trojan spy win32 greenscreen et bankfraud

sonnynice · le 8 septembre 2008

Comme l'indique mon titre je suis infecté par ces deux trojans. J'ai besoin d'aide svp

Merci d'avance

Thanos · le 8 septembre 2008

Salut et bienvenue

Poste stp le rapport suivant >>

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

sonnynice · le 8 septembre 2008

Logfile of random's system information tool (written by random/random)

Run by bilou at 2008-09-08 21:34:16

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1

System drive C: has 62 GB (40%) free of 153 GB

Total RAM: 2047 MB (55% free)

Scheduled tasks folder

C:\Windows\tasks\GoogleUpdateTaskUser.job

C:\Windows\tasks\Norton Security Scan.job

C:\Windows\tasks\RegCure Program Check.job

C:\Windows\tasks\RegCure.job

C:\Windows\tasks\User_Feed_Synchronization-{17FB5E8F-73A2-421D-8541-340691D3C430}.job

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-13 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}]

VMN Toolbar - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-08-21 1895896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]

IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-03-13 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - VMN Toolbar - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-08-21 1895896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

"ADSL_MENARA"=C:\Windows\adsl.exe [2007-08-18 2652489]

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]

"QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2008-05-27 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"ZOtahgavRR"=C:\ProgramData\mxsbmzcd\yfurkxer.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

"Google Update"=C:\Users\bilou\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 133104]

"dbapien"=C:\ProgramData\dbapien\rwfunitk.exe [2008-09-06 86016]

"chksys"=C:\ProgramData\chksys\rejojcps.exe [2008-09-07 90112]

"ShGen"=C:\ProgramData\ShGen\ghmzajqt.exe [2008-09-07 98304]

"srvsyschk"=C:\Windows\system32\tqbudsxe.exe [2008-09-07 94208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"ZOtahgavRR"=C:\ProgramData\mxsbmzcd\yfurkxer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acgskke]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSL_MENARA]

C:\Windows\adsl.exe [2007-08-18 2652489]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti Mosquito]

C:\Users\bilou\Desktop\anti_mosquito(2)\Anti Mosquito.exe [2001-12-19 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElcomSoft Distributed Agent]

C:\Program Files\ Password Recovery\esda.exe [2007-10-19 591120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElcomSoft DPR Server]

C:\Program Files\ Password Recovery\esdprs.exe [2007-10-25 333584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2006-11-10 1051648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcgmaa]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]

C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [2008-03-26 1232896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Podmailing]

C:\Program Files\Podmailing\Podmailing.exe [2008-06-06 173056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-15 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]

C:\Windows\Speech\Common\sapisvr.exe [2008-01-19 49664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-05-28 1506544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-05-13 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]

C:\Windows\WindowsMobile\wmdc.exe [2007-01-24 563080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide de Microsoft Office OneNote 2003.lnk]

C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]

C:\PROGRA~1\NETGEAR\WG111v2\WG111v2.exe [2007-05-14 1261568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^bilou^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^APO Usb Autorun.lnk]

C:\PROGRA~1\APOUSB~1\USB_AU~1.EXE [2006-11-03 284160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^bilou^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CCC.lnk]

C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\CCC.exe [2006-09-29 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

MonMsgSrv - {3C6BD996-ED93-4024-E804-0213E9D0BEA0} - C:\Program Files\opswdzb\MonMsgSrv.dll [2008-09-07 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a4896bf-2997-11dd-8bd5-806e6f6e6963}]

shell\AutoRun\command - F:\Boulenger.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{769729d2-23de-11dd-9415-001e8c4f542d}]

shell\AutoRun\command - pa39xth.cmd

shell\explore\command - pa39xth.cmd

shell\open\command - pa39xth.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e9df630-2086-11dd-ac23-806e6f6e6963}]

shell\AutoRun\command - F:\setupSNK.exe

List of files/folders created in the last three months

2008-09-08 21:34:16 ----D---- C:\rsit

2008-09-07 22:11:15 ----D---- C:\Program Files\opswdzb

2008-09-07 22:11:06 ----A---- C:\Windows\system32\tqbudsxe.exe

2008-09-07 21:59:38 ----A---- C:\ComboFix.txt

2008-09-07 21:56:02 ----A---- C:\Windows\PSEXESVC.EXE

2008-09-07 21:54:51 ----D---- C:\Windows\erdnt

2008-09-07 21:54:09 ----D---- C:\ComboFix

2008-09-07 21:54:06 ----A---- C:\Windows\swreg.exe

2008-09-07 20:21:00 ----A---- C:\Windows\Nircmd.exe

2008-09-07 20:20:59 ----A---- C:\Windows\zip.exe

2008-09-07 20:20:59 ----A---- C:\Windows\VFind.exe

2008-09-07 20:20:59 ----A---- C:\Windows\swsc.exe

2008-09-07 20:20:59 ----A---- C:\Windows\sed.exe

2008-09-07 20:20:59 ----A---- C:\Windows\grep.exe

2008-09-07 20:20:59 ----A---- C:\Windows\fdsv.exe

2008-09-07 20:20:47 ----A---- C:\Windows\swxcacls.exe

2008-09-07 18:34:13 ----D---- C:\ProgramData\ShGen

2008-09-07 18:25:16 ----D---- C:\Users\bilou\AppData\Roaming\Malwarebytes

2008-09-07 18:25:13 ----D---- C:\ProgramData\Malwarebytes

2008-09-07 18:25:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-07 13:19:31 ----D---- C:\ProgramData\chksys

2008-09-07 11:27:47 ----D---- C:\ProgramData\apisysweb

2008-09-06 15:08:26 ----D---- C:\ProgramData\Spybot - Search & Destroy

2008-09-06 15:08:26 ----D---- C:\Program Files\Spybot - Search & Destroy

2008-09-06 14:52:40 ----D---- C:\ProgramData\mxsbmzcd

2008-09-06 14:52:38 ----D---- C:\ProgramData\dbapien

2008-09-02 19:26:01 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition

2008-09-02 19:23:12 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller

2008-09-02 19:23:03 ----D---- C:\Program Files\Windows Live

2008-09-02 19:22:19 ----D---- C:\ProgramData\WLInstaller

2008-08-31 21:22:28 ----D---- C:\Program Files\TVAnts

2008-08-31 20:05:11 ----D---- C:\Program Files\SopCast

2008-08-30 13:49:51 ----D---- C:\Program Files\POINTDECROIX

2008-08-27 20:22:21 ----A---- C:\Windows\system32\msshooks.dll

2008-08-27 20:22:21 ----A---- C:\Windows\system32\msscb.dll

2008-08-27 20:22:17 ----A---- C:\Windows\system32\thawbrkr.dll

2008-08-27 20:22:17 ----A---- C:\Windows\system32\srchadmin.dll

2008-08-27 20:22:17 ----A---- C:\Windows\system32\SearchFilterHost.exe

2008-08-27 20:22:17 ----A---- C:\Windows\system32\propsys.dll

2008-08-27 20:22:17 ----A---- C:\Windows\system32\propdefs.dll

2008-08-27 20:22:17 ----A---- C:\Windows\system32\msstrc.dll

2008-08-27 20:22:17 ----A---- C:\Windows\system32\mssprxy.dll

2008-08-27 20:22:17 ----A---- C:\Windows\system32\mssitlb.dll

2008-08-27 20:22:17 ----A---- C:\Windows\system32\msshsq.dll

2008-08-27 20:22:17 ----A---- C:\Windows\system32\korwbrkr.dll

2008-08-27 20:22:16 ----A---- C:\Windows\system32\xmlfilter.dll

2008-08-27 20:22:16 ----A---- C:\Windows\system32\wsepno.dll

2008-08-27 20:22:16 ----A---- C:\Windows\system32\rtffilt.dll

2008-08-27 20:22:16 ----A---- C:\Windows\system32\offfilt.dll

2008-08-27 20:22:16 ----A---- C:\Windows\system32\nlhtml.dll

2008-08-27 20:22:16 ----A---- C:\Windows\system32\msscntrs.dll

2008-08-27 20:22:16 ----A---- C:\Windows\system32\mimefilt.dll

2008-08-27 20:22:16 ----A---- C:\Windows\system32\chsbrkr.dll

2008-08-27 20:22:15 ----A---- C:\Windows\system32\tquery.dll

2008-08-27 20:22:15 ----A---- C:\Windows\system32\SearchProtocolHost.exe

2008-08-27 20:22:15 ----A---- C:\Windows\system32\SearchIndexer.exe

2008-08-27 20:22:15 ----A---- C:\Windows\system32\mssvp.dll

2008-08-27 20:22:15 ----A---- C:\Windows\system32\mssrch.dll

2008-08-27 20:22:15 ----A---- C:\Windows\system32\chtbrkr.dll

2008-08-27 20:22:14 ----A---- C:\Windows\system32\mssphtb.dll

2008-08-27 20:22:14 ----A---- C:\Windows\system32\mssph.dll

2008-08-26 18:13:56 ----D---- C:\Users\bilou\AppData\Roaming\Ubisoft

2008-08-26 18:01:19 ----D---- C:\ProgramData\Ubisoft

2008-08-26 17:51:05 ----D---- C:\Program Files\HomePlayer

2008-08-26 17:33:09 ----D---- C:\Program Files\Ubisoft

2008-08-26 17:29:28 ----D---- C:\Program Files\DAEMON Tools Lite

2008-08-26 16:24:52 ----D---- C:\Users\bilou\AppData\Roaming\DAEMON Tools

2008-08-26 16:23:07 ----D---- C:\Assassin's creed

2008-08-26 16:20:38 ----D---- C:\Users\bilou\AppData\Roaming\ImgBurn

2008-08-26 15:41:09 ----D---- C:\Program Files\ImgBurn

2008-08-26 14:56:05 ----D---- C:\Program Files\IKEA HomePlanner

2008-08-26 11:15:35 ----A---- C:\Windows\system32\wups2.dll

2008-08-26 11:15:35 ----A---- C:\Windows\system32\wuauclt.exe

2008-08-26 11:15:34 ----A---- C:\Windows\system32\wucltux.dll

2008-08-26 11:15:34 ----A---- C:\Windows\system32\wuaueng.dll

2008-08-26 11:15:09 ----A---- C:\Windows\system32\wups.dll

2008-08-26 11:15:09 ----A---- C:\Windows\system32\wudriver.dll

2008-08-26 11:15:09 ----A---- C:\Windows\system32\wuapi.dll

2008-08-26 11:14:59 ----A---- C:\Windows\system32\wuwebv.dll

2008-08-26 11:14:59 ----A---- C:\Windows\system32\wuapp.exe

2008-08-26 09:52:02 ----D---- C:\Program Files\iPod

2008-08-26 09:51:58 ----D---- C:\Program Files\iTunes

2008-08-26 09:50:42 ----D---- C:\Program Files\Bonjour

2008-08-26 09:45:07 ----D---- C:\Program Files\Safari

2008-08-25 21:52:39 ----A---- C:\Windows\system32\tzres.dll

2008-08-25 15:33:50 ----A---- C:\Windows\system32\es.dll

2008-08-25 15:33:48 ----A---- C:\Windows\system32\IPSECSVC.DLL

2008-08-25 15:33:37 ----A---- C:\Windows\system32\mshtml.dll

2008-08-25 15:33:35 ----A---- C:\Windows\system32\ieframe.dll

2008-08-25 15:33:33 ----A---- C:\Windows\system32\wininet.dll

2008-08-25 15:33:32 ----A---- C:\Windows\system32\urlmon.dll

2008-08-25 15:33:30 ----A---- C:\Windows\system32\mstime.dll

2008-08-25 15:33:28 ----A---- C:\Windows\system32\jsproxy.dll

2008-08-25 15:33:06 ----A---- C:\Windows\system32\inetcomm.dll

2008-07-29 13:05:13 ----D---- C:\Windows\DESKTOP

2008-07-29 13:04:55 ----D---- C:\BARBIE

2008-07-29 13:04:39 ----A---- C:\Windows\UNINST16.EXE

2008-07-11 19:55:16 ----D---- C:\My Shared Folder

2008-07-11 19:55:15 ----D---- C:\Program Files\Torrent Searcher 5

2008-07-11 09:30:10 ----A---- C:\Windows\system32\NlsLexicons0007.dll

2008-07-11 09:30:06 ----A---- C:\Windows\system32\NlsLexicons0009.dll

2008-07-11 09:29:47 ----A---- C:\Windows\system32\NaturalLanguage6.dll

2008-07-10 15:43:18 ----D---- C:\Program Files\Microsoft Reader

2008-07-10 15:43:18 ----A---- C:\Windows\DASShp.dll

2008-07-09 19:54:34 ----D---- C:\Program Files\WWW File Share Pro

2008-07-09 18:40:21 ----D---- C:\Program Files\soil

2008-07-09 18:40:01 ----A---- C:\Windows\ST5UNST.EXE

2008-07-09 16:52:24 ----D---- C:\Program Files\Accent OFFICE Password Recovery

2008-07-09 11:08:41 ----D---- C:\Program Files\wLiteWEBCAMXP

2008-07-09 09:59:51 ----A---- C:\Windows\system32\shell32.dll

2008-07-09 09:34:43 ----A---- C:\Windows\system32\rpcrt4.dll

2008-07-09 09:34:42 ----A---- C:\Windows\system32\ntkrnlpa.exe

2008-07-09 09:34:41 ----A---- C:\Windows\system32\ntoskrnl.exe

2008-07-09 09:34:41 ----A---- C:\Windows\system32\emdmgmt.dll

2008-07-09 09:34:40 ----A---- C:\Windows\system32\pacerprf.dll

2008-07-09 09:30:21 ----A---- C:\Windows\system32\vbscript.dll

2008-07-09 09:30:20 ----A---- C:\Windows\system32\wshext.dll

2008-07-09 09:30:20 ----A---- C:\Windows\system32\wscript.exe

2008-07-09 09:30:20 ----A---- C:\Windows\system32\scrrun.dll

2008-07-09 09:30:20 ----A---- C:\Windows\system32\scrobj.dll

2008-07-09 09:30:20 ----A---- C:\Windows\system32\jscript.dll

2008-07-09 09:30:20 ----A---- C:\Windows\system32\cscript.exe

2008-07-09 01:34:40 ----D---- C:\Program Files\webcamXP

2008-07-09 00:32:09 ----AD---- C:\ProgramData\TEMP

2008-07-09 00:31:19 ----D---- C:\Program Files\Active Data Recovery Software

2008-07-08 23:39:58 ----D---- C:\Program Files\Axialis

2008-07-08 23:08:07 ----A---- C:\Windows\adsl.exe

2008-07-08 23:08:06 ----A---- C:\Windows\WD90ZIP.DLL

2008-07-08 23:08:06 ----A---- C:\Windows\WD90XML.DLL

2008-07-08 23:08:06 ----A---- C:\Windows\WD90STD.DLL

2008-07-08 23:08:06 ----A---- C:\Windows\WD90RTF.DLL

2008-07-08 23:08:06 ----A---- C:\Windows\WD90PRN.DLL

2008-07-08 23:08:06 ----A---- C:\Windows\WD90PDF.DLL

2008-07-08 23:08:06 ----A---- C:\Windows\WD90OBJ.DLL

2008-07-08 23:08:06 ----A---- C:\Windows\WD90IMG.DLL

2008-07-08 23:08:06 ----A---- C:\Windows\WD90HTML.DLL

2008-07-08 23:08:06 ----A---- C:\Windows\WD90ETAT.DLL

2008-07-08 23:08:06 ----A---- C:\Windows\WD90COM.DLL

2008-07-08 23:08:05 ----A---- C:\Windows\WD90VM.DLL

2008-07-08 23:08:03 ----D---- C:\Program Files\CV-GEN 1.0.1

2008-07-08 21:56:11 ----D---- C:\Program Files\xp-Iso-Builder

2008-07-04 21:56:02 ----D---- C:\Program Files\EMME

2008-07-04 19:54:22 ----D---- C:\Program Files\Kirikou Demo

2008-07-03 15:35:27 ----D---- C:\Program Files\Conduit

2008-07-03 15:35:26 ----D---- C:\Program Files\elawael

2008-07-03 11:24:56 ----D---- C:\Program Files\Total Video Converter

2008-07-02 16:46:43 ----D---- C:\PerfLogs

2008-07-01 19:21:56 ----D---- C:\Program Files\WhereIsIP

2008-07-01 19:21:56 ----A---- C:\Windows\system32\UNWISE.INI

2008-07-01 19:21:56 ----A---- C:\Windows\system32\UNWISE.EXE

2008-06-30 18:19:43 ----D---- C:\Program Files\ABBYY ScanTo Office 1.0

2008-06-30 17:54:59 ----D---- C:\Program Files\1st AutoRun Express

2008-06-30 17:46:20 ----D---- C:\Users\bilou\AppData\Roaming\Vista Start Menu

2008-06-30 17:46:16 ----D---- C:\Program Files\Vista Start Menu

2008-06-29 19:29:45 ----D---- C:\Users\bilou\AppData\Roaming\SolidDocuments

2008-06-29 19:28:30 ----D---- C:\ProgramData\SolidDocuments

2008-06-27 15:42:15 ----D---- C:\Output

2008-06-27 15:38:48 ----D---- C:\Program Files\All Office Converter Pro

2008-06-27 10:43:19 ----D---- C:\Users\bilou\AppData\Roaming\InfraRecorder

2008-06-27 10:43:17 ----D---- C:\Program Files\InfraRecorder

2008-06-24 11:32:54 ----D---- C:\Program Files\Google SketchUp 6

2008-06-23 17:31:14 ----D---- C:\Program Files\NAVIGON GmbH

2008-06-23 15:38:59 ----D---- C:\Users\bilou\AppData\Roaming\INAC

2008-06-23 15:38:59 ----D---- C:\ProgramData\INAC

2008-06-23 15:32:29 ----D---- C:\Program Files\INAC

2008-06-22 20:59:10 ----D---- C:\Users\bilou\AppData\Roaming\AVS4YOU

2008-06-22 20:59:07 ----D---- C:\ProgramData\AVS4YOU

2008-06-22 20:58:22 ----D---- C:\Program Files\Common Files\AVSMedia

2008-06-22 20:57:48 ----D---- C:\Program Files\AVS4YOU

2008-06-22 20:57:48 ----A---- C:\Windows\system32\msxml3a.dll

2008-06-22 20:57:48 ----A---- C:\Windows\system32\msvcr70.dll

2008-06-22 20:57:48 ----A---- C:\Windows\system32\msvcp70.dll

2008-06-22 20:57:48 ----A---- C:\Windows\system32\mfc70.dll

2008-06-22 20:38:37 ----D---- C:\Users\bilou\AppData\Roaming\STOIK

2008-06-22 20:37:53 ----D---- C:\Program Files\STOIK Imaging

2008-06-19 19:17:00 ----D---- C:\Program Files\Unlock Codes Calculator (by Crux)

2008-06-19 18:42:52 ----D---- C:\Program Files\NokiaFREE Unlock Codes Calculator

2008-06-19 13:36:06 ----D---- C:\Program Files\FLV Player

2008-06-19 11:38:16 ----D---- C:\Program Files\MediaCoder

2008-06-19 09:15:12 ----A---- C:\Windows\NeroDigital.ini

2008-06-19 09:15:07 ----D---- C:\Users\bilou\AppData\Roaming\Metacafe

2008-06-19 09:14:25 ----D---- C:\Program Files\Common Files\Akamai

2008-06-19 09:14:16 ----D---- C:\ProgramData\Metacafe

2008-06-19 09:14:15 ----D---- C:\Program Files\Metacafe

2008-06-18 15:46:42 ----SHD---- C:\Windows\ftpcache

2008-06-18 13:37:21 ----D---- C:\ADCDTEMP

2008-06-18 11:54:43 ----D---- C:\Program Files\Live-Player

2008-06-17 17:30:00 ----D---- C:\tmpDownload

2008-06-17 16:43:26 ----D---- C:\tmp

2008-06-17 16:27:13 ----D---- C:\YoutubeGet

2008-06-16 12:45:26 ----D---- C:\Program Files\RM to MP3 Converter

2008-06-16 11:43:21 ----D---- C:\Program Files\MemoriesOnTV4

2008-06-15 20:08:53 ----D---- C:\Users\bilou\AppData\Roaming\Thinstall

2008-06-15 19:06:06 ----D---- C:\Program Files\Flash Memory Toolkit

2008-06-15 17:38:38 ----D---- C:\Program Files\ElcomSoft

2008-06-15 17:38:38 ----D---- C:\Program Files\ Password Recovery

2008-06-14 10:02:44 ----A---- C:\Windows\system32\psisdecd.dll

2008-06-14 10:02:44 ----A---- C:\Windows\system32\EncDec.dll

2008-06-13 19:23:30 ----D---- C:\Program Files\Virtual Earth 3D

2008-06-13 18:51:59 ----D---- C:\ProgramData\SUPERAntiSpyware.com

2008-06-13 18:51:31 ----D---- C:\Users\bilou\AppData\Roaming\SUPERAntiSpyware.com

2008-06-13 18:51:31 ----D---- C:\Program Files\SUPERAntiSpyware

2008-06-13 18:50:53 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2008-06-13 18:02:35 ----D---- C:\Windows\system32\shell

2008-06-13 18:02:34 ----D---- C:\Program Files\Samy Soft

2008-06-13 12:35:50 ----D---- C:\Windows\Sun

2008-06-13 12:34:48 ----D---- C:\Users\bilou\AppData\Roaming\Megaupload

2008-06-13 12:32:21 ----D---- C:\Program Files\Megaupload

2008-06-12 09:27:37 ----D---- C:\Users\bilou\AppData\Roaming\Notepad++

2008-06-12 09:27:37 ----D---- C:\Program Files\Notepad++

2008-06-11 15:23:15 ----A---- C:\Windows\system32\quartz.dll

2008-06-09 20:29:05 ----D---- C:\Program Files\SlySoft

2008-06-09 16:21:00 ----D---- C:\Program Files\Podmailing

List of drivers

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]

R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]

R1 InCDPass;InCDPass; C:\Windows\system32\drivers\InCDPass.sys [2006-11-10 31360]

R1 raddrvv3;raddrvv3; \??\C:\Windows\system32\rserver30\raddrvv3.sys [2008-04-24 45848]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-05-28 8944]

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-05-28 55024]

R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-03-14 46652]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]

R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]

R2 mbmiodrvr;mbmiodrvr; \??\C:\Windows\system32\mbmiodrvr.sys [2004-04-10 2944]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-03-26 766464]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-06 2411520]

R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]

R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]

R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]

R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

R3 mirrorv3;mirrorv3; C:\Windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]

R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432]

R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]

R3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [2006-10-02 10368]

R3 RTL8023xp;Pilote Realtek 10/100 NIC Family NDIS x86; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]

R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\Windows\system32\DRIVERS\wg111v2.sys [2007-02-06 206336]

R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\Windows\System32\Drivers\StkCMini.sys [2007-02-13 1245056]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

R4 InCDfs;InCD File System; C:\Windows\system32\drivers\InCDFs.sys [2006-11-10 102912]

S1 incdrm;InCD Reader; C:\Windows\system32\drivers\InCDRm.sys [2006-11-10 33792]

S3 a306zrt8;a306zrt8; C:\Windows\system32\drivers\a306zrt8.sys []

S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]

S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]

S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]

S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\Windows\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]

S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 256000]

S3 NETw3v32;Intel® PRO/Wireless 3945BG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]

S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-14 4422560]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]

S3 RT73;RT73 USB Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\rt73.sys [2005-08-02 232192]

S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]

S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]

S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]

S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]

S3 WINUSB;Pilote WinUsb; C:\Windows\system32\DRIVERS\WinUSB.SYS [2008-01-19 31616]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]

S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys []

List of services

R2 Akamai;Akamai; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-03-06 565248]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2006-11-10 859136]

R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 RServer3;Radmin Server V3; C:\Windows\system32\rserver30\RServer3.exe [2008-04-24 1238344]

R2 SCM_Service;SCM_Service; C:\Windows\System32\WinService.exe [2007-03-29 180224]

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\Windows\System32\StkCSrv.exe [2007-02-07 24576]

R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]

R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

info.txt logfile of random's system information tool 2008-09-08 21:34:36

Uninstall list

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\Windows\NuNInst.exe /UNINSTALL

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL

1st AutoRun Express 2.0 (Free)-->"C:\Program Files\1st AutoRun Express\unins000.exe"

Accent OFFICE Password Recovery 2.40-->C:\Program Files\Accent OFFICE Password Recovery\uninst.exe

Active@ Disk Image TRIAL-->"C:\Program Files\Active Data Recovery Software\Active Disk Image\UNWISE.EXE" "C:\Program Files\Active Data Recovery Software\Active Disk Image\INSTALL.LOG"

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}

Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log

adsl TV-->C:\Program Files\adslTV\Uninstal.exe

All Office Converter Pro 5.1-->"C:\Program Files\All Office Converter Pro\unins000.exe"

APO Usb Autorun-->C:\Program Files\APO Usb Autorun\uninstall.exe

Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}

Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}

Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly

Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x40c -removeonly

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"

AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"

Azureus-->C:\Program Files\Azureus\Uninstall.exe

Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}

ccc-Branding-->MsiExec.exe /I{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}

CloneDVD2-->"C:\Program Files\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\CloneDVD2"

Codec Pack - All In 1 6.0.3.0-->C:\Windows\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"

CV-GEN 1.0.1-->C:\Program Files\CV-GEN 1.0.1\uninstall.exe

Distributed Password Recovery-->C:\Program Files\ Password Recovery\uninstall.exe

Driver Genius Professional Edition 2007-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"

EVEREST Ultimate Edition v4.50-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"

Favorit-->c:\users\bilou\appdata\local\ismoj.bat

Favorit-->c:\users\bilou\appdata\local\mcgmaa.bat

FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"

Flash Memory Toolkit 1.20-->"C:\Program Files\Flash Memory Toolkit\unins000.exe"

FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe

Free Internet Eraser 2.30-->"C:\Program Files\PrivacyEraser Computing\Free Internet Eraser\unins000.exe"

FTP Expert 3-->"C:\Program Files\Visicom Media\FTP Expert 3\uninst-ftp.exe"

FTP freebox 1.6-->"C:\Program Files\FTP freebox V1.6\unins000.exe"

Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}

Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /I{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Google Gears-->MsiExec.exe /I{552171BC-30F8-3B29-9C4F-E3FE590B7CAC}

Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly

GrabIt 1.7.1 Beta (build 960)-->"C:\Program Files\GrabIt\unins000.exe"

HijackThis 2.0.2-->"C:\Users\bilou\Desktop\HijackThis.exe" /uninstall

HomePlayer 1.5.6-->C:\Program Files\HomePlayer\uninst.exe

HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 anything

IKEA Home Planner-->MsiExec.exe /I{A987FEC8-5616-49BD-BCA6-ACFFFE7403FE}

ImgBurn 2.3.2.0 Fr-->"C:\Program Files\ImgBurn\unins000.exe"

Incomedia WebSite X5 Evolution-->C:\Windows\system32\iwpsetup.exe Uninst /Evolution /FR /C:\Program Files\WebSite X5 Evolution

InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe

iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

K-Lite Codec Pack 3.9.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Lauyan TOWeb V2-->"C:\Program Files\Lauyan\TOWeb V2\unins000.exe"

Live-Player-->C:\Program Files\Live-Player\uninst.exe

Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x40c

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

MediaCoder 0.6.0-->C:\Program Files\MediaCoder\uninst.exe

Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly

MemoriesOnTV 4.0.4-->"C:\Program Files\MemoriesOnTV4\unins000.exe"

Metacafe-->C:\Program Files\Metacafe\uninstaller.exe

Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{9084040C-6000-11D3-8CFE-0150048383C9}

Microsoft Office OneNote 2003-->MsiExec.exe /I{90A1040C-6000-11D3-8CFE-0150048383C9}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x40c

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{CB8CA439-DA83-419C-A4CF-5A0A50025144}

Motherboard Monitor 5-->"C:\Program Files\Motherboard Monitor 5\unins000.exe"

Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller

Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

My Drivers 3.31-->"C:\Program Files\My Drivers\unins000.exe"

Navman SmartST Desktop Version 3 for iCN500 Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17C4BEEA-D6E8-4975-B2CC-53F6F5CE9959}\expand.exe" -l0x40c

NCK 5.0-->MsiExec.exe /I{4427A842-A770-43BA-846D-FBE6AC00613D}

Nero 7 Ultra Edition-->MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31036}

NETGEAR WG111v2 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{4102037D-E8E0-48E0-B203-E521D194FB71}\setup.exe -runfromtemp -l0x0009 -removeonly

Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}

Nokia PC Suite-->C:\ProgramData\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_fre.exe

Nokia PC Suite-->MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}

NokiaFREE Unlock Codes Calculator-->"C:\Program Files\NokiaFREE Unlock Codes Calculator\uninst.exe"

Norton Security Scan-->MsiExec.exe /I{1A8A214F-6BAC-4E01-A27D-25C19A484908}

Notepad++-->C:\Program Files\Notepad++\uninstall.exe

Package de pilotes Windows - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ce5ad925\nokia_bluetooth.inf

Package de pilotes Windows - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_674398ba\nokbtmdm.inf

Package de pilotes Windows - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf

Package de pilotes Windows - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf

Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf

PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}

PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"

Pocket Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC9EA2BC-BCFA-4DEA-8F5F-1E1032567673}\Setup.exe" -l0x9

Podmailing Beta 0.10.0-->C:\Program Files\Podmailing\uninstall.exe

Point De Croix-->C:\PROGRA~1\POINTD~1\UNWISE.EXE C:\PROGRA~1\POINTD~1\INSTALL.LOG

PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"

QuickTime Alternative 2.5.1-->"C:\Program Files\QuickTime Alternative\unins000.exe"

QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}

Radmin Server 3.2-->MsiExec.exe /X{ED87EE42-C14B-4119-8686-C3A630F2A463}

RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

RegCure-->"C:\Windows\RegCure\uninstall.exe" "/U:C:\Program Files\RegCure\Uninstall\uninstall.xml"

Registry Easy v4.2-->"C:\Program Files\Registry Easy\unins000.exe"

RM to MP3 Converter 1.48-->"C:\Program Files\RM to MP3 Converter\unins000.exe"

Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}

Samy Soft TV 2.0-->MsiExec.exe /I{0568801A-94CE-448B-A9FB-093C2ECB2132}

SDFormatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A347920-4AFC-11D5-9FB0-800649886934}\setup.exe"

Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

soil-->C:\Windows\ST5UNST.EXE -n "C:\Program Files\soil\ST5UNST.LOG"

SopCast 3.0.1-->C:\Program Files\SopCast\uninst.exe

StartUp Manager-->C:\Program Files\INAC\StartUp Manager\uninstall.exe

STOIK Video Converter 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8DF8593-F619-47DE-AD27-BCABF233433A}\setup.exe" -l0x9

SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

Total Video Converter 3.12 080330-->"C:\Program Files\Total Video Converter\unins000.exe"

TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG

Unlock Codes Calculator (remove only)-->"C:\Program Files\Unlock Codes Calculator (by Crux)\uninst.exe"

USB2.0 1.3M WebCam-->C:\Windows\StkUnist.exe

VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Virtual Earth 3D (Beta)-->MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}

Vista Start Menu-->C:\Program Files\Vista Start Menu\uninstall.exe

webcamXP 2008-->"C:\Program Files\webcamXP\wxp-uninst.exe"

webcamXP Lite-->"C:\Program Files\wLiteWEBCAMXP\wl-uninst.exe"

WhereIsIP-->C:\Windows\System32\UNWISE.EXE C:\Windows\System32\INSTALL.LOG

Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinFuture xp-Iso-Builder 3.0.3-->"C:\Program Files\xp-Iso-Builder\unins000.exe"

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

WWW File Share Pro 5.30-->"C:\Program Files\WWW File Share Pro\unins000.exe"

YoutubeGet 4-->"c:\YoutubeGet\unins000.exe"

Hosts File

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

Security center information

AV: avast! antivirus 4.8.1229 [VPS 080908-0]

AS: Windows Defender

AS: SUPERAntiSpyware (disabled)

AS: avast! antivirus 4.8.1229 [VPS 080908-0]

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime Alternative\QTSystem

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"NUMBER_OF_PROCESSORS"=2

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

Thanos · le 8 septembre 2008

re!

le pc est effectivement bien infecté!! Voilà ce que tu vas faire pour nettoyer le tout >>

1°) Désactive l'UAC le temps du scan comme indiqué ici >> http://www.zebulon.fr/astuces/220-desactiv...dans-vista.html

2°) Avant d'effectuer le scan qui va suivre, branche d'abord tous les supports amovibles que tu possèdes (clé usb/ disque dur externe etc...)

Télécharge Malwarebytes' Anti-Malware (MBAM)

Double clique sur le fichier téléchargé pour lancer le processus d'installation.
Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
Sélectionne "Exécuter un examen rapide"
Clique sur "Rechercher"
L'analyse démarre, le scan est relativement long, c'est normal.
A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

3°) Poste stp le rapport de MBAM ainsi qu'un nouveau rapport RSIT

sonnynice · le 9 septembre 2008

Rapport Malwarebytes

Malwarebytes' Anti-Malware 1.27

Version de la base de données: 1131

Windows 6.0.6001 Service Pack 1

09/09/2008 09:39:35

mbam-log-2008-09-09 (09-39-35).txt

Type de recherche: Examen rapide

Eléments examinés: 42430

Temps écoulé: 3 minute(s), 19 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 3

Valeur(s) du Registre infectée(s): 4

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 3

Fichier(s) infecté(s): 4

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{3c6bd996-ed93-4024-e804-0213e9d0bea0} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\monmsgsrv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dbapien (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\chksys (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\srvsyschk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

C:\Program Files\opswdzb (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

C:\ProgramData\dbapien (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

C:\ProgramData\chksys (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):

C:\Program Files\opswdzb\MonMsgSrv.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

C:\ProgramData\dbapien\rwfunitk.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

C:\ProgramData\chksys\rejojcps.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

C:\Windows\System32\tqbudsxe.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Rapport RSIT log

Logfile of random's system information tool (written by random/random)

Run by bilou at 2008-09-09 09:41:33

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1

System drive C: has 62 GB (40%) free of 153 GB

Total RAM: 2047 MB (64% free)