Problème trojan et pare-feu

[Falkra]

Je veux dire qu'il faut avoir un firewall pour protéger la machine, donc il est préférable de faire vite (même si celui de windows prend le relais), une fois le premier désinstallé, pour installer le second.

 

D'où me demande pour un rapport DSS au cas où il resterait une saleté.

[acc68]

Désolé je répondais à Greywolf en fait. Pendant que j'utilise DSS, est-ce-que je peux couper la connection Internet? ça m'évitera de me choper encore une saleté, ou es-ce-que c'est indispensable d'être connecté?

En ce qui concerne les anti-malwares, est-ce-que celui de Comodo est suffisant?

merci encore pour tous ces conseils. Je t'envoie le rapport DSS dès que possible.

[Falkra]

Tu peux utiliser DSS sans connexion internet a priori, en tout cas ça ne cassera rien.

[acc68]

Voici les différents rapports : celui de main.txt :

Deckard's System Scanner v20071014.68

Run by SEBASTIEN on 2008-08-15 15:07:14

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- Last 5 Restore Point(s) --

8: 2008-08-15 12:50:52 UTC - RP243 - Windows Update

7: 2008-08-15 10:12:00 UTC - RP242 - Installation du package de pilote logiciel : COMODO Service réseau

6: 2008-08-14 12:00:46 UTC - RP241 - Removed Java 6 Update 7

5: 2008-08-13 21:28:21 UTC - RP240 - Windows Update

4: 2008-08-13 21:12:55 UTC - RP239 - Installation du package de pilote logiciel : Zone Labs, a Check Point company Service réseau

 

 

-- First Restore Point --

1: 2008-08-12 20:57:24 UTC - RP236 - Installed BitDefender Free Edition v10

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis (run as SEBASTIEN.exe) -------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:10:18, on 15/08/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\avmwlanstick\FRITZWLANMini.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\ICQ6\ICQ.exe

C:\Users\SEBASTIEN\Program Files\DNA\btdna.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Users\SEBASTIEN\Desktop\dss.exe

C:\Windows\system32\conime.exe

C:\Users\SEBAST~1\Desktop\SEBASTIEN.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

R3 - URLSearchHook: (no name) - - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [iCQ] "C:\Program Files\ICQ6\ICQ.exe" silent

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\SEBASTIEN\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: OFFICE One Startup v7.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O13 - Gopher Prefix:

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/...NPUpldfr-fr.cab

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Program Files\Common Files\AVM\de_serv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 8214 bytes

 

-- File Associations -----------------------------------------------------------

 

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

All drivers whitelisted.

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 ASLDRService (ASLDR Service) - c:\program files\atk hotkey\asldrsrv.exe <Not Verified; ; ADSMSrv>

R2 Bonjour Service (Service Bonjour) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

 

S3 de_serv (AVM FRITZ!web Routing Service) - c:\program files\common files\avm\de_serv.exe (file missing)

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2008-08-15 15:00:05 348 --a------ C:\Windows\Tasks\Recovery DVD Creator.job

2008-08-15 15:00:05 348 --a------ C:\Windows\Tasks\Extension de garantie.job

2008-08-08 20:00:01 532 --a------ C:\Windows\Tasks\Norton Internet Security - Analyse système complète - SEBASTIEN.job

2007-11-20 18:37:07 262 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job

2007-10-08 09:00:00 282 --a------ C:\Windows\Tasks\PBRegbk.job

2007-09-01 13:00:00 282 --a------ C:\Windows\Tasks\PBReg.job

 

 

-- Files created between 2008-07-15 and 2008-08-15 -----------------------------

 

2008-08-15 12:10:17 0 d-------- C:\Users\All Users\comodo

2008-08-15 12:10:17 0 d-------- C:\Program Files\COMODO

2008-08-13 22:14:56 4212 ---h----- C:\Windows\system32\zllictbl.dat

2008-08-13 19:39:17 68096 --a------ C:\Windows\zip.exe

2008-08-13 19:39:17 49152 --a------ C:\Windows\VFind.exe

2008-08-13 19:39:17 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>

2008-08-13 19:39:17 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>

2008-08-13 19:39:17 98816 --a------ C:\Windows\sed.exe

2008-08-13 19:39:17 80412 --a------ C:\Windows\grep.exe

2008-08-13 19:39:17 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >

2008-08-13 19:39:01 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>

2008-08-13 15:38:31 0 d-------- C:\Program Files\Trend Micro

2008-08-12 23:04:01 81984 --a------ C:\Windows\system32\bdod.bin

2008-08-12 22:58:12 0 d-------- C:\Users\All Users\BitDefender

2008-08-12 16:15:34 0 d-------- C:\Program Files\Panda Security

2008-08-12 14:36:12 0 d-------- C:\Program Files\Apple Software Update

2008-08-12 14:34:58 0 d-------- C:\Program Files\iPod

2008-08-12 14:34:53 0 d-------- C:\Program Files\iTunes

2008-08-12 14:32:23 0 d-------- C:\Program Files\QuickTime

2008-08-12 14:11:58 0 d-------- C:\Program Files\Safari

2008-08-12 13:42:46 0 d-a------ C:\Users\All Users\TEMP

2008-08-11 12:38:48 0 d-------- C:\Program Files\Common Files\Adobe

2008-08-09 15:02:13 0 d-------- C:\Users\SEBASTIEN\Indiana Jones et le Royaume du Crâne de Cristal 4 FRENCH Xvid-cam -2008-

2008-08-08 22:28:16 0 d-------- C:\Users\SEBASTIEN\Program Files

2008-08-08 20:11:32 0 d-------- C:\Program Files\DNA

2008-08-08 20:11:31 0 d-------- C:\Program Files\BitTorrent

2008-07-28 20:58:09 0 d-------- C:\Program Files\Common Files\Scanner

2008-07-28 20:58:03 0 d-------- C:\Program Files\CA Yahoo! Anti-Spy

2008-07-26 20:59:50 0 d-------- C:\Program Files\OpenOffice.org 2.4

2008-07-18 12:48:44 0 d-------- C:\Users\All Users\CanonIJPLM

2008-07-18 12:38:30 0 d-------- C:\Users\All Users\ScanSoft

2008-07-18 12:38:29 0 d-------- C:\Program Files\Common Files\ScanSoft Shared

2008-07-18 12:37:52 0 d-------- C:\Program Files\ScanSoft

2008-07-18 12:32:38 0 d--h----- C:\Users\All Users\CanonBJ

2008-07-18 12:31:13 0 d--h----- C:\Windows\system32\CanonIJ Uninstaller Information

2008-07-18 12:28:37 0 d--h----- C:\Program Files\CanonBJ

2008-07-18 12:26:47 0 d-------- C:\Program Files\Canon

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-08-15 15:10:28 0 d-------- C:\Users\SEBASTIEN\AppData\Roaming\DNA

2008-08-15 14:30:28 0 d-------- C:\Users\SEBASTIEN\AppData\Roaming\OpenOffice.org2

2008-08-15 12:10:18 0 d-------- C:\Users\SEBASTIEN\AppData\Roaming\Comodo

2008-08-15 12:07:03 0 d-------- C:\Users\SEBASTIEN\AppData\Roaming\BitTorrent

2008-08-14 22:57:17 0 d-------- C:\Program Files\Common Files\Symantec Shared

2008-08-14 12:42:27 0 d-------- C:\Program Files\DivX

2008-08-13 23:29:39 0 d-------- C:\Program Files\Windows Mail

2008-08-13 19:42:07 0 d-------- C:\Program Files\Common Files

2008-08-13 15:49:38 0 d-------- C:\Program Files\Windows Live Toolbar

2008-08-13 15:49:38 0 d-------- C:\Program Files\Google

2008-08-13 13:14:38 678956 --a------ C:\Windows\system32\perfh00C.dat

2008-08-13 13:14:38 128004 --a------ C:\Windows\system32\perfc00C.dat

2008-08-12 23:10:13 0 d-------- C:\Users\SEBASTIEN\AppData\Roaming\Bitdefender

2008-08-12 14:38:24 0 d-------- C:\Users\SEBASTIEN\AppData\Roaming\Apple Computer

2008-08-11 14:07:48 2092 --a------ C:\Users\SEBASTIEN\AppData\Roaming\wklnhst.dat

2008-07-27 16:33:48 0 d-------- C:\Program Files\OFFICE One v7

2008-07-27 16:33:48 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-07-26 20:59:05 0 d-------- C:\Program Files\Java

2008-07-22 09:21:43 0 d-------- C:\Users\SEBASTIEN\AppData\Roaming\Canon

2008-07-18 12:38:50 0 d-------- C:\Users\SEBASTIEN\AppData\Roaming\ScanSoft

2008-07-09 17:42:34 0 d-------- C:\Users\SEBASTIEN\AppData\Roaming\OFFICE One v7

2008-07-02 23:13:43 174 --ahs---- C:\Program Files\desktop.ini

2008-07-02 22:58:36 0 d-------- C:\Program Files\Windows Sidebar

2008-07-02 22:58:36 0 d-------- C:\Program Files\Windows Calendar

2008-07-02 22:58:36 0 d-------- C:\Program Files\Movie Maker

2008-07-02 22:58:33 0 d-------- C:\Program Files\Windows Collaboration

2008-07-02 22:58:31 0 d-------- C:\Program Files\Windows Journal

2008-07-02 22:58:30 0 d-------- C:\Program Files\Windows Photo Gallery

2008-07-02 22:58:23 0 d-------- C:\Program Files\Windows Defender

2008-07-02 14:13:21 0 d-------- C:\Users\SEBASTIEN\AppData\Roaming\ICQ

2008-07-02 13:40:30 0 d-------- C:\Program Files\ICQ6

2008-07-02 13:38:36 0 d-------- C:\Program Files\ICQ6Toolbar

2008-07-01 19:25:38 0 d-------- C:\Program Files\Neuf

2008-07-01 19:09:16 0 d-------- C:\Program Files\Packard Bell

2008-06-24 16:02:35 1947 --a------ C:\Windows\BricoPackFoldersDelete.cmd

2008-06-24 16:02:34 34585 --a------ C:\Windows\BricoPackUninst.cmd

2008-06-24 12:47:00 0 d-------- C:\Program Files\Common Files\Nullsoft

2008-06-19 13:30:17 0 d-------- C:\Program Files\Picasa2

2008-06-18 23:49:25 0 d-------- C:\Users\SEBASTIEN\AppData\Roaming\dvdcss

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [20/02/2007 18:20]

"AVMWlanClient"="C:\Program Files\avmwlanstick\FRITZWLANMini.exe" [21/04/2006 05:47]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]

"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25/10/2006 09:03]

"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [04/02/2007 12:02]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [22/07/2008 20:42]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/07/2008 10:47]

"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [02/04/2007 16:48]

"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [26/03/2007 15:49]

"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [15/08/2008 12:10]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 09:33]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35]

"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [23/10/2006 16:49]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 09:33]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [19/10/2007 01:34]

"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [18/05/2008 18:30]

"BitTorrent DNA"="C:\Users\SEBASTIEN\Program Files\DNA\btdna.exe" [08/08/2008 22:28]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

 

C:\Users\SEBASTIEN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [21/01/2008 16:41:28]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

OFFICE One Startup v7.lnk - C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [24/05/2007 23:20:54]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

"EnableUIADesktopToggle"=0 (0x0)

"DisableRegistryTools"=0 (0x0)

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=0 (0x0)

"HideStartupScripts"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"= C:\Windows\system32\guard32.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49c60b66-86a1-11dc-a9ae-00038a000015}]

AutoRun\command- E:\pushinst.exe

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]

msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

 

 

 

-- Hosts -----------------------------------------------------------------------

 

127.0.0.1 .supercocklol.com

127.0.0.1 www..webloyalty.com

127.0.0.1 007guard.com

127.0.0.1 www.007guard.com

127.0.0.1 008i.com

127.0.0.1 008k.com

127.0.0.1 www.008k.com

127.0.0.1 00hq.com

127.0.0.1 www.00hq.com

127.0.0.1 010402.com

 

8118 more entries in hosts file.

 

 

-- End of Deckard's System Scanner: finished at 2008-08-15 15:12:48 ------------

 

Celui de extra.txt :

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

 

-- System Information ----------------------------------------------------------

 

Microsoft® Windows Vista™ Édition Familiale Premium (build 6001) SP 1.0

Architecture: X86; Language: French

 

CPU 0: Genuine Intel® CPU T2080 @ 1.73GHz

Percentage of Memory in Use: 45%

Physical Memory (total/avail): 1790.54 MiB / 977.15 MiB

Pagefile Memory (total/avail): 3826.64 MiB / 2849.73 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1875.07 MiB

 

C: is Fixed (NTFS) - 141.04 GiB total, 50.04 GiB free.

D: is CDROM (No Media)

 

\\.\PHYSICALDRIVE0 - ST9160821AS ATA Device - 149.05 GiB - 2 partitions

\PARTITION0 - Unknown - 8.01 GiB

\PARTITION1 (bootable) - Système de fichiers installable - 141.04 GiB - C:

 

 

 

-- Security Center -------------------------------------------------------------

 

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

 

FW: COMODO Firewall Pro v3.0 (COMODO)

AV: Bitdefender Antivirus v8.0 (Softwin)

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"

 

 

-- Environment Variables -------------------------------------------------------

 

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\SEBASTIEN\AppData\Roaming

CLASSPATH=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=PC-DE-SEBASTIEN

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\SEBASTIEN

LOCALAPPDATA=C:\Users\SEBASTIEN\AppData\Local

LOGONSERVER=\\PC-DE-SEBASTIEN

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Satsuki Decoder Pack\filtres\divers

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel

PROCESSOR_LEVEL=6

PROCESSOR_REVISION=0e0c

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

QTJAVA=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\SEBAST~1\AppData\Local\Temp

TMP=C:\Users\SEBAST~1\AppData\Local\Temp

USERDOMAIN=PC-de-SEBASTIEN

USERNAME=SEBASTIEN

USERPROFILE=C:\Users\SEBASTIEN

windir=C:\Windows

 

 

-- User Profiles ---------------------------------------------------------------

 

SEBASTIEN

 

 

-- Add/Remove Programs ---------------------------------------------------------

 

--> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}

--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}

--> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}

--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

--> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

--> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

--> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}

--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\UninstFl.exe -q

Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*

Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}

Adobe Reader 8.1.2 Security Update 1 (KB403742) -->

Adobe Shockwave Player --> MsiExec.exe /X{A7DB362E-16DC-4E29-8A34-E74381E00B5B}

AOL - Assistant de désinstallation --> C:\Program Files\Common Files\AOL\uninstaller.exe

AOL 9.0 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AOL*

Apple Mobile Device Support --> MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}

Apple Software Update --> MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe

Atheros Driver Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x40c -removeonly

ATK Hotkey --> C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\Setup.exe -runfromtemp -l0x0009 -removeonly

AVM FRITZ!Box Dokumentation --> C:\Program Files\FRITZ!Box\install.exe -d

AVM FRITZ!Box Druckeranschluss --> C:\Program Files\FRITZ!BoxPrint\install.exe -d

Bison 11/28/2006,6.32.03.002 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CMOS*

BitDefender Free Edition v10 --> MsiExec.exe /I{CEFC581D-BEAE-4F75-989E-BD931970D8AD}

BitTorrent --> C:\Program Files\BitTorrent\uninst.exe

Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}

Browser Address Error Redirector --> regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"

CA Yahoo! Anti-Spy (remove only) --> "C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"

Canon MP Navigator 3.1 --> "C:\Program Files\Canon\MP Navigator 3.1\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.1\uninst.ini

Canon MP140 series --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series /L0x000c

Canon Utilities Easy-LayoutPrint --> C:\Program Files\Canon\Easy-LayoutPrint\uninst.exe uninst.ini

Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini

Ciel Devis Factures 6.0 --> MsiExec.exe /I{F29DDAD0-447D-4BDB-80CB-4276B4D5C9A7}

COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u

Creator 9 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9*

DNA --> "C:\Users\SEBASTIEN\Program Files\DNA\btdna.exe" /UNINSTALL

Enregistrement utilisateur de Canon MP140 series --> C:\Program Files\Canon\IJEREG\MP140 series\UNINST.EXE

ffdshow --> "C:\Program Files\Satsuki Decoder Pack\filtres\ffds\uninstall.exe"

Firefox --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *FirefoxFR*

Flash Player 9 Internet Explorer --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer*

Google BAE --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*

Google Earth --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GOOGLE_EARTH*

Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

GoogleToolbar --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleToolbar*

Haali Media Splitter --> "C:\Program Files\Satsuki Decoder Pack\filtres\haali\uninstall.exe"

HDReg France --> MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712}

HijackThis 2.0.2 --> "C:\Users\SEBAST~1\Desktop\HijackThis.exe" /uninstall

ICQ Toolbar --> C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe

ICQ6 --> "C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly

Infocentre Rev. 2.0 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*

iTunes --> MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}

Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}

Java 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Metaboli --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI*

Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Works --> MsiExec.exe /I{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}

Microsoft Works 8.5 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *MSWorks85*

Mozilla Firefox (2.0.0.16) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

Neuf - Kit de connexion --> C:\Program Files\Neuf\Kit\uninstall.exe

NIS2007 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *NIS2007_FR*

Office One --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *OFFICE*

OFFICE One 150 Templates v7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA147801-8946-4BBE-BE17-A2199CE52C81}\setup.exe" -l0x40c -removeonly

OFFICE One ClipArt v7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8F3555E-B918-445E-97D1-BC4861C4EF59}\setup.exe" -l0x40c -removeonly

OFFICE One Fonts v7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC0C788C-7C68-47A9-BFBF-0DF7B205B4CC}\setup.exe" -l0x40c -removeonly

OFFICE One License v7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1A7B28B-AA31-442C-A4FA-598B65A7F5DA}\setup.exe" -l0x40c -removeonly

OFFICE One Menu v7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85C5827E-106F-4497-8066-B7CFEBBEA91D}\setup.exe" -l0x40c -removeonly

OFFICE One Safety-Box v7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B243ABE9-57C2-4B97-BA6B-37DF6C0208ED}\setup.exe" -l0x40c -removeonly

OFFICE One Startup v7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FEC30F06-A382-47D1-B828-859AC641EB1D}\setup.exe" -l0x40c -removeonly

OpenOffice.org 2.4 --> MsiExec.exe /I{A122962F-331A-4C2E-93DB-AD92D8A4FB14}

Packard Bell - Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"

Packard Bell ImageWriter --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*

Packard Bell LCD Test --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*

Packard Bell Updator --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*

Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"

PIXMA Extended Survey Program --> C:\Program Files\Canon\IJPLM\SETUP.EXE -R

QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}

Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x040c -removeonly

Realtek High Definition Audio Driver --> RtlUpd.exe -r -m

Roxio Creator 9 LE --> MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}

RTC Client API v1.2 --> MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}

Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}

Satsuki Decoder Pack --> C:\Program Files\Satsuki Decoder Pack\Uninstall.exe

ScanSoft OmniPage SE 4 --> MsiExec.exe /X{DEE88727-779B-47A9-ACEF-F87CA5F92A65}

SetUp My PC --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR*

Shockwave player 10 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Shockwave*

Skype 2.5.2.151 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

USB2.0 350K WebCam --> Rundll32.exe BisonRem.dll,WinMainRmv

Video ATI v8.332 --> "C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *VIDEO_RIO*

VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe

Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}

Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}

Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}

 

 

-- Application Event Log -------------------------------------------------------

 

Event Record #/Type25179 / Success

Event Submitted/Written: 08/15/2008 02:30:09 PM

Event ID/Source: 902 / Software Licensing Service

Event Description:

Le service de gestion des licences du logiciel a démarré.

 

Event Record #/Type25175 / Success

Event Submitted/Written: 08/15/2008 02:30:08 PM

Event ID/Source: 5617 / WinMgmt

Event Description:

 

 

Event Record #/Type25173 / Success

Event Submitted/Written: 08/15/2008 02:30:07 PM

Event ID/Source: 5615 / WinMgmt

Event Description:

 

 

Event Record #/Type25161 / Warning

Event Submitted/Written: 08/15/2008 02:23:10 PM

Event ID/Source: 1530 / profsvc

Event Description:

Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

 

DÉTAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-4157650894-4183939300-1379082965-1002_Classes:

Process 960 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4157650894-4183939300-1379082965-1002_CLASSES

 

Event Record #/Type25160 / Warning

Event Submitted/Written: 08/15/2008 02:23:09 PM

Event ID/Source: 1530 / profsvc

Event Description:

Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

 

DÉTAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-4157650894-4183939300-1379082965-1002:

Process 960 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4157650894-4183939300-1379082965-1002

 

 

 

-- Security Event Log ----------------------------------------------------------

 

No Errors/Warnings found.

 

 

-- System Event Log ------------------------------------------------------------

 

Event Record #/Type115248 / Warning

Event Submitted/Written: 08/15/2008 03:03:00 PM

Event ID/Source: 4226 / Tcpip

Event Description:

TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

 

Event Record #/Type115244 / Error

Event Submitted/Written: 08/15/2008 02:53:57 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

BDRsDrv%%2

 

Event Record #/Type115243 / Error

Event Submitted/Written: 08/15/2008 02:53:57 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

BDFsDrv%%2

 

Event Record #/Type115242 / Error

Event Submitted/Written: 08/15/2008 02:53:57 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

bdfdll%%2

 

Event Record #/Type115212 / Error

Event Submitted/Written: 08/15/2008 02:31:34 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

BDRsDrv%%2

 

 

 

-- End of Deckard's System Scanner: finished at 2008-08-15 15:12:48 ------------

 

et enfin celui de HijackThis : (bon courage pour la lecture, je t'admire pour ça)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:10:18, on 15/08/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\avmwlanstick\FRITZWLANMini.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\ICQ6\ICQ.exe

C:\Users\SEBASTIEN\Program Files\DNA\btdna.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Users\SEBASTIEN\Desktop\dss.exe

C:\Windows\system32\conime.exe

C:\Users\SEBAST~1\Desktop\SEBASTIEN.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

R3 - URLSearchHook: (no name) - - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [iCQ] "C:\Program Files\ICQ6\ICQ.exe" silent

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\SEBASTIEN\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: OFFICE One Startup v7.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O13 - Gopher Prefix:

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/...NPUpldfr-fr.cab

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Program Files\Common Files\AVM\de_serv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

 

--

End of file - 8214 bytes

 

J'espère que cette fois-çi tout est ok.

[Falkra]

Je ne vois pas de bestiole, le problème vient probablement d'un réglage du firewall.

Au passage, tu peux désinstaller CA Yahoo! Anti-Spy, ce n'est pas très efficace comme engin.

 

Ca se passe bien, avec Comodo ? Il y a toujours des choses à configurer au début, mais après ça va tout seul en principe.

[acc68]

Tant mieux qu'il n'y a pas de bestioles! ben oui écoute pour l'instant tout se passe bien avec Comodo. Est-ce-que c'est suffisant de laisser le niveau de sécurité en Safe Mode? ou est-ce-qu'il vaut mieux mettre plus?

L'anti-malware intégré est bien ou est-ce-que je devrais en prendre un autre?

En tout cas je te remercie pour la énième fois mais je trouve que tu le mérites! merci encore, à l'avenir je serais plus prudent et je me renseignerais avant d'installer des logiciels sur mon PC.

[Greywolf]

conime.exe => tu utilises des caractères asiatiques dans ton windows?

 

btdna.exe => service bittorrent en cours d'utilisation

 

quel est ton mode de connexion: direct à internet ou via une box?

 

quelles sont les caractéristiques des connexions entrantes bloquées par le firewall (protocole, port source, destination)?

 

changer de firewall ne changera pas le fait d'avoir des sollicitations de l'extérieur; tout au plus, le nouveau firewall fera son boulot de manière silencieuse...

[Falkra]

De rien, ça fait plaisir.

 

Il vaut mieux utiliser les antimalwares spécialisés, celui qui est là n'est pas forcément mauvais, mais autant laisser ce type de tâches à des programmes conçus uniquement dans cette optique. (note que d'ordinaire et chez ZA par exemple, ces fonctions sont payantes) ^^

 

Si ce n'est pas fait, tu peux désinstaller combofix : entre combofix /u dans la boite exécuter du menu démarrer.

Après cela, efface ce dossier s'il existe encore.

C:\QooBox

 

Il faut bien garder ton système et les logiciels à jour, bien sûr avec Windows updates, mais les logiciels sont à ne pas oublier.

PSI de Secunia peut t'y aider (même parfois il en voit trop). https://psi.secunia.com/

JavaRa peut t'y aider pour Java : http://raproducts.org/ et permet de désinstaller les vieilles versions directement par son interface.

[acc68]

Pour te répondre Greywolf, je n'utilise pas de caractères asiatiques, des caractères allemands parfois, donc je sais pas si ca peut être cà?

btdna est le serveur de bittorrent qui est en cours, et je me demande si je ne vais pas le supprimer, car les attaques peuvent venir de là, je suppose?

je suis connecté à partir d'une box.

Après pour le reste tu m'en demandes un peu trop, je n'y connais vraiment rien (au moins je le reconnais)

Selon toi que devrais-je faire? merci

[Greywolf]

tu es derrière une box et tu as des demandes de connexion entrantes à partir de l'extérieur?

 

rends toi sur l'interface de ta box et désactive toutes les règles de redirection de port, DMZ, UPnP qui exposent inutilement ton PC.