system32\RlShellExt.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay] @="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}" [HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}] 2007-08-06 14:20 1222576 --a------ c:\windows\system32\RlShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2008-10-07 6216192] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "dldfmon.exe"="c:\program files\Dell AIO Printer 948\dldfmon.exe" [2007-09-18 455336] "MemoryCardManager"="c:\program files\Dell AIO Printer 948\memcard.exe" [2007-09-18 410280] "Dell AIO Printer 948 Fax Server"="c:\program files\Dell AIO Printer 948\fm3032.exe" [2007-09-20 312560] "Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ DynDNS Updater.lnk - c:\program files\DynDNS Updater\DynUpPs.exe [2008-06-23 94208] Serveur UltraVNC (2).lnk - c:\program files\UltraVNC\winvnc.exe [2008-12-30 364544] WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WifiStation.exe [2008-02-24 650240] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2008-10-07 886984] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-19 16:09 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] -ra------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] -ra------ 2001-11-15 19:08 1216512 c:\windows\mixer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\eChanblard\\emule.exe"= "%windir%\\explorer.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"= "c:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"= "c:\\Program Files\\Dell AIO Printer 948\\dldfafcn.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Dell AIO Printer 948\\Wireless\\dldfwpss.exe"= "c:\\WINDOWS\\system32\\dldfcfg.exe"= "c:\\WINDOWS\\system32\\dldfih.exe"= "c:\\Program Files\\Dell AIO Printer 948\\DLDFFax.exe"= "c:\\WINDOWS\\system32\\dldfcoms.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6662:TCP"= 6662:TCP:kieffer "6672:UDP"= 6672:UDP:kieffer R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-11-23 178376] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-11-23 30920] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-11-23 28872] R4 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?] R4 Hinsrv;Hinsrv Service;c:\windows\system32\hinsrv.exe [2008-09-01 81920] R4 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [2008-11-23 1402568] R4 SG_Service;SoftGuard Service;c:\program files\Fichiers communs\RbtProt\sgsrv.exe [2005-04-25 155648] R4 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-12-30 6016] S4 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldfserv.exe [2008-12-16 98952] S4 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2008-11-23 3314688] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ed971c8-78b0-11dd-9939-0008d328a685}] \Shell\AutoRun\command - rthrw.com \Shell\explore\Command - rthrw.com \Shell\open\Command - rthrw.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{700d6dfc-4cd5-11dd-98be-0008d328a685}] \Shell\AutoRun\command - rthrw.com \Shell\explore\Command - rthrw.com \Shell\open\Command - rthrw.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87f7a3ee-51b8-11dd-98ca-0008d328a685}] \Shell\AutoRun\command - H:\nideiect.com \Shell\explore\Command - H:\nideiect.com \Shell\open\Command - H:\nideiect.com . Contenu du dossier 'Tâches planifiées' 2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-01-03 c:\windows\Tasks\At1.job - c:\windows\system32\41W0527I.exe [] 2009-01-09 c:\windows\Tasks\At10.job - c:\windows\system32\41W0527I.exe [] 2009-01-11 c:\windows\Tasks\At11.job - c:\windows\system32\41W0527I.exe [] 2009-01-11 c:\windows\Tasks\At12.job - c:\windows\system32\41W0527I.exe [] 2009-01-11 c:\windows\Tasks\At13.job - c:\windows\system32\41W0527I.exe [] 2009-01-11 c:\windows\Tasks\At14.job - c:\windows\system32\41W0527I.exe [] 2009-01-11 c:\windows\Tasks\At15.job - c:\windows\system32\41W0527I.exe [] 2009-01-10 c:\windows\Tasks\At16.job - c:\windows\system32\41W0527I.exe [] 2009-01-10 c:\windows\Tasks\At17.job - c:\windows\system32\41W0527I.exe [] 2009-01-10 c:\windows\Tasks\At18.job - c:\windows\system32\41W0527I.exe [] 2009-01-10 c:\windows\Tasks\At19.job - c:\windows\system32\41W0527I.exe [] 2009-01-03 c:\windows\Tasks\At2.job - c:\windows\system32\41W0527I.exe [] 2009-01-10 c:\windows\Tasks\At20.job - c:\windows\system32\41W0527I.exe [] 2009-01-10 c:\windows\Tasks\At21.job - c:\windows\system32\41W0527I.exe [] 2009-01-10 c:\windows\Tasks\At22.job - c:\windows\system32\41W0527I.exe [] 2009-01-10 c:\windows\Tasks\At23.job - c:\windows\system32\41W0527I.exe [] 2009-01-10 c:\windows\Tasks\At24.job - c:\windows\system32\41W0527I.exe [] 2009-01-02 c:\windows\Tasks\At25.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-03 c:\windows\Tasks\At26.job - c:\windows\system32\NcUfFrHN.exe [] 2008-12-07 c:\windows\Tasks\At27.job - c:\windows\system32\NcUfFrHN.exe [] 2008-12-07 c:\windows\Tasks\At28.job - c:\windows\system32\NcUfFrHN.exe [] 2008-12-07 c:\windows\Tasks\At29.job - c:\windows\system32\NcUfFrHN.exe [] 2008-12-07 c:\windows\Tasks\At3.job - c:\windows\system32\41W0527I.exe [] 2008-12-07 c:\windows\Tasks\At30.job - c:\windows\system32\NcUfFrHN.exe [] 2008-12-07 c:\windows\Tasks\At31.job - c:\windows\system32\NcUfFrHN.exe [] 2008-12-07 c:\windows\Tasks\At32.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-09 c:\windows\Tasks\At33.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-09 c:\windows\Tasks\At34.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-11 c:\windows\Tasks\At35.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-11 c:\windows\Tasks\At36.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-11 c:\windows\Tasks\At37.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-11 c:\windows\Tasks\At38.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-11 c:\windows\Tasks\At39.job - c:\windows\system32\NcUfFrHN.exe [] 2008-12-07 c:\windows\Tasks\At4.job - c:\windows\system32\41W0527I.exe [] 2009-01-10 c:\windows\Tasks\At40.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-10 c:\windows\Tasks\At41.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-10 c:\windows\Tasks\At42.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-10 c:\windows\Tasks\At43.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-10 c:\windows\Tasks\At44.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-10 c:\windows\Tasks\At45.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-10 c:\windows\Tasks\At46.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-10 c:\windows\Tasks\At47.job - c:\windows\system32\NcUfFrHN.exe [] 2009-01-10 c:\windows\Tasks\At48.job - c:\windows\system32\NcUfFrHN.exe [] 2008-12-07 c:\windows\Tasks\At5.job - c:\windows\system32\41W0527I.exe [] 2008-12-07 c:\windows\Tasks\At6.job - c:\windows\system32\41W0527I.exe [] 2008-12-07 c:\windows\Tasks\At7.job - c:\windows\system32\41W0527I.exe [] 2008-12-07 c:\windows\Tasks\At8.job - c:\windows\system32\41W0527I.exe [] 2009-01-09 c:\windows\Tasks\At9.job - c:\windows\system32\41W0527I.exe [] . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - (no file) WebBrowser-{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7} - (no file) WebBrowser-{FA34EE7E-55EB-41DB-9718-1AE6EA1CF9A5} - (no file) HKCU-Run-WinButler - c:\documents and settings\Sylvain\Application Data\WinButler\WinButler.exe HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\HOMERunner.exe HKCU-Run-Chicdead - c:\docume~1\Sylvain\APPLIC~1\DUPEOB~1\jump list.exe HKLM-Run-dlbxmon.exe - c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe MSConfigStartUp-dlbxmon - c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.ustart.org uInternet Connection Wizard,ShellNext = iexplore IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html Trusted Zone: *.internet Trusted Zone: *.mcafee.com TCP: {35B3EFF2-D176-4CD0-9363-470ED3A77F48} = 212.27.53.252,212.27.54.252 c:\windows\system32\msvcr71.dll - c:\windows\system32\msvcp71.dll c:\windows\system32\AVC_AX_MPEG4.dll c:\windows\system32\AVC_AX_JPEG.dll c:\windows\system32\AVC_AX_RTSP.dll c:\windows\system32\AVC_AX_PB.dll c:\windows\system32\AVC_AX_LIVE.dll c:\windows\system32\AVC718Viewer.dll O16 -: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} hxxp://kitaclore.dyndns.org:5910/AVC_AX_DVR.cab c:\windows\Downloaded Program Files\AVC_AX_DVR.INF c:\windows\Downloaded Program Files\SearchEngineQuery.dll - O16 -: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} hxxp://www.myheritage.fr/Genoogle/Components/ActiveX/SearchEngineQuery.dll FF - ProfilePath - c:\documents and settings\Sylvain\Application Data\Mozilla\Firefox\Profiles\xkipthcu.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q= FF - prefs.js: browser.search.selectedEngine - Yoog Search FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q= FF - component: c:\program files\Mozilla Firefox\components\nsmilehighads.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin9.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Yoog Search FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q= FF - user.js: keyword.enabled - true FF - user.js: browser.search.defaultenginename - Yoog Search FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q= . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-11 14:21:37 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1801674531-299502267-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Heure de fin: 2009-01-11 14:23:57 ComboFix-quarantined-files.txt 2009-01-11 13:23:31 ComboFix2.txt 2008-11-22 21:36:32 Avant-CF: 14 426 791 936 octets libres Après-CF: 14,887,124,992 octets libres 468 --- E O F --- 2008-12-18 14:58:53

up

voila le fichier log de rsit : Logfile of random's system information tool 1.05 (written by random/random) Run by Sylvain at 2009-01-10 16:19:46 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 14 GB (36%) free of 39 GB Total RAM: 1023 MB (60% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:31, on 10/01/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Tall Emu\Online Armor\oasrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\dldfcoms.exe C:\WINDOWS\system32\hinsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Tall Emu\Online Armor\oaui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Dell AIO Printer 948\dldfmon.exe C:\Program Files\Dell AIO Printer 948\memcard.exe C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\Tall Emu\Online Armor\oahlp.exe C:\Program Files\DynDNS Updater\DynUpPs.exe C:\Program Files\UltraVNC\winvnc.exe C:\Program Files\DynDNS Updater\DynTray.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\WINDOWS\system32\wuauclt.exe D:\Sécurité\RSIT.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Documents and Settings\Mireille\Bureau\Sylvain.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - (no file) R3 - URLSearchHook: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file) R3 - URLSearchHook: (no name) - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file) R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file) R3 - URLSearchHook: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file) R3 - URLSearchHook: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file) O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: milehighads - {fe9ee228-582f-0489-7784-9912362322ec} - C:\WINDOWS\system32\nslF8.dll O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe" O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\Sylvain\Application Data\WinButler\WinButler.exe O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [Chicdead] C:\DOCUME~1\Sylvain\APPLIC~1\DUPEOB~1\jump list.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: DynDNS Updater.lnk = C:\Program Files\DynDNS Updater\DynUpPs.exe O4 - Global Startup: Serveur UltraVNC (2).lnk = C:\Program Files\UltraVNC\winvnc.exe O4 - Global Startup: WiFi Station.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} (CV781Object Object) - http://kitaclore.dyndns.org:5910/AVC_AX_DVR.cab O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.fr/Genoogle/Componen...EngineQuery.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 O17 - HKLM\System\CCS\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS2\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS3\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: dlbx_device - Unknown owner - C:\WINDOWS\system32\dlbxcoms.exe (file missing) O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe O23 - Service: Hinsrv Service (Hinsrv) - Unknown owner - C:\WINDOWS\system32\hinsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: SoftGuard Service (SG_Service) - Unknown owner - C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- End of file - 9588 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At10.job C:\WINDOWS\tasks\At11.job C:\WINDOWS\tasks\At12.job C:\WINDOWS\tasks\At13.job C:\WINDOWS\tasks\At14.job C:\WINDOWS\tasks\At15.job C:\WINDOWS\tasks\At16.job C:\WINDOWS\tasks\At17.job C:\WINDOWS\tasks\At18.job C:\WINDOWS\tasks\At19.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At20.job C:\WINDOWS\tasks\At21.job C:\WINDOWS\tasks\At22.job C:\WINDOWS\tasks\At23.job C:\WINDOWS\tasks\At24.job C:\WINDOWS\tasks\At25.job C:\WINDOWS\tasks\At26.job C:\WINDOWS\tasks\At27.job C:\WINDOWS\tasks\At28.job C:\WINDOWS\tasks\At29.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At30.job C:\WINDOWS\tasks\At31.job C:\WINDOWS\tasks\At32.job C:\WINDOWS\tasks\At33.job C:\WINDOWS\tasks\At34.job C:\WINDOWS\tasks\At35.job C:\WINDOWS\tasks\At36.job C:\WINDOWS\tasks\At37.job C:\WINDOWS\tasks\At38.job C:\WINDOWS\tasks\At39.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\At40.job C:\WINDOWS\tasks\At41.job C:\WINDOWS\tasks\At42.job C:\WINDOWS\tasks\At43.job C:\WINDOWS\tasks\At44.job C:\WINDOWS\tasks\At45.job C:\WINDOWS\tasks\At46.job C:\WINDOWS\tasks\At47.job C:\WINDOWS\tasks\At48.job C:\WINDOWS\tasks\At5.job C:\WINDOWS\tasks\At6.job C:\WINDOWS\tasks\At7.job C:\WINDOWS\tasks\At8.job C:\WINDOWS\tasks\At9.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E896FCA-D07E-45FE-901F-6A26FCF59C02}] Iminent.SearchTheWeb.HelperObject - C:\WINDOWS\system32\mscoree.dll [2006-12-22 271360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-04 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}] Come2PlayK2P Toolbar - C:\Program Files\Come2PlayK2P\tbCome.dll [2008-08-20 1780248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-04 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-04 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe9ee228-582f-0489-7784-9912362322ec}] milehighads - C:\WINDOWS\system32\nslF8.dll [2009-01-05 684544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - Come2PlayK2P Toolbar - C:\Program Files\Come2PlayK2P\tbCome.dll [2008-08-20 1780248] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "dlbxmon.exe"=C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe [] "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] "@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2008-10-07 6216192] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-04 136600] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696] "dldfmon.exe"=C:\Program Files\Dell AIO Printer 948\dldfmon.exe [2007-09-18 455336] "MemoryCardManager"=C:\Program Files\Dell AIO Printer 948\memcard.exe [2007-09-18 410280] "Dell AIO Printer 948 Fax Server"=C:\Program Files\Dell AIO Printer 948\fm3032.exe [2007-09-20 312560] "Corel Photo Downloader"=C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [2007-03-21 478800] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] "WinButler"=C:\Documents and Settings\Sylvain\Application Data\WinButler\WinButler.exe [] "german.exe"=C:\WINDOWS\system32\wintems.exe [] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [] "Chicdead"=C:\DOCUME~1\Sylvain\APPLIC~1\DUPEOB~1\jump list.exe [] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] Mixer.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE [2004-08-19 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe] C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage DynDNS Updater.lnk - C:\Program Files\DynDNS Updater\DynUpPs.exe Serveur UltraVNC (2).lnk - C:\Program Files\UltraVNC\winvnc.exe WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] Ati2evxx.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-10-07 886984] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 "NoDispCPL"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoStartMenuMorePrograms"=0 "StartMenuLogOff"=0 "NoToolbarCustomize"=0 "NoSetFolders"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"= "NoDrives"= "NoDriveAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "D:\eChanblard\emule.exe"="D:\eChanblard\emule.exe:*:Disabled:eChanblard" "%windir%\explorer.exe"="%windir%\explorer.exe:*:Enabled:Windows Explorer" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"="C:\Program Files\Dell AIO Printer 948\dldfmon.exe:*:Enabled:Printer Device Monitor" "C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfpswx.exe:*:Enabled:Printer Status Window Interface" "C:\Program Files\Dell AIO Printer 948\dldfaiox.exe"="C:\Program Files\Dell AIO Printer 948\dldfaiox.exe:*:Enabled:AIOC exe" "C:\Program Files\Dell AIO Printer 948\dldfafcn.exe"="C:\Program Files\Dell AIO Printer 948\dldfafcn.exe:*:Enabled: " "C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfjswx.exe:*:Enabled:Job Status Window Interface" "C:\WINDOWS\system32\spool\drivers\w32x86\3\dldftime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldftime.exe:*:Enabled:Time Executable" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Dell AIO Printer 948\Wireless\dldfwpss.exe"="C:\Program Files\Dell AIO Printer 948\Wireless\dldfwpss.exe:*:Enabled: " "C:\WINDOWS\system32\dldfcfg.exe"="C:\WINDOWS\system32\dldfcfg.exe:*:Enabled:Printer Communication System" "C:\WINDOWS\system32\dldfih.exe"="C:\WINDOWS\system32\dldfih.exe:*:Enabled:Printer Communication System" "C:\Program Files\Dell AIO Printer 948\DLDFFax.exe"="C:\Program Files\Dell AIO Printer 948\DLDFFax.exe:*:Enabled:Fax Solutions Software" "C:\WINDOWS\system32\dldfcoms.exe"="C:\WINDOWS\system32\dldfcoms.exe:*:Enabled:Dell Communications System" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ed971c8-78b0-11dd-9939-0008d328a685}] shell\AutoRun\command - rthrw.com shell\explore\command - rthrw.com shell\open\command - rthrw.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{700d6dfc-4cd5-11dd-98be-0008d328a685}] shell\AutoRun\command - rthrw.com shell\explore\command - rthrw.com shell\open\command - rthrw.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87f7a3ee-51b8-11dd-98ca-0008d328a685}] shell\AutoRun\command - H:\nideiect.com shell\explore\command - H:\nideiect.com shell\open\command - H:\nideiect.com ======List of files/folders created in the last 1 months====== 2009-01-10 16:19:46 ----D---- C:\rsit 2009-01-09 22:59:43 ----D---- C:\Program Files\CCleaner 2009-01-09 16:09:47 ----D---- C:\Documents and Settings\Sylvain\Application Data\Corel 2009-01-05 20:12:08 ----A---- C:\WINDOWS\system32\nslF8.dll 2009-01-03 11:04:40 ----D---- C:\Documents and Settings\Sylvain\Application Data\.wyzo 2009-01-02 12:20:20 ----A---- C:\WINDOWS\clofghls.dll 2009-01-01 19:20:18 ----D---- C:\Program Files\PartyGaming 2008-12-30 14:24:33 ----D---- C:\Program Files\DynDNS Updater 2008-12-30 14:24:33 ----D---- C:\Documents and Settings\All Users\Application Data\DynDNS 2008-12-30 13:05:53 ----A---- C:\WINDOWS\system32\vnchelp.dll 2008-12-30 13:05:53 ----A---- C:\WINDOWS\system32\vncdrv.dll 2008-12-30 13:05:52 ----D---- C:\Program Files\UltraVNC 2008-12-29 17:13:38 ----D---- C:\WINDOWS\system32\Adobe 2008-12-29 09:39:02 ----D---- C:\Program Files\Bobble Puzzle 2008-12-18 15:58:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$ 2008-12-16 18:10:42 ----A---- C:\WINDOWS\iun6002ev.exe 2008-12-16 18:10:27 ----D---- C:\Program Files\Bejeweled 2 Deluxe 2008-12-16 10:33:10 ----D---- C:\Documents and Settings\Sylvain\Application Data\948 Series 2008-12-16 10:02:10 ----D---- C:\logs 2008-12-16 10:01:46 ----A---- C:\WINDOWS\system32\dldfvs.dll 2008-12-16 10:01:41 ----A---- C:\WINDOWS\system32\dldfcoin.dll 2008-12-16 10:01:12 ----A---- C:\WINDOWS\system32\dldfdrs.dll 2008-12-16 10:01:12 ----A---- C:\WINDOWS\system32\dldfcaps.dll 2008-12-16 10:01:11 ----A---- C:\WINDOWS\system32\dldfcnv4.dll 2008-12-16 09:59:56 ----D---- C:\Documents and Settings\All Users\Application Data\Corel 2008-12-16 09:58:43 ----D---- C:\Program Files\Fichiers communs\Corel 2008-12-16 09:58:43 ----D---- C:\Program Files\Corel 2008-12-16 09:58:40 ----A---- C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe 2008-12-16 09:56:58 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint 2008-12-16 09:56:08 ----A---- C:\WINDOWS\system32\IMHOST32.DLL 2008-12-16 09:56:08 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL 2008-12-16 09:56:08 ----A---- C:\WINDOWS\system32\DLDFPMRC.DLL 2008-12-16 09:56:08 ----A---- C:\WINDOWS\system32\DLDFPMON.DLL 2008-12-16 09:56:08 ----A---- C:\WINDOWS\system32\dldfoem.dll 2008-12-16 09:56:08 ----A---- C:\WINDOWS\system32\DLDFFXPU.DLL 2008-12-16 09:55:12 ----D---- C:\Documents and Settings\All Users\Application Data\948 Series 2008-12-16 09:53:48 ----D---- C:\Program Files\Dell AIO Printer 948 2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfutil.dll 2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfusb1.dll 2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfserv.dll 2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfprox.dll 2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfpmui.dll 2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldflmpm.dll 2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfjswr.dll 2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfinst.dll 2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfinsr.dll 2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfinsb.dll 2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfinpa.dll 2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfiesc.dll 2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfhcp.dll 2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfins.dll 2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfih.exe 2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfhbn3.dll 2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfgrd.dll 2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfgf.dll 2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfcur.dll 2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfcub.dll 2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfcu.dll 2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfcoms.exe 2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfcomm.dll 2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfcomc.dll 2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfcfg.exe 2008-12-16 09:53:33 ----A---- C:\WINDOWS\system32\dldfcfg.dll 2008-12-14 15:30:46 ----A---- C:\WINDOWS\system32\gsnlxqnzxzllim.dll-uninst.exe 2008-12-14 15:30:37 ----D---- C:\Program Files\Milehighads Games Collection 2008-12-14 15:30:30 ----A---- C:\WINDOWS\system32\cont_milehighads-remove.exe 2008-12-14 15:30:14 ----A---- C:\WINDOWS\system32\jljkmnecepcn.exe 2008-12-14 09:56:31 ----D---- C:\Program Files\WMV9_VCM 2008-12-14 09:51:36 ----A---- C:\WINDOWS\system32\wmv9vcm.dll 2008-12-13 21:02:45 ----D---- C:\Documents and Settings\Sylvain\Application Data\Apple Computer 2008-12-13 20:59:48 ----D---- C:\Program Files\Fichiers communs\Apple 2008-12-13 20:59:38 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-12-13 20:58:57 ----D---- C:\Program Files\Apple Software Update 2008-12-13 20:58:57 ----D---- C:\Documents and Settings\All Users\Application Data\Apple 2008-12-13 17:41:32 ----A---- C:\WINDOWS\IMSI_EZN.INI 2008-12-13 17:41:32 ----A---- C:\WINDOWS\IMSI_EZ.INI 2008-12-13 17:40:20 ----A---- C:\WINDOWS\QTW.INI 2008-12-13 17:40:17 ----RA---- C:\WINDOWS\VIEWER.EXE 2008-12-13 17:40:17 ----RA---- C:\WINDOWS\VIEWENU.DLL 2008-12-13 17:40:17 ----RA---- C:\WINDOWS\README.EXE 2008-12-13 17:40:17 ----RA---- C:\WINDOWS\PLAYER.EXE 2008-12-13 17:40:17 ----RA---- C:\WINDOWS\PLAYENU.DLL 2008-12-13 17:39:29 ----D---- C:\IMSI 2008-12-13 16:43:15 ----D---- C:\Program Files\Microsoft Games 2008-12-13 16:35:05 ----D---- C:\Westwood 2008-12-13 16:26:28 ----D---- C:\CFLEET98 2008-12-13 16:18:00 ----D---- C:\Program Files\Serif 2008-12-13 16:17:26 ----D---- C:\WINDOWS\Profiles 2008-12-13 16:17:20 ----A---- C:\WINDOWS\system32\ltkrn80n.dll 2008-12-13 16:17:19 ----A---- C:\WINDOWS\system32\ltkrn11n.dll 2008-12-13 16:17:19 ----A---- C:\WINDOWS\system32\ltimg11n.dll 2008-12-13 16:17:19 ----A---- C:\WINDOWS\system32\ltfil11n.DLL 2008-12-13 16:17:19 ----A---- C:\WINDOWS\system32\lfwpg11n.dll 2008-12-13 16:17:19 ----A---- C:\WINDOWS\system32\lfwmf11n.dll 2008-12-13 16:17:19 ----A---- C:\WINDOWS\system32\lftif11n.dll 2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\LTDIS11n.dll 2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\lfpsd11n.dll 2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\Lfpng11n.dll 2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\lfpcx11n.dll 2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\lfpcd11n.dll 2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\lfgif11n.dll 2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\lffax11n.dll 2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\lfeps11n.dll 2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\lfbmp11n.dll 2008-12-13 16:17:17 ----A---- C:\WINDOWS\system32\LFCMP11n.DLL 2008-12-13 16:17:04 ----A---- C:\WINDOWS\system32\MFCUIA32.DLL 2008-12-13 16:17:04 ----A---- C:\WINDOWS\system32\MFCANS32.DLL 2008-12-13 16:17:04 ----A---- C:\WINDOWS\system32\ImageServerMI.dll 2008-12-13 16:14:39 ----D---- C:\Program Files\Broderbund 2008-12-13 16:03:11 ----A---- C:\WINDOWS\PROTOCOL.INI 2008-12-13 15:58:37 ----A---- C:\WINDOWS\system32\IR41_32.DLL 2008-12-13 15:57:39 ----D---- C:\WINDOWS\UbiSoft 2008-12-13 15:42:23 ----D---- C:\~WING.TMP 2008-12-13 15:42:20 ----D---- C:\COKTEL 2008-12-13 10:02:24 ----D---- C:\WINDOWS\Sun 2008-12-11 23:28:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-11 23:28:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-11 23:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$ 2008-12-11 23:24:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-11 23:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2008-12-11 09:34:49 ----D---- C:\Program Files\VirginMega 2008-12-11 09:13:11 ----N---- C:\WINDOWS\system32\spmsg.dll 2008-12-11 09:12:48 ----A---- C:\WINDOWS\system32\wmpns.dll ======List of files/folders modified in the last 1 months====== 2009-01-10 16:20:28 ----D---- C:\WINDOWS\Prefetch 2009-01-10 16:17:38 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-10 16:17:34 ----D---- C:\Documents and Settings\Sylvain\Application Data\OnlineArmor 2009-01-10 16:17:26 ----D---- C:\WINDOWS\temp 2009-01-10 16:16:13 ----D---- C:\WINDOWS\system32 2009-01-10 16:16:10 ----HD---- C:\WINDOWS\system32\drivers 2009-01-10 16:15:35 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-10 16:11:51 ----RD---- C:\Program Files 2009-01-10 14:55:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-01-10 09:29:11 ----D---- C:\WINDOWS 2009-01-09 23:52:53 ----D---- C:\WINDOWS\Minidump 2009-01-09 23:52:53 ----D---- C:\WINDOWS\Debug 2009-01-09 22:48:14 ----D---- C:\Program Files\Mozilla Firefox 2009-01-09 20:36:51 ----HD---- C:\WINDOWS\inf 2009-01-09 18:33:52 ----A---- C:\WINDOWS\NeroDigital.ini 2009-01-09 17:15:33 ----A---- C:\log_lobby_dumper.txt 2009-01-09 17:15:33 ----A---- C:\log_lobby.txt 2009-01-09 17:15:23 ----D---- C:\Program Files\Everest Poker 2009-01-09 16:00:59 ----SHD---- C:\WINDOWS\Installer 2009-01-09 16:00:59 ----SHD---- C:\Config.Msi 2009-01-08 22:27:44 ----D---- C:\Program Files\BitTorrent Fastest Tool 2009-01-08 20:25:21 ----D---- C:\Documents and Settings\Sylvain\Application Data\LimeWire 2009-01-07 09:25:41 ----D---- C:\WINDOWS\SoftwareDistribution 2009-01-03 12:05:40 ----A---- C:\WINDOWS\win.ini 2009-01-02 11:58:42 ----D---- C:\Temp 2008-12-31 14:24:29 ----A---- C:\WINDOWS\mafosav.INI 2008-12-29 17:13:48 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-12-21 18:09:48 ----A---- C:\WINDOWS\NAVIGMA.INI 2008-12-20 12:37:01 ----D---- C:\Documents and Settings\Sylvain\Application Data\AdobeUM 2008-12-18 17:51:37 ----D---- C:\Program Files\Astonsoft 2008-12-18 15:58:43 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-12-18 15:58:03 ----HD---- C:\WINDOWS\$hf_mig$ 2008-12-17 19:28:13 ----D---- C:\Program Files\LimeWire 2008-12-16 17:45:30 ----D---- C:\Program Files\Jewel Quest 2008-12-16 10:02:58 ----D---- C:\WINDOWS\system32\CatRoot 2008-12-16 09:58:43 ----D---- C:\Program Files\Fichiers communs 2008-12-15 18:35:15 ----D---- C:\Program Files\Dl_cats 2008-12-15 18:35:15 ----A---- C:\WINDOWS\dellstat.ini 2008-12-13 21:00:07 ----D---- C:\Program Files\QuickTime 2008-12-13 20:59:17 ----SD---- C:\WINDOWS\Tasks 2008-12-13 20:31:25 ----A---- C:\WINDOWS\wininit.ini 2008-12-13 17:40:20 ----A---- C:\WINDOWS\SYSTEM.INI 2008-12-13 17:40:17 ----D---- C:\WINDOWS\system 2008-12-13 17:13:15 ----A---- C:\WINDOWS\GLFHELP.INI 2008-12-13 15:58:37 ----A---- C:\WINDOWS\system32\IR32_32.DLL 2008-12-13 15:41:01 ----RSD---- C:\WINDOWS\Fonts 2008-12-13 10:04:53 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-12-12 18:35:12 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-12-11 23:28:23 ----D---- C:\Program Files\Internet Explorer 2008-12-11 09:15:34 ----D---- C:\Program Files\Windows Media Player 2008-12-11 09:12:23 ----D---- C:\WINDOWS\Help ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-19 41600] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-01-07 75072] R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys [] R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys [] R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys [] R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2005-11-04 55168] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-02-24 20747] R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096] R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2005-11-10 88800] R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-02-24 679424] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 cmpci;Gamesurround Muse Lt; C:\WINDOWS\system32\drivers\cmaudio.sys [2001-12-11 357070] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-28 9600] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288] R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896] R3 RT61;802.11g Wireless Driver RT61; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-03-09 366080] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024] R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736] S3 catchme;catchme; \??\C:\CF\catchme.sys [] S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-03-25 223128] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [] S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [] S3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-04-08 29696] S3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-04-08 282880] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 dldf_device;dldf_device; C:\WINDOWS\system32\dldfcoms.exe [2007-06-26 598664] R2 Hinsrv;Hinsrv Service; C:\WINDOWS\system32\hinsrv.exe [2005-02-05 81920] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-04 152984] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\oacat.exe [2008-10-07 1402568] R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656] R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2005-11-10 204512] R2 SG_Service;SoftGuard Service; C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe [2005-04-25 155648] R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008-10-07 3314688] R3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S2 dldfCATSCustConnectService;dldfCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe [2007-06-26 98952] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 dlbx_device;dlbx_device; C:\WINDOWS\system32\dlbxcoms.exe -service [] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336] S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-02-24 397312] S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-02-24 516096] -----------------EOF----------------- et le fichier info de rsit : info.txt logfile of random's system information tool 1.05 2009-01-10 16:20:40 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Abracadabra-->C:\Program Files\phelios\Abracadabra\Uninstal.exe Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001} Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->D:\WinRAR\uninstall.exe ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Avira RootKit Detection-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FD25FCD-6F39-4686-AFBB-7056EBAE5E68}\setup.exe" -l0x9 Bejeweled 2 Deluxe-->C:\WINDOWS\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini" Bobble Puzzle 0.90-->"C:\Program Files\Bobble Puzzle\unins000.exe" BufferZone-->MsiExec.exe /X{793CFFC9-A72F-431D-9C74-2E9361E67D04} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe" Code Postal 1.2-->"C:\Program Files\Code Postal\unins000.exe" Come2PlayK2P Toolbar-->C:\PROGRA~1\COME2P~1\UNWISE.EXE C:\PROGRA~1\COME2P~1\INSTALL.LOG Contextual Tool Milehighads-->C:\WINDOWS\system32\cont_milehighads-remove.exe Corel Snapfire Plus-->MsiExec.exe /X{7ADE3A47-B425-45E9-8FF6-11BE2B775645} Dell AIO Printer 948-->C:\Program Files\Dell AIO Printer 948\Install\x86\Uninst.exe DynDNS Updater-->C:\Program Files\DynDNS Updater\Uninstall.exe {6F6453D5-4741-478A-B481-9671884603AF} Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar.dll" HijackThis 2.0.2-->"C:\Utilitaire securite\HijackThis.exe" /uninstall Image Transfer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL ImageMixer for Sony-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe" Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0} Jasc Paint Shop Pro 8-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328} Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Jewel Quest (remove only)-->"C:\Program Files\Jewel Quest\Uninstall.exe" Jewel Quest-->"C:\Program Files\Jewel Quest\unins000.exe" LcCp-->c:\lccp\Uninstal.exe Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe" LuckyTender 1.3.0-->C:\Program Files\LuckyTender\uninst.exe Luxor 3-->C:\PROGRA~1\GAMEHO~1\LUXOR3~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\LUXOR3~1\INSTALL.LOG Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Mario Forever 4.0-->C:\Program Files\Mario Forever\uninst.exe Maxi Puzzles-->"D:\Maxi Puzzles\unins000.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Golf 3.0-->C:\Program Files\Microsoft Games\Golf 3.0\setup\setup.exe Microsoft Motocross Madness-->"C:\Program Files\Microsoft Games\Motocross Madness\Uninstal.exe" /runtemp Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall MicroStaff WINASPI-->C:\MWASPI\uninst.exe Milehighads Games Collection-->C:\Program Files\Milehighads Games Collection\uninstall.exe Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mozilla Firefox (2.0.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Multi Virus Cleaner 2008-->"C:\Program Files\AxBx\Multi Virus Cleaner 2008\unins000.exe" Multi_Media Toolbar-->C:\PROGRA~1\MULTI_~1\UNWISE.EXE C:\PROGRA~1\MULTI_~1\INSTALL.LOG Multi_Media_France Toolbar-->C:\PROGRA~1\MULTI_~1\UNWISE.EXE C:\PROGRA~1\MULTI_~1\INSTALL.LOG MyHeritage Family Tree Builder-->C:\Program Files\MyHeritage\Bin\Uninstall.exe Nero 7 Premium-->MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1036} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Audio Driver-->C:\WINDOWS\system32\nvuAudio.exe Uninstall C:\WINDOWS\system32\NvAudio.nvu,NVIDIA Audio Driver Online Armor 3.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe" PCI Audio Driver-->cmuninst.exe Pilotes NVIDIA nForce pour Windows 2000/XP-->rundll32.exe C:\WINDOWS\system32\NVNFINST.DLL,NvUninstallCrush PrintMaster® Classic-->C:\WINDOWS\UNIN040C.EXE -f"C:\PROGRA~1\BRODER~1\PRINTM~1\DeIsL1.isu" -c"C:\PROGRA~1\BRODER~1\PRINTM~1\psfinst.dll" QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} Radar Sync Bar-->C:\PROGRA~1\RADARS~1\UNWISE.EXE C:\PROGRA~1\RADARS~1\INSTALL.LOG RON Tool Milehighads-->C:\WINDOWS\system32\jljkmnecepcn.exe Search Assistant Mysidesearch-->C:\WINDOWS\system32\gsnlxqnzxzllim.dll-uninst.exe Secured eMule Toolbar-->C:\PROGRA~1\SECURE~2\UNWISE.EXE C:\PROGRA~1\SECURE~2\INSTALL.LOG Secured eMule-->C:\PROGRA~1\SECURE~1\UNWISE.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Sentinel Protection Installer 7.2.1-->MsiExec.exe /I{97407E09-4EA8-49F0-A513-2C1776A6DEC0} Serif DrawPlus 3.0-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Serif\dp30\DrawPlus_uninst.isu" Share Accelerator-->regsvr32 /u /s "C:\Program Files\IEToolbar\Share Accelerator\ShareAcceleratorToolbar12_11_08.dll" Sony USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL Timbres de France-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0251056F-ABC7-4CA4-9B8C-16814EDCD907}\Setup.exe" -l0x40c UltraVNC v1.0.2 Fr-->"C:\Program Files\UltraVNC\unins000.exe" Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302} Vb Progress-Bar ActiveX-->C:\WINDOWS\system32\uninst.exe VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5} VIRTUA SQUAD 2-->C:\WINDOWS\Vc2Uinst.EXE C:\WINDOWS\VCOP2.INI WiFi Station-->C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\Setup.exe -runfromtemp -l0x040c -removeonly Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe WPOSTAL-->C:\WPOSTAL\Uninstal.exe ======Security center information====== AV: Avira AntiVir PersonalEdition FW: Pare-feu Online Armor System event log Computer Name: KIEFFER Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free. Record Number: 32686 Source Name: EventLog Time Written: 20081213175840.000000+060 Event Type: Informations User: Computer Name: KIEFFER Event Code: 6006 Message: Le service d'Enregistrement d'événement a été arrêté. Record Number: 32685 Source Name: EventLog Time Written: 20081213175725.000000+060 Event Type: Informations User: Computer Name: KIEFFER Event Code: 7036 Message: Le service Online Armor est entré dans l'état : en cours d'exécution. Record Number: 32684 Source Name: Service Control Manager Time Written: 20081213175601.000000+060 Event Type: Informations User: Computer Name: KIEFFER Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Online Armor. Record Number: 32683 Source Name: Service Control Manager Time Written: 20081213175537.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: KIEFFER Event Code: 7034 Message: Le service Online Armor s'est terminé de façon inattendue pour la 1ème fois. Record Number: 32682 Source Name: Service Control Manager Time Written: 20081213175535.000000+060 Event Type: erreur User: Application event log Computer Name: KIEFFER Event Code: 4 Message: Record Number: 5141 Source Name: SentinelProtectionServer Time Written: 20090110092844.000000+060 Event Type: Informations User: Computer Name: KIEFFER Event Code: 1516 Message: Windows a déchargé le Registre utilisateur KIEFFER\Mireille lorsqu'il a reçu une notification qu'aucune application ou aucun service n'utilisait le profil. Record Number: 5140 Source Name: Userenv Time Written: 20090110002118.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: KIEFFER Event Code: 1517 Message: Windows a sauvegardé le Registre utilisateur KIEFFER\Mireille alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local. Record Number: 5139 Source Name: Userenv Time Written: 20090110002115.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: KIEFFER Event Code: 3 Message: 10/1/2009 0:20 Client 81.56.240.252 disconnected Record Number: 5138 Source Name: UltraVnc Time Written: 20090110002055.000000+060 Event Type: Informations User: Computer Name: KIEFFER Event Code: 2001 Message: Rejected Safe Mode action : Microsoft Office Outlook. Record Number: 5137 Source Name: Microsoft Office 12 Time Written: 20090109234031.000000+060 Event Type: erreur User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0801 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------

Voila déjà le rapport de MBAM : Malwarebytes' Anti-Malware 1.32 Version de la base de données: 1638 Windows 5.1.2600 Service Pack 2 10/01/2009 16:11:51 mbam-log-2009-01-10 (16-11-51).txt Type de recherche: Examen complet (C:\|D:\|E:\|) Eléments examinés: 143429 Temps écoulé: 1 hour(s), 11 minute(s), 44 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 7 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 2 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5a8b4da1-773c-bf40-463b-3895b077261f} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5a8b4da1-773c-bf40-463b-3895b077261f} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a984eb01-39ca-098c-a4e7-912a02e38c4b} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a984eb01-39ca-098c-a4e7-912a02e38c4b} (Adware.BHO) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\znqaaaqmpt (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully. C:\Program Files\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\System Volume Information\_restore{EC5E7376-8FDB-4BBA-B893-839341FB7AA6}\RP36\A0021969.exe (Adware.Adrotator) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{EC5E7376-8FDB-4BBA-B893-839341FB7AA6}\RP17\A0013146.exe (Adware.Agent) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{EC5E7376-8FDB-4BBA-B893-839341FB7AA6}\RP31\A0018714.exe (Adware.Agent) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{EC5E7376-8FDB-4BBA-B893-839341FB7AA6}\RP45\A0025334.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qemdytfrfwdra.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\gsnlxqnzxzllim.dll (Adware.BHO) -> Delete on reboot.

Ok Merci, j'attaque de suite. Par contre a noter que je me connecte a ce pc via ultravnc merci de ne pas me faire désinstaller Je posterai le rapport dès que l'analyse est fini

Bonjour, Je profite d'un peu de temps libre pour faire du ménage sur le pc d'un proche, Je viens de passer un coup de ccleaner et maintenat j'ai passé hijackthis et j'aimerai votre avis sur la suite des opérations a faire selon vous pour avoir un pc qui soit le plus "propre" possible. Voici le rapport et merci d'avance : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:04, on 2009-01-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Dell AIO Printer 948\memcard.exe C:\WINDOWS\System32\regsvr32.exe C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\DynDNS Updater\DynUpPs.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\DynDNS Updater\DynTray.exe C:\WINDOWS\system32\netdde.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\hinsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Tall Emu\Online Armor\oacat.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\dldfcoms.exe C:\Program Files\Dell AIO Printer 948\dldfmon.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\DllHost.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Dell AIO Printer 948\dldfmon.exe C:\Program Files\Dell AIO Printer 948\memcard.exe C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DynDNS Updater\DynUpPs.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\DynDNS Updater\DynTray.exe C:\WINDOWS\system32\WISPTIS.EXE C:\Program Files\UltraVNC\winvnc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Mireille\Bureau\HiJackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing) O2 - BHO: mysidesearch search enhancer - {5A8B4DA1-773C-BF40-463B-3895B077261F} - C:\WINDOWS\system32\gsnlxqnzxzllim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: milehighads browser enhancer - {A984EB01-39CA-098C-A4E7-912A02E38C4B} - C:\WINDOWS\system32\qemdytfrfwdra.dll O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file) O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: milehighads - {fe9ee228-582f-0489-7784-9912362322ec} - C:\WINDOWS\system32\nslF8.dll O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe" O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s O4 - HKLM\..\Run: [znqaaaqmpt] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\qemdytfrfwdra.dll" O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1801674531-299502267-725345543-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Sylvain') O4 - HKUS\S-1-5-21-1801674531-299502267-725345543-1003\..\Run: [WinButler] C:\Documents and Settings\Sylvain\Application Data\WinButler\WinButler.exe (User 'Sylvain') O4 - HKUS\S-1-5-21-1801674531-299502267-725345543-1003\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe (User 'Sylvain') O4 - HKUS\S-1-5-21-1801674531-299502267-725345543-1003\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" (User 'Sylvain') O4 - HKUS\S-1-5-21-1801674531-299502267-725345543-1003\..\Run: [Chicdead] C:\DOCUME~1\Sylvain\APPLIC~1\DUPEOB~1\jump list.exe (User 'Sylvain') O4 - HKUS\S-1-5-21-1801674531-299502267-725345543-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Sylvain') O4 - Global Startup: DynDNS Updater.lnk = C:\Program Files\DynDNS Updater\DynUpPs.exe O4 - Global Startup: WiFi Station.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O16 - DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} (CV781Object Object) - http://kitaclore.dyndns.org:5910/AVC_AX_DVR.cab O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.fr/Genoogle/Componen...EngineQuery.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688 O17 - HKLM\System\CCS\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS2\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252 O17 - HKLM\System\CS3\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: dlbx_device - Unknown owner - C:\WINDOWS\system32\dlbxcoms.exe (file missing) O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe O23 - Service: Hinsrv Service (Hinsrv) - Unknown owner - C:\WINDOWS\system32\hinsrv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: SoftGuard Service (SG_Service) - Unknown owner - C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe O24 - Desktop Component 0: Ma page d'accueil - About:Home -- End of file - 9667 bytes

Ok test effectué, cela marche sans problème en filaire... du coup j'ai déplacé mon mon repeteur wifi et je n'ai plus de probleme, mais je commence a songer a abandonnée le wifi qui est "trop capricieux", la qualité de connexion varie pour tout et n'importe quoi avec des murs entres c'est la galère

Si je résume tu veux que ton pc connecté sur ta livebox puisse communique avec le pc du voisin qui chez neuf pour partager des fichiers... Et la concrètement ce n'est pas possible en l'état... Ta livebox "crée" ton réseau wifi, c'est un point d'accès et la neufbox ou freebox de ton pote c pareil : donc il y a deux réseaux bien distincts... Par contre tu devrais (mais g pas tester) si tu installes une carte wifi sur ton pc et que tu la configure avec les parametres du réseau de ton pote, en ayant le meme groupe de travail pouvoir partager les fichiers avec lui... Mais si ta livebox est par ex en 192.168.0.xxx, il serait préferable que la neufbox de ton pote soit en 192.168.1.xxx et concernant l'accès a internet je ne sais pas comment tu définira lequel de tes points d'acces tu vas utiliser... l'autre solution, est que ton pote qui est en wifi sur la neufbox se mette en ethernet dessus et configure son wifi pour être sur le tien de la même façon que décrit au dessus... Personellement je n'ai jamais essayé, ca devrait marché mais je pense qu'il faudra bidouillé un peu pour arriver a quelque chose de correct (deja ne surtout pas oublié de mettre les pc dans le meme groupe de travail). Je ne sais pas si ca va t'aider a+++ scheuch

Personne n'a une idée ? Cela serait il du a la qualité du signal wifi?