Christophe75015

Membres

Afficher le profil Afficher son activité

Compteur de contenus
6
Inscription
le 29 juillet 2009
Dernière visite
le 31 juillet 2009

Autres informations

Mes langues
Français

Christophe75015's Achievements

Junior Member (3/12)

Réputation sur la communauté

Win32/Rootkit.Agent.ODG cheval de troie impossible de nettoyer

Christophe75015 a répondu à un(e) sujet de Christophe75015 dans Analyses et éradication malwares

Merci encore Falkra, Le pire c'est que j'ai formaté mon Windows XP Pro (de préinstaller, c'est un DELL) pour mettre cette version, certes j'ai gagné en rapidité, mais perdu en compatibilité. Je vais essayer de formater, ou attendre encore un peu la version de Windows 7. En tout cas merci pour tout et bonne journée. PS : Dernière question, est-il dangereux d'effectuer des achats sur le net (site en ligne) sachant que j'ai ce truc sur mon poste??? Merci
- le 31 juillet 2009
- 10 réponses
Win32/Rootkit.Agent.ODG cheval de troie impossible de nettoyer

Christophe75015 a répondu à un(e) sujet de Christophe75015 dans Analyses et éradication malwares

Bonsoir Falkra, désolé mais je suis rentré tard du boulot. Alors tout d'abord je tiens à te remercier encore pour toute l'aide et la patience que tu m'as accordé. Mais j'ai bien peur qu'on en reste là, car ma version de Windows ne me permet pas d'utiliser ton Combofix. Je me m'explique, je posséde un Windows XP TRUST 3.0, une version optimisée mais très corporate... Du coup, au lancement de Combofix voici le message d'erreur que j'obtiens : "OS incompatible, Combofix ne fonctionne que pour Windows 2000 et XP". La mise à jour de mon antivirus n'a rien donnée non plus. Celà sent-il le formatage et la réinstallation de mon O.S préféré??? Merci et bonne soirée.
- le 30 juillet 2009
- 10 réponses
Win32/Rootkit.Agent.ODG cheval de troie impossible de nettoyer

Christophe75015 a répondu à un(e) sujet de Christophe75015 dans Analyses et éradication malwares

Merci de me répondre aussi rapidemment, mais le problème est que je n'ai pas de logs Gmer, une fois le Scan terminé, voici le message que Gmer m'affiche : "Gmer hasn't found any system modification." J'ai beau cliqué sur Copy puis Coller que un bloc-notes, je n'obtiens rien, qu'est ce qui se passe docteur???
- le 30 juillet 2009
- 10 réponses
Win32/Rootkit.Agent.ODG cheval de troie impossible de nettoyer

Christophe75015 a répondu à un(e) sujet de Christophe75015 dans Analyses et éradication malwares

Et voici le rapport GMER : Logfile of random's system information tool 1.06 (written by random/random) Run by MALIK at 2009-07-30 09:02:11 Microsoft Windows XP Professionnel Service Pack 3, v.5755 System drive C: has 5 GB (35%) free of 15 GB Total RAM: 2046 MB (69% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:02:40, on 30/07/2009 Platform: Windows XP SP3, v.5755 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Taskix\Taskix32.exe C:\Program Files\VistaDriveIcon\DrvIcon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\WinRoll\winroll.exe C:\Program Files\LClock\LClock.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe E:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Documents and Settings\MALIK\Bureau\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\MALIK.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing) O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [superCopier2.exe] E:\Program Files\SuperCopier2\SuperCopier2.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Tout télécharger avec FlashGet - E:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - E:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221945683140 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223209880015 O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9820 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Maintenance en 1 clic.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] FGCatchUrl - E:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}] FlashGet GetFlash Class - E:\Program Files\FlashGet\getflash.dll [2007-05-18 163840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {95daa571-4def-4a6d-97d8-98a346672a24} - SYSTRAN Toolbar - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Taskix"=C:\Program Files\Taskix\Taskix32.exe [2008-04-02 124416] "DrvIcon"=C:\Program Files\VistaDriveIcon\DrvIcon.exe [2008-04-13 49152] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824] "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504] "egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WinRoll"=C:\Program Files\WinRoll\winroll.exe [2004-04-07 15360] "LClock"=C:\Program Files\LClock\LClock.exe [2004-09-19 65536] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408] "SuperCopier2.exe"=E:\Program Files\SuperCopier2\SuperCopier2.exe [2005-03-14 1057280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-02-22 217544] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] E:\Program Files\CloneCD\CloneCDTray.exe /s [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe -scheduler [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-07-13 414992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] E:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe [2009-06-01 1059720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MALIK^Menu Démarrer^Programmes^Démarrage^Dragon NaturallySpeaking.lnk] E:\PROGRA~1\Nuance\NATURA~1\Program\natspeak.exe /Quick [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-08-22 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 "NoDesktopCleanupWizard"=1 "NoInstrumentation"=1 "NoResolveSearch"=1 "NoResolveTrack"=1 "NoSMBalloonTip"=1 "NoSMConfigurePrograms"=1 "NoStartMenuMFUprogramsList"=1 "NoStrCmpLogical"=0 "NoWelcomeScreen"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HideRunAsVerb"= "NoDriveTypeAutoRun"= "NoInstrumentation"= "NoResolveTrack"= "NoStartMenuMFUprogramsList"= "HonorAutoRunSetting"= "NoSetActiveDesktop"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0fff82c-8f2c-11dd-b8f1-0018dee273b9}] shell\AutoRun\command - H:\LiberKey\LiberKey.exe shell\Menu1\command - H:\LiberKey\LiberKey.exe ======File associations====== .reg - edit - .reg - open - ======List of files/folders created in the last 1 months====== 2009-07-30 09:02:11 ----D---- C:\rsit 2009-07-30 09:02:11 ----D---- C:\Program Files\trend micro 2009-07-29 09:21:38 ----D---- C:\WINDOWS\Performance 2009-07-28 22:05:39 ----D---- C:\Documents and Settings\MALIK\Application Data\LucasArts 2009-07-28 22:05:23 ----A---- C:\WINDOWS\system32\d3dx10_41.dll 2009-07-28 22:05:23 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll 2009-07-28 22:05:22 ----A---- C:\WINDOWS\system32\XAudio2_4.dll 2009-07-28 22:05:22 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll 2009-07-28 22:05:22 ----A---- C:\WINDOWS\system32\D3DX9_41.dll 2009-07-28 22:05:21 ----A---- C:\WINDOWS\system32\xactengine3_4.dll 2009-07-28 22:05:21 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll 2009-07-28 22:05:21 ----A---- C:\WINDOWS\system32\d3dx10_40.dll 2009-07-28 22:05:21 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll 2009-07-28 22:05:20 ----A---- C:\WINDOWS\system32\XAudio2_3.dll 2009-07-28 22:05:20 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll 2009-07-28 22:05:20 ----A---- C:\WINDOWS\system32\D3DX9_40.dll 2009-07-28 22:05:19 ----A---- C:\WINDOWS\system32\xactengine3_3.dll 2009-07-28 22:05:19 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll 2009-07-28 22:03:31 ----D---- C:\WINDOWS\Logs 2009-07-28 21:57:57 ----D---- C:\WINDOWS\LucasArts 2009-07-27 03:05:25 ----D---- C:\Documents and Settings\MALIK\Application Data\AccurateRip 2009-07-27 01:03:13 ----D---- C:\Program Files\Panda Security 2009-07-25 22:44:31 ----D---- C:\WINDOWS\BDOSCAN8 2009-07-25 18:31:30 ----D---- C:\Program Files\UlisesSoft 2009-07-25 18:23:03 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-07-25 17:42:08 ----D---- C:\Documents and Settings\MALIK\Application Data\Malwarebytes 2009-07-25 17:42:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-07-25 17:42:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-07-24 22:28:51 ----D---- C:\Documents and Settings\All Users\Application Data\13490464 2009-07-24 22:18:03 ----A---- C:\WINDOWS\system32\ztvunrar36.dll 2009-07-24 22:18:03 ----A---- C:\WINDOWS\system32\ztvunace26.dll 2009-07-24 22:18:03 ----A---- C:\WINDOWS\system32\ztvcabinet.dll 2009-07-24 22:18:03 ----A---- C:\WINDOWS\system32\UNRAR3.dll 2009-07-24 22:18:03 ----A---- C:\WINDOWS\system32\unacev2.dll 2009-07-24 22:18:02 ----D---- C:\Documents and Settings\MALIK\Application Data\Simply Super Software 2009-07-24 22:18:02 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2009-07-16 05:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-07-16 05:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-07-16 05:16:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ 2009-07-16 03:32:02 ----D---- C:\WINDOWS\system32\IOSUBSYS 2009-07-16 03:32:01 ----D---- C:\Program Files\Google 2009-07-15 05:33:54 ----D---- C:\Documents and Settings\All Users\Application Data\espionServerData 2009-07-15 05:33:54 ----A---- C:\AdobeDebug.txt 2009-07-15 05:29:37 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet 2009-07-15 05:24:57 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\vxblock.dll 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxwave.dll 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxsfs.dll 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxmas.dll 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxinsi64.exe 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxcpyi64.exe 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\px.dll 2009-07-12 18:02:27 ----D---- C:\Program Files\FLAC 2009-07-12 17:25:37 ----D---- C:\Documents and Settings\MALIK\Application Data\.easytag 2009-07-06 15:15:09 ----D---- C:\Program Files\Adobe Photoshop CS4 FR Portable - Majax31 ======List of files/folders modified in the last 1 months====== 2009-07-30 09:02:13 ----D---- C:\WINDOWS\system32\CatRoot2 2009-07-30 09:02:11 ----D---- C:\Program Files 2009-07-30 09:01:50 ----D---- C:\WINDOWS\Temp 2009-07-30 09:01:50 ----D---- C:\WINDOWS\system32 2009-07-29 21:32:28 ----D---- C:\Program Files\Mozilla Firefox 2009-07-29 21:32:05 ----D---- C:\WINDOWS 2009-07-29 09:56:26 ----D---- C:\WINDOWS\system32\dllcache 2009-07-29 09:56:25 ----D---- C:\Program Files\Internet Explorer 2009-07-29 09:56:17 ----D---- C:\WINDOWS\inf 2009-07-29 09:56:14 ----HD---- C:\WINDOWS\$hf_mig$ 2009-07-29 09:56:08 ----SHD---- C:\WINDOWS\Installer 2009-07-29 09:56:08 ----D---- C:\WINDOWS\WinSxS 2009-07-28 22:05:01 ----D---- C:\WINDOWS\system32\DirectX 2009-07-28 22:03:51 ----D---- C:\WINDOWS\Microsoft.NET 2009-07-27 02:25:02 ----D---- C:\WINDOWS\Prefetch 2009-07-27 01:06:03 ----D---- C:\WINDOWS\system32\drivers 2009-07-25 23:43:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-07-25 23:31:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-07-25 23:02:32 ----D---- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor 2009-07-25 22:44:34 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-07-25 22:33:56 ----SH---- C:\boot.ini 2009-07-25 22:33:56 ----N---- C:\WINDOWS\win.ini 2009-07-25 22:33:56 ----N---- C:\WINDOWS\system.ini 2009-07-24 22:14:43 ----D---- C:\WINDOWS\repair 2009-07-24 21:56:31 ----D---- C:\Documents and Settings\MALIK\Application Data\uTorrent 2009-07-24 17:21:43 ----D---- C:\Program Files\Windows Trust 2009-07-19 18:45:00 ----A---- C:\WINDOWS\system32\ieframe.dll 2009-07-19 15:15:02 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-07-18 05:29:23 ----D---- C:\WINDOWS\Debug 2009-07-15 05:45:38 ----D---- C:\Documents and Settings\MALIK\Application Data\Adobe 2009-07-15 05:25:01 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-07-15 05:24:57 ----D---- C:\Program Files\Fichiers communs 2009-07-14 05:04:43 ----D---- C:\Documents and Settings\MALIK\Application Data\foobar2000 2009-07-09 05:32:57 ----HD---- C:\Program Files\InstallShield Installation Information 2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe 2009-07-06 15:23:28 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\wininet.dll 2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\occache.dll 2009-07-03 18:57:50 ----A---- C:\WINDOWS\system32\urlmon.dll 2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeeds.dll 2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\jsproxy.dll 2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\iertutil.dll 2009-07-03 18:57:44 ----A---- C:\WINDOWS\system32\iepeers.dll 2009-07-03 18:57:41 ----A---- C:\WINDOWS\system32\iedkcs32.dll 2009-07-03 13:01:06 ----A---- C:\WINDOWS\system32\ie4uinit.exe 2009-07-01 21:03:07 ----D---- C:\Program Files\uTorrent ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256] R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-05-14 55768] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-08-22 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-08-22 14720] R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys [] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-09-11 21361] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244] R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys [] R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472] R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-05-14 133000] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544] R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256] R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376] R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496] R3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237] R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427] R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434] R3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285] R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-08-22 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-08-22 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960] R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-08-22 12288] R3 NETw4x32;Pilote de carte Intel® Wireless WiFi Link pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-08-22 79232] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696] S3 alck6oh7;alck6oh7; C:\WINDOWS\system32\drivers\alck6oh7.sys [] S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-08-22 60800] S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568] S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900] S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683] S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-08-22 61824] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 pgfilter;pgfilter; \??\F:\PeerGuardian2\pgfilter.sys [] S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-08-22 11904] S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-08-22 11008] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-08-22 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\MALIK\LOCALS~1\Temp\mc21.tmp [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295] R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-07-13 211216] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328] R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-05-31 604416] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-08-22 14336] R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-08-22 14336] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-15 651720] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-05-31 361216] S4 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S4 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872] S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-08-29 935208] S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 StarWindServiceAE;StarWind AE Service; E:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe [] S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] -----------------EOF-----------------
- le 30 juillet 2009
- 10 réponses
Win32/Rootkit.Agent.ODG cheval de troie impossible de nettoyer

Christophe75015 a répondu à un(e) sujet de Christophe75015 dans Analyses et éradication malwares

Bonjour Falkra, Et encore merci pour ta bienvenue et ton aide, voici donc les rapports comme tu me l'as demandé. Rapport RSIT : info.txt logfile of random's system information tool 1.06 2009-07-30 09:02:42 ======Uninstall list====== -->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe 7-Zip 4.65-->"E:\Program Files\7-Zip\Uninstall.exe" Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Photoshop Elements 7.0-->msiexec /i {CB6075D9-F912-40AE-BEA6-E590DA24F16B} Adobe Reader 9.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001} Apple Mobile Device Support-->MsiExec.exe /I{C7C895CA-331B-4D7D-A0FB-D3BC637949F9} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{612B9183-67A9-4B44-9877-2F059E35B86A} Canon ScanGear Toolbox CS 2.2-->C:\WINDOWS\IsUn040c.exe -f"e:\program files\Canon\ScanGear Toolbox CS\Uninst.isu" -c"e:\program files\Canon\ScanGear Toolbox CS\uninst.dll" CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CDex extraction audio-->"F:\Audio\CDex\uninstall.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf COWON S9 User's Guide-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F41D847E-D635-4A60-B3CB-E08CFB24F1F9}\Setup.exe" -l0x9 DameWare NT Utilities-->MsiExec.exe /I{3FB6C2CA-D6FB-422D-80CB-F0B0A72CD382} Digital Line Detect-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe" -l0x40c ControlPanel Exact Audio Copy 0.99pb5-->E:\Program Files\Exact Audio Copy\uninst.exe FileZilla Client 3.1.1.1-->E:\Program Files\FileZilla FTP Client\uninstall.exe FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe FlashGet 1.9.6.1073-->E:\Program Files\FlashGet\uninst.exe foobar2000 v0.9.6.7-->"E:\Program Files\foobar2000\uninstall.exe" _?=E:\Program Files\foobar2000 Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF} GeekBox-->"C:\Program Files\GeekBox\Désinstaller.exe" GrabIt 1.7.2 Beta 4 (build 997)-->"F:\GrabIt\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall HomePlayer 1.5.6b-->E:\Program Files\HomePlayer\uninst.exe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} iTunes-->MsiExec.exe /I{EA418519-2160-43A0-AABD-6608DDD8D87F} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} K-Lite Mega Codec Pack 4.1.7-->"E:\Program Files\K-Lite Codec Pack\unins000.exe" LClock-->"C:\Program Files\LClock\Désinstaller.exe" LimeWire PRO 5.1.1-->"E:\Program Files\LimeWire\uninstall.exe" Logiciel Intel® PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe LucasArts-->"C:\WINDOWS\LucasArts\uninstall.exe" "/U:E:\Program Files\LucasArts\Uninstall\uninstall.xml" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Marsu-Fix-->C:\WINDOWS\Marsu-Fix Uninstaller.exe mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mio Technology SpeedCam Tool-->E:\PROGRA~1\MIOTEC~1\SPEEDC~1\Setup.exe /remove MioMap v3 Updater-->MsiExec.exe /I{9C6E2ABE-B3E6-49BA-807C-BDFA54496DA5} Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe" mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538} mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB} MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44} mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA} mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A" Nero Move it-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M09-01AC-5TE3-KEU9-177W-C6E0-6KCT-2W4K" neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625} Nokia Flashing Cable Driver-->MsiExec.exe /X{D99C322D-C21B-40C7-AE71-EE51AA096B6E} Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_fre_web.exe Nokia PC Suite-->MsiExec.exe /I{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82} Nokia Software Updater-->MsiExec.exe /X{59367F7E-D7C1-4629-8AEC-71AA24A68F31} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Package de pilotes Windows - Nokia Modem (05/22/2008 3.-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf Package de pilotes Windows - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf Package de pilotes Windows - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16 Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C} PeerGuardian 2.0-->"F:\PeerGuardian2\unins000.exe" Picasa 3-->"E:\Program Files\Picasa3\Uninstall.exe" POI Loader-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9B076678-4FDB-4EFD-A962-E5DF53A08DC5}\Setup.exe" -l0x40c PokerStars-->"E:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars QuickPar 0.9-->E:\Program Files\QuickPar\uninst.exe QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} RegSupreme Pro-->"C:\Program Files\RegSupreme Pro\unins000.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SigmaTel Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly Spybot - Search & Destroy-->"E:\Program Files\Spybot - Search & Destroy\unins000.exe" SuperCopier2-->"E:\Program Files\SuperCopier2\SC2Uninst.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Taskix-->"C:\Program Files\Taskix\Désinstaller.exe" Trojan Remover 6.7.9-->"E:\Program Files\Trojan Remover\unins000.exe" TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357} UltraISO Premium V9.12-->"E:\Program Files\UltraISO\unins000.exe" uTorrent-->"C:\Program Files\uTorrent\Désinstaller.exe" VistaDriveIcon-->"C:\Program Files\VistaDriveIcon\Désinstaller.exe" VLC media player 0.9.2-->E:\Program Files\VLC\uninstall.exe WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679} WinAVI Video Converter 8.0-->"E:\Program Files\WinAVI Video Converter\unins000.exe" Windows 7 Upgrade Advisor Beta-->MsiExec.exe /I{4394DC3A-5DAC-4C80-A86E-FF462D0AD653} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E} Windows Trust Anti-Pub-->"C:\WINDOWS\System32\Drivers\Etc\UnHosts.exe" Windows Trust Installer-->"C:\Program Files\WTInstaller\Désinstaller.exe" WinRAR-->"C:\Program Files\WinRAR\uninstall.exe" WinRoll-->"C:\Program Files\WinRoll\Désinstaller.exe" WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5} Wipe-->C:\PROGRA~1\Wipe\wipe.exe uninstall XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" XtremSplit-->"C:\Program Files\XtremSplit\Désinstaller.exe" ======Hosts File====== 127.0.0.1 localhost 127.0.0.1 mpa.one.microsoft.com 127.0.0.1 rad.msn.com 127.0.0.1 rad.live.com 127.0.0.1 ads1.msn.com 127.0.0.1 adfarm.mediaplex.com 127.0.0.1 101com.com 127.0.0.1 101order.com 127.0.0.1 103bees.com 127.0.0.1 1100i.com Securitycenter WMI appears to be broken ======System event log====== Computer Name: MICROSOF-FF9156 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service pgfilter. Record Number: 11432 Source Name: Service Control Manager Time Written: 20090623185729.000000+120 Event Type: Informations User: MICROSOF-FF9156\MALIK Computer Name: MICROSOF-FF9156 Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Pilote de filtre de trafic IP. Record Number: 11431 Source Name: Service Control Manager Time Written: 20090623185729.000000+120 Event Type: Informations User: MICROSOF-FF9156\MALIK Computer Name: MICROSOF-FF9156 Event Code: 4201 Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{56D4969B-DB7C-43DC-A60F-F6A4C97C6422} était connectée au réseau, et a lancé une opération normale sur la carte réseau. Record Number: 11430 Source Name: Tcpip Time Written: 20090623184131.000000+120 Event Type: Informations User: Computer Name: MICROSOF-FF9156 Event Code: 4201 Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{56D4969B-DB7C-43DC-A60F-F6A4C97C6422} était connectée au réseau, et a lancé une opération normale sur la carte réseau. Record Number: 11429 Source Name: Tcpip Time Written: 20090623184116.000000+120 Event Type: Informations User: Computer Name: MICROSOF-FF9156 Event Code: 4201 Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{56D4969B-DB7C-43DC-A60F-F6A4C97C6422} était connectée au réseau, et a lancé une opération normale sur la carte réseau. Record Number: 11428 Source Name: Tcpip Time Written: 20090623184101.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: MICROSOF-FF9156 Event Code: 0 Message: Record Number: 3647 Source Name: EvtEng Time Written: 20090209192110.000000+060 Event Type: Informations User: Computer Name: MICROSOF-FF9156 Event Code: 0 Message: Record Number: 3646 Source Name: btwdins Time Written: 20090209192110.000000+060 Event Type: Informations User: Computer Name: MICROSOF-FF9156 Event Code: 1000 Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 3645 Source Name: LoadPerf Time Written: 20090208225210.000000+060 Event Type: Informations User: Computer Name: MICROSOF-FF9156 Event Code: 1001 Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été supprimés. Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système et les dernières entrées du registre d'aide. Record Number: 3644 Source Name: LoadPerf Time Written: 20090208225210.000000+060 Event Type: Informations User: Computer Name: MICROSOF-FF9156 Event Code: 101 Message: MsnMsgr (2412) Le moteur de base de données est arrêté. Record Number: 3643 Source Name: ESENT Time Written: 20090208225034.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\GTK\2.0\bin "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0f06 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip "LANG"=fr -----------------EOF----------------- Le 2éme : Logfile of random's system information tool 1.06 (written by random/random) Run by MALIK at 2009-07-30 09:02:11 Microsoft Windows XP Professionnel Service Pack 3, v.5755 System drive C: has 5 GB (35%) free of 15 GB Total RAM: 2046 MB (69% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:02:40, on 30/07/2009 Platform: Windows XP SP3, v.5755 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Taskix\Taskix32.exe C:\Program Files\VistaDriveIcon\DrvIcon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\WinRoll\winroll.exe C:\Program Files\LClock\LClock.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe E:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Documents and Settings\MALIK\Bureau\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\trend micro\MALIK.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing) O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe O4 - HKCU\..\Run: [LClock] "C:\Program Files\LClock\LClock.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [superCopier2.exe] E:\Program Files\SuperCopier2\SuperCopier2.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: &Tout télécharger avec FlashGet - E:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - E:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1221945683140 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1223209880015 O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9820 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Maintenance en 1 clic.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] FGCatchUrl - E:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}] FlashGet GetFlash Class - E:\Program Files\FlashGet\getflash.dll [2007-05-18 163840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {95daa571-4def-4a6d-97d8-98a346672a24} - SYSTRAN Toolbar - C:\WINDOWS\system32\mscoree.dll [2008-07-25 282112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Taskix"=C:\Program Files\Taskix\Taskix32.exe [2008-04-02 124416] "DrvIcon"=C:\Program Files\VistaDriveIcon\DrvIcon.exe [2008-04-13 49152] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824] "SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504] "egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WinRoll"=C:\Program Files\WinRoll\winroll.exe [2004-04-07 15360] "LClock"=C:\Program Files\LClock\LClock.exe [2004-09-19 65536] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408] "SuperCopier2.exe"=E:\Program Files\SuperCopier2\SuperCopier2.exe [2005-03-14 1057280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-02-22 217544] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] E:\Program Files\CloneCD\CloneCDTray.exe /s [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe -scheduler [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe [2008-09-08 289576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-07-13 414992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] E:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-08-11 1124352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] E:\Program Files\Trojan Remover\Trjscan.exe [2009-06-01 1059720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MALIK^Menu Démarrer^Programmes^Démarrage^Dragon NaturallySpeaking.lnk] E:\PROGRA~1\Nuance\NATURA~1\Program\natspeak.exe /Quick [] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-08-22 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 "NoDesktopCleanupWizard"=1 "NoInstrumentation"=1 "NoResolveSearch"=1 "NoResolveTrack"=1 "NoSMBalloonTip"=1 "NoSMConfigurePrograms"=1 "NoStartMenuMFUprogramsList"=1 "NoStrCmpLogical"=0 "NoWelcomeScreen"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HideRunAsVerb"= "NoDriveTypeAutoRun"= "NoInstrumentation"= "NoResolveTrack"= "NoStartMenuMFUprogramsList"= "HonorAutoRunSetting"= "NoSetActiveDesktop"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0fff82c-8f2c-11dd-b8f1-0018dee273b9}] shell\AutoRun\command - H:\LiberKey\LiberKey.exe shell\Menu1\command - H:\LiberKey\LiberKey.exe ======File associations====== .reg - edit - .reg - open - ======List of files/folders created in the last 1 months====== 2009-07-30 09:02:11 ----D---- C:\rsit 2009-07-30 09:02:11 ----D---- C:\Program Files\trend micro 2009-07-29 09:21:38 ----D---- C:\WINDOWS\Performance 2009-07-28 22:05:39 ----D---- C:\Documents and Settings\MALIK\Application Data\LucasArts 2009-07-28 22:05:23 ----A---- C:\WINDOWS\system32\d3dx10_41.dll 2009-07-28 22:05:23 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll 2009-07-28 22:05:22 ----A---- C:\WINDOWS\system32\XAudio2_4.dll 2009-07-28 22:05:22 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll 2009-07-28 22:05:22 ----A---- C:\WINDOWS\system32\D3DX9_41.dll 2009-07-28 22:05:21 ----A---- C:\WINDOWS\system32\xactengine3_4.dll 2009-07-28 22:05:21 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll 2009-07-28 22:05:21 ----A---- C:\WINDOWS\system32\d3dx10_40.dll 2009-07-28 22:05:21 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll 2009-07-28 22:05:20 ----A---- C:\WINDOWS\system32\XAudio2_3.dll 2009-07-28 22:05:20 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll 2009-07-28 22:05:20 ----A---- C:\WINDOWS\system32\D3DX9_40.dll 2009-07-28 22:05:19 ----A---- C:\WINDOWS\system32\xactengine3_3.dll 2009-07-28 22:05:19 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll 2009-07-28 22:03:31 ----D---- C:\WINDOWS\Logs 2009-07-28 21:57:57 ----D---- C:\WINDOWS\LucasArts 2009-07-27 03:05:25 ----D---- C:\Documents and Settings\MALIK\Application Data\AccurateRip 2009-07-27 01:03:13 ----D---- C:\Program Files\Panda Security 2009-07-25 22:44:31 ----D---- C:\WINDOWS\BDOSCAN8 2009-07-25 18:31:30 ----D---- C:\Program Files\UlisesSoft 2009-07-25 18:23:03 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-07-25 17:42:08 ----D---- C:\Documents and Settings\MALIK\Application Data\Malwarebytes 2009-07-25 17:42:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-07-25 17:42:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-07-24 22:28:51 ----D---- C:\Documents and Settings\All Users\Application Data\13490464 2009-07-24 22:18:03 ----A---- C:\WINDOWS\system32\ztvunrar36.dll 2009-07-24 22:18:03 ----A---- C:\WINDOWS\system32\ztvunace26.dll 2009-07-24 22:18:03 ----A---- C:\WINDOWS\system32\ztvcabinet.dll 2009-07-24 22:18:03 ----A---- C:\WINDOWS\system32\UNRAR3.dll 2009-07-24 22:18:03 ----A---- C:\WINDOWS\system32\unacev2.dll 2009-07-24 22:18:02 ----D---- C:\Documents and Settings\MALIK\Application Data\Simply Super Software 2009-07-24 22:18:02 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2009-07-16 05:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-07-16 05:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-07-16 05:16:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ 2009-07-16 03:32:02 ----D---- C:\WINDOWS\system32\IOSUBSYS 2009-07-16 03:32:01 ----D---- C:\Program Files\Google 2009-07-15 05:33:54 ----D---- C:\Documents and Settings\All Users\Application Data\espionServerData 2009-07-15 05:33:54 ----A---- C:\AdobeDebug.txt 2009-07-15 05:29:37 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet 2009-07-15 05:24:57 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\vxblock.dll 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxwave.dll 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxsfs.dll 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxmas.dll 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxinsi64.exe 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxcpyi64.exe 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-07-15 05:23:12 ----N---- C:\WINDOWS\system32\px.dll 2009-07-12 18:02:27 ----D---- C:\Program Files\FLAC 2009-07-12 17:25:37 ----D---- C:\Documents and Settings\MALIK\Application Data\.easytag 2009-07-06 15:15:09 ----D---- C:\Program Files\Adobe Photoshop CS4 FR Portable - Majax31 ======List of files/folders modified in the last 1 months====== 2009-07-30 09:02:13 ----D---- C:\WINDOWS\system32\CatRoot2 2009-07-30 09:02:11 ----D---- C:\Program Files 2009-07-30 09:01:50 ----D---- C:\WINDOWS\Temp 2009-07-30 09:01:50 ----D---- C:\WINDOWS\system32 2009-07-29 21:32:28 ----D---- C:\Program Files\Mozilla Firefox 2009-07-29 21:32:05 ----D---- C:\WINDOWS 2009-07-29 09:56:26 ----D---- C:\WINDOWS\system32\dllcache 2009-07-29 09:56:25 ----D---- C:\Program Files\Internet Explorer 2009-07-29 09:56:17 ----D---- C:\WINDOWS\inf 2009-07-29 09:56:14 ----HD---- C:\WINDOWS\$hf_mig$ 2009-07-29 09:56:08 ----SHD---- C:\WINDOWS\Installer 2009-07-29 09:56:08 ----D---- C:\WINDOWS\WinSxS 2009-07-28 22:05:01 ----D---- C:\WINDOWS\system32\DirectX 2009-07-28 22:03:51 ----D---- C:\WINDOWS\Microsoft.NET 2009-07-27 02:25:02 ----D---- C:\WINDOWS\Prefetch 2009-07-27 01:06:03 ----D---- C:\WINDOWS\system32\drivers 2009-07-25 23:43:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-07-25 23:31:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-07-25 23:02:32 ----D---- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor 2009-07-25 22:44:34 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-07-25 22:33:56 ----SH---- C:\boot.ini 2009-07-25 22:33:56 ----N---- C:\WINDOWS\win.ini 2009-07-25 22:33:56 ----N---- C:\WINDOWS\system.ini 2009-07-24 22:14:43 ----D---- C:\WINDOWS\repair 2009-07-24 21:56:31 ----D---- C:\Documents and Settings\MALIK\Application Data\uTorrent 2009-07-24 17:21:43 ----D---- C:\Program Files\Windows Trust 2009-07-19 18:45:00 ----A---- C:\WINDOWS\system32\ieframe.dll 2009-07-19 15:15:02 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-07-18 05:29:23 ----D---- C:\WINDOWS\Debug 2009-07-15 05:45:38 ----D---- C:\Documents and Settings\MALIK\Application Data\Adobe 2009-07-15 05:25:01 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-07-15 05:24:57 ----D---- C:\Program Files\Fichiers communs 2009-07-14 05:04:43 ----D---- C:\Documents and Settings\MALIK\Application Data\foobar2000 2009-07-09 05:32:57 ----HD---- C:\Program Files\InstallShield Installation Information 2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe 2009-07-06 15:23:28 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\wininet.dll 2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\occache.dll 2009-07-03 18:57:50 ----A---- C:\WINDOWS\system32\urlmon.dll 2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeeds.dll 2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\jsproxy.dll 2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\iertutil.dll 2009-07-03 18:57:44 ----A---- C:\WINDOWS\system32\iepeers.dll 2009-07-03 18:57:41 ----A---- C:\WINDOWS\system32\iedkcs32.dll 2009-07-03 13:01:06 ----A---- C:\WINDOWS\system32\ie4uinit.exe 2009-07-01 21:03:07 ----D---- C:\Program Files\uTorrent ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256] R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-05-14 55768] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-08-22 40576] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-08-22 14720] R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys [] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-09-11 21361] R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244] R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys [] R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472] R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-05-14 133000] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544] R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2006-11-15 32256] R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2006-11-14 43520] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376] R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496] R3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237] R3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427] R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434] R3 btwmodem;Modem Bluetooth; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285] R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-08-22 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-08-22 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960] R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-08-22 12288] R3 NETw4x32;Pilote de carte Intel® Wireless WiFi Link pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-08-22 79232] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696] S3 alck6oh7;alck6oh7; C:\WINDOWS\system32\drivers\alck6oh7.sys [] S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-08-22 60800] S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568] S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900] S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683] S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-08-22 61824] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016] S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 pgfilter;pgfilter; \??\F:\PeerGuardian2\pgfilter.sys [] S3 sffdisk;Pilote de classe de stockage SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-08-22 11904] S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-08-22 11008] S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS [] S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-05 36864] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112] S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2008-08-22 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\MALIK\LOCALS~1\Temp\mc21.tmp [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; E:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-05 116040] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295] R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-07-13 211216] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328] R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-05-31 604416] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-08-22 14336] R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-10-08 356352] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-08-22 14336] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-15 651720] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-05-31 361216] S4 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S4 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-08 536872] S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [2008-08-29 935208] S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 StarWindServiceAE;StarWind AE Service; E:\Program Files\Alcohol 120\StarWind\StarWindServiceAE.exe [] S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] -----------------EOF-----------------
- le 30 juillet 2009
- 10 réponses
Win32/Rootkit.Agent.ODG cheval de troie impossible de nettoyer

Christophe75015 a posté un sujet dans Analyses et éradication malwares

Bonsoir, J'ai vraiment besoin de votre aide, depuis peu mon poste est infecté par un virus (rootkit ou trojan) et je n'arrive pas à m'en débarrassé. C'est en téléchargeant une archive auto-extractable (winrar en sfx.exe) sur un site douteux que le problème est apparu. Voici donc le message d'erreur de mon antivirus (ESET NOD32 Smart Security 4.0437.0) que j'ai en démarrant mon PC : "Analyseur au démarrage mémoire vive Mémoire vive Win32/Rootkit.Agent.ODG cheval de troie impossible de nettoyer" J'ai déjà fait pas mal de ménage car au démarrage j'avais des écrans de warning qui apparaissaient de je ne sais pas quel logiciel spyware, puis maintenant il me reste que celà, mais impossible de l'éliminer. Déjà fait sur mon poste : Spybot, Malwarebytes, Trojan Remover, Analyse NOD32, Analyse en ligne avec Panda, Bitdefender, Kaspersky... Mais le rootkit est toujours présent. De l'aide SVP. Merci et bonne soirée.
- le 29 juillet 2009
- 10 réponses

Connexion

Christophe75015

Compteur de contenus

Inscription

Dernière visite

Autres informations

Christophe75015's Achievements

Junior Member (3/12)

Réputation sur la communauté

Win32/Rootkit.Agent.ODG cheval de troie impossible de nettoyer

Win32/Rootkit.Agent.ODG cheval de troie impossible de nettoyer

Win32/Rootkit.Agent.ODG cheval de troie impossible de nettoyer

Win32/Rootkit.Agent.ODG cheval de troie impossible de nettoyer

Win32/Rootkit.Agent.ODG cheval de troie impossible de nettoyer

Win32/Rootkit.Agent.ODG cheval de troie impossible de nettoyer

Zebulon

Outils en ligne

Naviguer