Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Menage hivernal


scheuch

Messages recommandés

Bonjour,

Je profite d'un peu de temps libre pour faire du ménage sur le pc d'un proche,

Je viens de passer un coup de ccleaner et maintenat j'ai passé hijackthis et j'aimerai votre avis sur la suite des opérations a faire selon vous pour avoir un pc qui soit le plus "propre" possible.

 

Voici le rapport et merci d'avance :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:04, on 2009-01-10

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Dell AIO Printer 948\memcard.exe

C:\WINDOWS\System32\regsvr32.exe

C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\DynDNS Updater\DynUpPs.exe

C:\Program Files\Hercules\WiFi Station\WifiStation.exe

C:\Program Files\DynDNS Updater\DynTray.exe

C:\WINDOWS\system32\netdde.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\hinsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Tall Emu\Online Armor\oacat.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\dldfcoms.exe

C:\Program Files\Dell AIO Printer 948\dldfmon.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\DllHost.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Dell AIO Printer 948\dldfmon.exe

C:\Program Files\Dell AIO Printer 948\memcard.exe

C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DynDNS Updater\DynUpPs.exe

C:\Program Files\Hercules\WiFi Station\WifiStation.exe

C:\Program Files\DynDNS Updater\DynTray.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\Program Files\UltraVNC\winvnc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Mireille\Bureau\HiJackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)

O2 - BHO: mysidesearch search enhancer - {5A8B4DA1-773C-BF40-463B-3895B077261F} - C:\WINDOWS\system32\gsnlxqnzxzllim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: milehighads browser enhancer - {A984EB01-39CA-098C-A4E7-912A02E38C4B} - C:\WINDOWS\system32\qemdytfrfwdra.dll

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)

O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: milehighads - {fe9ee228-582f-0489-7784-9912362322ec} - C:\WINDOWS\system32\nslF8.dll

O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll

O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"

O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s

O4 - HKLM\..\Run: [znqaaaqmpt] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\qemdytfrfwdra.dll"

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-21-1801674531-299502267-725345543-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Sylvain')

O4 - HKUS\S-1-5-21-1801674531-299502267-725345543-1003\..\Run: [WinButler] C:\Documents and Settings\Sylvain\Application Data\WinButler\WinButler.exe (User 'Sylvain')

O4 - HKUS\S-1-5-21-1801674531-299502267-725345543-1003\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe (User 'Sylvain')

O4 - HKUS\S-1-5-21-1801674531-299502267-725345543-1003\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" (User 'Sylvain')

O4 - HKUS\S-1-5-21-1801674531-299502267-725345543-1003\..\Run: [Chicdead] C:\DOCUME~1\Sylvain\APPLIC~1\DUPEOB~1\jump list.exe (User 'Sylvain')

O4 - HKUS\S-1-5-21-1801674531-299502267-725345543-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Sylvain')

O4 - Global Startup: DynDNS Updater.lnk = C:\Program Files\DynDNS Updater\DynUpPs.exe

O4 - Global Startup: WiFi Station.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O16 - DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} (CV781Object Object) - http://kitaclore.dyndns.org:5910/AVC_AX_DVR.cab

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.fr/Genoogle/Componen...EngineQuery.dll

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688

O17 - HKLM\System\CCS\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CS1\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CS2\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CS3\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: dlbx_device - Unknown owner - C:\WINDOWS\system32\dlbxcoms.exe (file missing)

O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe

O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe

O23 - Service: Hinsrv Service (Hinsrv) - Unknown owner - C:\WINDOWS\system32\hinsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: SoftGuard Service (SG_Service) - Unknown owner - C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O24 - Desktop Component 0: Ma page d'accueil - About:Home

 

--

End of file - 9667 bytes

Lien vers le commentaire
Partager sur d’autres sites

salut :P

 

Le pc est infecté! Un petit scan supplémentaire avec un programme que tu vas pouvoir conserver >>

 

1°) Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complêt"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

2°) Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

Modifié par Thanos
Lien vers le commentaire
Partager sur d’autres sites

Voila déjà le rapport de MBAM :

 

Malwarebytes' Anti-Malware 1.32

Version de la base de données: 1638

Windows 5.1.2600 Service Pack 2

 

10/01/2009 16:11:51

mbam-log-2009-01-10 (16-11-51).txt

 

Type de recherche: Examen complet (C:\|D:\|E:\|)

Eléments examinés: 143429

Temps écoulé: 1 hour(s), 11 minute(s), 44 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 7

Valeur(s) du Registre infectée(s): 1

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 7

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5a8b4da1-773c-bf40-463b-3895b077261f} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5a8b4da1-773c-bf40-463b-3895b077261f} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a984eb01-39ca-098c-a4e7-912a02e38c4b} (Adware.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a984eb01-39ca-098c-a4e7-912a02e38c4b} (Adware.BHO) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\znqaaaqmpt (Trojan.Agent) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

C:\Program Files\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\System Volume Information\_restore{EC5E7376-8FDB-4BBA-B893-839341FB7AA6}\RP36\A0021969.exe (Adware.Adrotator) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{EC5E7376-8FDB-4BBA-B893-839341FB7AA6}\RP17\A0013146.exe (Adware.Agent) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{EC5E7376-8FDB-4BBA-B893-839341FB7AA6}\RP31\A0018714.exe (Adware.Agent) -> Quarantined and deleted successfully.

D:\System Volume Information\_restore{EC5E7376-8FDB-4BBA-B893-839341FB7AA6}\RP45\A0025334.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\qemdytfrfwdra.dll (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\gsnlxqnzxzllim.dll (Adware.BHO) -> Delete on reboot.

Lien vers le commentaire
Partager sur d’autres sites

voila le fichier log de rsit :

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Sylvain at 2009-01-10 16:19:46

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 14 GB (36%) free of 39 GB

Total RAM: 1023 MB (60% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:20:31, on 10/01/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\netdde.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\dldfcoms.exe

C:\WINDOWS\system32\hinsrv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Tall Emu\Online Armor\oacat.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Dell AIO Printer 948\dldfmon.exe

C:\Program Files\Dell AIO Printer 948\memcard.exe

C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\Program Files\Tall Emu\Online Armor\oahlp.exe

C:\Program Files\DynDNS Updater\DynUpPs.exe

C:\Program Files\UltraVNC\winvnc.exe

C:\Program Files\DynDNS Updater\DynTray.exe

C:\Program Files\Hercules\WiFi Station\WifiStation.exe

C:\WINDOWS\system32\wuauclt.exe

D:\Sécurité\RSIT.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Documents and Settings\Mireille\Bureau\Sylvain.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - (no file)

R3 - URLSearchHook: (no name) - {40d1c3a7-4ffb-4443-b3a0-a64b2df7fc3b} - (no file)

R3 - URLSearchHook: (no name) - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - (no file)

R3 - URLSearchHook: (no name) - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - (no file)

R3 - URLSearchHook: (no name) - {b5146c40-189a-4311-bda9-fbae3e023187} - (no file)

R3 - URLSearchHook: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)

O2 - BHO: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: milehighads - {fe9ee228-582f-0489-7784-9912362322ec} - C:\WINDOWS\system32\nslF8.dll

O3 - Toolbar: Come2PlayK2P Toolbar - {b8a5b62c-517f-42a5-85ae-29b5497fb15f} - C:\Program Files\Come2PlayK2P\tbCome.dll

O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [dldfmon.exe] "C:\Program Files\Dell AIO Printer 948\dldfmon.exe"

O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell AIO Printer 948\memcard.exe"

O4 - HKLM\..\Run: [Dell AIO Printer 948 Fax Server] "C:\Program Files\Dell AIO Printer 948\fm3032.exe" /s

O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\Sylvain\Application Data\WinButler\WinButler.exe

O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [Chicdead] C:\DOCUME~1\Sylvain\APPLIC~1\DUPEOB~1\jump list.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: DynDNS Updater.lnk = C:\Program Files\DynDNS Updater\DynUpPs.exe

O4 - Global Startup: Serveur UltraVNC (2).lnk = C:\Program Files\UltraVNC\winvnc.exe

O4 - Global Startup: WiFi Station.lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} (CV781Object Object) - http://kitaclore.dyndns.org:5910/AVC_AX_DVR.cab

O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.fr/Genoogle/Componen...EngineQuery.dll

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688

O17 - HKLM\System\CCS\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CS1\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CS2\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252

O17 - HKLM\System\CS3\Services\Tcpip\..\{35B3EFF2-D176-4CD0-9363-470ED3A77F48}: NameServer = 212.27.53.252,212.27.54.252

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: dlbx_device - Unknown owner - C:\WINDOWS\system32\dlbxcoms.exe (file missing)

O23 - Service: dldfCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe

O23 - Service: dldf_device - - C:\WINDOWS\system32\dldfcoms.exe

O23 - Service: Hinsrv Service (Hinsrv) - Unknown owner - C:\WINDOWS\system32\hinsrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: SoftGuard Service (SG_Service) - Unknown owner - C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

 

--

End of file - 9588 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\At1.job

C:\WINDOWS\tasks\At10.job

C:\WINDOWS\tasks\At11.job

C:\WINDOWS\tasks\At12.job

C:\WINDOWS\tasks\At13.job

C:\WINDOWS\tasks\At14.job

C:\WINDOWS\tasks\At15.job

C:\WINDOWS\tasks\At16.job

C:\WINDOWS\tasks\At17.job

C:\WINDOWS\tasks\At18.job

C:\WINDOWS\tasks\At19.job

C:\WINDOWS\tasks\At2.job

C:\WINDOWS\tasks\At20.job

C:\WINDOWS\tasks\At21.job

C:\WINDOWS\tasks\At22.job

C:\WINDOWS\tasks\At23.job

C:\WINDOWS\tasks\At24.job

C:\WINDOWS\tasks\At25.job

C:\WINDOWS\tasks\At26.job

C:\WINDOWS\tasks\At27.job

C:\WINDOWS\tasks\At28.job

C:\WINDOWS\tasks\At29.job

C:\WINDOWS\tasks\At3.job

C:\WINDOWS\tasks\At30.job

C:\WINDOWS\tasks\At31.job

C:\WINDOWS\tasks\At32.job

C:\WINDOWS\tasks\At33.job

C:\WINDOWS\tasks\At34.job

C:\WINDOWS\tasks\At35.job

C:\WINDOWS\tasks\At36.job

C:\WINDOWS\tasks\At37.job

C:\WINDOWS\tasks\At38.job

C:\WINDOWS\tasks\At39.job

C:\WINDOWS\tasks\At4.job

C:\WINDOWS\tasks\At40.job

C:\WINDOWS\tasks\At41.job

C:\WINDOWS\tasks\At42.job

C:\WINDOWS\tasks\At43.job

C:\WINDOWS\tasks\At44.job

C:\WINDOWS\tasks\At45.job

C:\WINDOWS\tasks\At46.job

C:\WINDOWS\tasks\At47.job

C:\WINDOWS\tasks\At48.job

C:\WINDOWS\tasks\At5.job

C:\WINDOWS\tasks\At6.job

C:\WINDOWS\tasks\At7.job

C:\WINDOWS\tasks\At8.job

C:\WINDOWS\tasks\At9.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E896FCA-D07E-45FE-901F-6A26FCF59C02}]

Iminent.SearchTheWeb.HelperObject - C:\WINDOWS\system32\mscoree.dll [2006-12-22 271360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-04 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]

Come2PlayK2P Toolbar - C:\Program Files\Come2PlayK2P\tbCome.dll [2008-08-20 1780248]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-04 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-04 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe9ee228-582f-0489-7784-9912362322ec}]

milehighads - C:\WINDOWS\system32\nslF8.dll [2009-01-05 684544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{b8a5b62c-517f-42a5-85ae-29b5497fb15f} - Come2PlayK2P Toolbar - C:\Program Files\Come2PlayK2P\tbCome.dll [2008-08-20 1780248]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"dlbxmon.exe"=C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe []

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2008-10-07 6216192]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-04 136600]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

"dldfmon.exe"=C:\Program Files\Dell AIO Printer 948\dldfmon.exe [2007-09-18 455336]

"MemoryCardManager"=C:\Program Files\Dell AIO Printer 948\memcard.exe [2007-09-18 410280]

"Dell AIO Printer 948 Fax Server"=C:\Program Files\Dell AIO Printer 948\fm3032.exe [2007-09-20 312560]

"Corel Photo Downloader"=C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [2007-03-21 478800]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

"WinButler"=C:\Documents and Settings\Sylvain\Application Data\WinButler\WinButler.exe []

"german.exe"=C:\WINDOWS\system32\wintems.exe []

"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe []

"Chicdead"=C:\DOCUME~1\Sylvain\APPLIC~1\DUPEOB~1\jump list.exe []

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

Mixer.exe /startup []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\System32\CTFMON.EXE [2004-08-19 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlbxmon.exe]

C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

DynDNS Updater.lnk - C:\Program Files\DynDNS Updater\DynUpPs.exe

Serveur UltraVNC (2).lnk - C:\Program Files\UltraVNC\winvnc.exe

WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

Ati2evxx.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-10-07 886984]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

"NoDispCPL"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoStartMenuMorePrograms"=0

"StartMenuLogOff"=0

"NoToolbarCustomize"=0

"NoSetFolders"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"D:\eChanblard\emule.exe"="D:\eChanblard\emule.exe:*:Disabled:eChanblard"

"%windir%\explorer.exe"="%windir%\explorer.exe:*:Enabled:Windows Explorer"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Dell AIO Printer 948\dldfmon.exe"="C:\Program Files\Dell AIO Printer 948\dldfmon.exe:*:Enabled:Printer Device Monitor"

"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfpswx.exe:*:Enabled:Printer Status Window Interface"

"C:\Program Files\Dell AIO Printer 948\dldfaiox.exe"="C:\Program Files\Dell AIO Printer 948\dldfaiox.exe:*:Enabled:AIOC exe"

"C:\Program Files\Dell AIO Printer 948\dldfafcn.exe"="C:\Program Files\Dell AIO Printer 948\dldfafcn.exe:*:Enabled: "

"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfjswx.exe:*:Enabled:Job Status Window Interface"

"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldftime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldftime.exe:*:Enabled:Time Executable"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\Dell AIO Printer 948\Wireless\dldfwpss.exe"="C:\Program Files\Dell AIO Printer 948\Wireless\dldfwpss.exe:*:Enabled: "

"C:\WINDOWS\system32\dldfcfg.exe"="C:\WINDOWS\system32\dldfcfg.exe:*:Enabled:Printer Communication System"

"C:\WINDOWS\system32\dldfih.exe"="C:\WINDOWS\system32\dldfih.exe:*:Enabled:Printer Communication System"

"C:\Program Files\Dell AIO Printer 948\DLDFFax.exe"="C:\Program Files\Dell AIO Printer 948\DLDFFax.exe:*:Enabled:Fax Solutions Software"

"C:\WINDOWS\system32\dldfcoms.exe"="C:\WINDOWS\system32\dldfcoms.exe:*:Enabled:Dell Communications System"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ed971c8-78b0-11dd-9939-0008d328a685}]

shell\AutoRun\command - rthrw.com

shell\explore\command - rthrw.com

shell\open\command - rthrw.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{700d6dfc-4cd5-11dd-98be-0008d328a685}]

shell\AutoRun\command - rthrw.com

shell\explore\command - rthrw.com

shell\open\command - rthrw.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87f7a3ee-51b8-11dd-98ca-0008d328a685}]

shell\AutoRun\command - H:\nideiect.com

shell\explore\command - H:\nideiect.com

shell\open\command - H:\nideiect.com

 

 

======List of files/folders created in the last 1 months======

 

2009-01-10 16:19:46 ----D---- C:\rsit

2009-01-09 22:59:43 ----D---- C:\Program Files\CCleaner

2009-01-09 16:09:47 ----D---- C:\Documents and Settings\Sylvain\Application Data\Corel

2009-01-05 20:12:08 ----A---- C:\WINDOWS\system32\nslF8.dll

2009-01-03 11:04:40 ----D---- C:\Documents and Settings\Sylvain\Application Data\.wyzo

2009-01-02 12:20:20 ----A---- C:\WINDOWS\clofghls.dll

2009-01-01 19:20:18 ----D---- C:\Program Files\PartyGaming

2008-12-30 14:24:33 ----D---- C:\Program Files\DynDNS Updater

2008-12-30 14:24:33 ----D---- C:\Documents and Settings\All Users\Application Data\DynDNS

2008-12-30 13:05:53 ----A---- C:\WINDOWS\system32\vnchelp.dll

2008-12-30 13:05:53 ----A---- C:\WINDOWS\system32\vncdrv.dll

2008-12-30 13:05:52 ----D---- C:\Program Files\UltraVNC

2008-12-29 17:13:38 ----D---- C:\WINDOWS\system32\Adobe

2008-12-29 09:39:02 ----D---- C:\Program Files\Bobble Puzzle

2008-12-18 15:58:38 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$

2008-12-16 18:10:42 ----A---- C:\WINDOWS\iun6002ev.exe

2008-12-16 18:10:27 ----D---- C:\Program Files\Bejeweled 2 Deluxe

2008-12-16 10:33:10 ----D---- C:\Documents and Settings\Sylvain\Application Data\948 Series

2008-12-16 10:02:10 ----D---- C:\logs

2008-12-16 10:01:46 ----A---- C:\WINDOWS\system32\dldfvs.dll

2008-12-16 10:01:41 ----A---- C:\WINDOWS\system32\dldfcoin.dll

2008-12-16 10:01:12 ----A---- C:\WINDOWS\system32\dldfdrs.dll

2008-12-16 10:01:12 ----A---- C:\WINDOWS\system32\dldfcaps.dll

2008-12-16 10:01:11 ----A---- C:\WINDOWS\system32\dldfcnv4.dll

2008-12-16 09:59:56 ----D---- C:\Documents and Settings\All Users\Application Data\Corel

2008-12-16 09:58:43 ----D---- C:\Program Files\Fichiers communs\Corel

2008-12-16 09:58:43 ----D---- C:\Program Files\Corel

2008-12-16 09:58:40 ----A---- C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe

2008-12-16 09:56:58 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint

2008-12-16 09:56:08 ----A---- C:\WINDOWS\system32\IMHOST32.DLL

2008-12-16 09:56:08 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL

2008-12-16 09:56:08 ----A---- C:\WINDOWS\system32\DLDFPMRC.DLL

2008-12-16 09:56:08 ----A---- C:\WINDOWS\system32\DLDFPMON.DLL

2008-12-16 09:56:08 ----A---- C:\WINDOWS\system32\dldfoem.dll

2008-12-16 09:56:08 ----A---- C:\WINDOWS\system32\DLDFFXPU.DLL

2008-12-16 09:55:12 ----D---- C:\Documents and Settings\All Users\Application Data\948 Series

2008-12-16 09:53:48 ----D---- C:\Program Files\Dell AIO Printer 948

2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfutil.dll

2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfusb1.dll

2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfserv.dll

2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfprox.dll

2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfpmui.dll

2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldflmpm.dll

2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfjswr.dll

2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfinst.dll

2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfinsr.dll

2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfinsb.dll

2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfinpa.dll

2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfiesc.dll

2008-12-16 09:53:35 ----A---- C:\WINDOWS\system32\dldfhcp.dll

2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfins.dll

2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfih.exe

2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfhbn3.dll

2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfgrd.dll

2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfgf.dll

2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfcur.dll

2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfcub.dll

2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfcu.dll

2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfcoms.exe

2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfcomm.dll

2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfcomc.dll

2008-12-16 09:53:34 ----A---- C:\WINDOWS\system32\dldfcfg.exe

2008-12-16 09:53:33 ----A---- C:\WINDOWS\system32\dldfcfg.dll

2008-12-14 15:30:46 ----A---- C:\WINDOWS\system32\gsnlxqnzxzllim.dll-uninst.exe

2008-12-14 15:30:37 ----D---- C:\Program Files\Milehighads Games Collection

2008-12-14 15:30:30 ----A---- C:\WINDOWS\system32\cont_milehighads-remove.exe

2008-12-14 15:30:14 ----A---- C:\WINDOWS\system32\jljkmnecepcn.exe

2008-12-14 09:56:31 ----D---- C:\Program Files\WMV9_VCM

2008-12-14 09:51:36 ----A---- C:\WINDOWS\system32\wmv9vcm.dll

2008-12-13 21:02:45 ----D---- C:\Documents and Settings\Sylvain\Application Data\Apple Computer

2008-12-13 20:59:48 ----D---- C:\Program Files\Fichiers communs\Apple

2008-12-13 20:59:38 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-12-13 20:58:57 ----D---- C:\Program Files\Apple Software Update

2008-12-13 20:58:57 ----D---- C:\Documents and Settings\All Users\Application Data\Apple

2008-12-13 17:41:32 ----A---- C:\WINDOWS\IMSI_EZN.INI

2008-12-13 17:41:32 ----A---- C:\WINDOWS\IMSI_EZ.INI

2008-12-13 17:40:20 ----A---- C:\WINDOWS\QTW.INI

2008-12-13 17:40:17 ----RA---- C:\WINDOWS\VIEWER.EXE

2008-12-13 17:40:17 ----RA---- C:\WINDOWS\VIEWENU.DLL

2008-12-13 17:40:17 ----RA---- C:\WINDOWS\README.EXE

2008-12-13 17:40:17 ----RA---- C:\WINDOWS\PLAYER.EXE

2008-12-13 17:40:17 ----RA---- C:\WINDOWS\PLAYENU.DLL

2008-12-13 17:39:29 ----D---- C:\IMSI

2008-12-13 16:43:15 ----D---- C:\Program Files\Microsoft Games

2008-12-13 16:35:05 ----D---- C:\Westwood

2008-12-13 16:26:28 ----D---- C:\CFLEET98

2008-12-13 16:18:00 ----D---- C:\Program Files\Serif

2008-12-13 16:17:26 ----D---- C:\WINDOWS\Profiles

2008-12-13 16:17:20 ----A---- C:\WINDOWS\system32\ltkrn80n.dll

2008-12-13 16:17:19 ----A---- C:\WINDOWS\system32\ltkrn11n.dll

2008-12-13 16:17:19 ----A---- C:\WINDOWS\system32\ltimg11n.dll

2008-12-13 16:17:19 ----A---- C:\WINDOWS\system32\ltfil11n.DLL

2008-12-13 16:17:19 ----A---- C:\WINDOWS\system32\lfwpg11n.dll

2008-12-13 16:17:19 ----A---- C:\WINDOWS\system32\lfwmf11n.dll

2008-12-13 16:17:19 ----A---- C:\WINDOWS\system32\lftif11n.dll

2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\LTDIS11n.dll

2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\lfpsd11n.dll

2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\Lfpng11n.dll

2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\lfpcx11n.dll

2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\lfpcd11n.dll

2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\lfgif11n.dll

2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\lffax11n.dll

2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\lfeps11n.dll

2008-12-13 16:17:18 ----A---- C:\WINDOWS\system32\lfbmp11n.dll

2008-12-13 16:17:17 ----A---- C:\WINDOWS\system32\LFCMP11n.DLL

2008-12-13 16:17:04 ----A---- C:\WINDOWS\system32\MFCUIA32.DLL

2008-12-13 16:17:04 ----A---- C:\WINDOWS\system32\MFCANS32.DLL

2008-12-13 16:17:04 ----A---- C:\WINDOWS\system32\ImageServerMI.dll

2008-12-13 16:14:39 ----D---- C:\Program Files\Broderbund

2008-12-13 16:03:11 ----A---- C:\WINDOWS\PROTOCOL.INI

2008-12-13 15:58:37 ----A---- C:\WINDOWS\system32\IR41_32.DLL

2008-12-13 15:57:39 ----D---- C:\WINDOWS\UbiSoft

2008-12-13 15:42:23 ----D---- C:\~WING.TMP

2008-12-13 15:42:20 ----D---- C:\COKTEL

2008-12-13 10:02:24 ----D---- C:\WINDOWS\Sun

2008-12-11 23:28:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-11 23:28:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-11 23:28:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$

2008-12-11 23:24:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-11 23:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2008-12-11 09:34:49 ----D---- C:\Program Files\VirginMega

2008-12-11 09:13:11 ----N---- C:\WINDOWS\system32\spmsg.dll

2008-12-11 09:12:48 ----A---- C:\WINDOWS\system32\wmpns.dll

 

======List of files/folders modified in the last 1 months======

 

2009-01-10 16:20:28 ----D---- C:\WINDOWS\Prefetch

2009-01-10 16:17:38 ----D---- C:\WINDOWS\system32\CatRoot2

2009-01-10 16:17:34 ----D---- C:\Documents and Settings\Sylvain\Application Data\OnlineArmor

2009-01-10 16:17:26 ----D---- C:\WINDOWS\temp

2009-01-10 16:16:13 ----D---- C:\WINDOWS\system32

2009-01-10 16:16:10 ----HD---- C:\WINDOWS\system32\drivers

2009-01-10 16:15:35 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-01-10 16:11:51 ----RD---- C:\Program Files

2009-01-10 14:55:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-01-10 09:29:11 ----D---- C:\WINDOWS

2009-01-09 23:52:53 ----D---- C:\WINDOWS\Minidump

2009-01-09 23:52:53 ----D---- C:\WINDOWS\Debug

2009-01-09 22:48:14 ----D---- C:\Program Files\Mozilla Firefox

2009-01-09 20:36:51 ----HD---- C:\WINDOWS\inf

2009-01-09 18:33:52 ----A---- C:\WINDOWS\NeroDigital.ini

2009-01-09 17:15:33 ----A---- C:\log_lobby_dumper.txt

2009-01-09 17:15:33 ----A---- C:\log_lobby.txt

2009-01-09 17:15:23 ----D---- C:\Program Files\Everest Poker

2009-01-09 16:00:59 ----SHD---- C:\WINDOWS\Installer

2009-01-09 16:00:59 ----SHD---- C:\Config.Msi

2009-01-08 22:27:44 ----D---- C:\Program Files\BitTorrent Fastest Tool

2009-01-08 20:25:21 ----D---- C:\Documents and Settings\Sylvain\Application Data\LimeWire

2009-01-07 09:25:41 ----D---- C:\WINDOWS\SoftwareDistribution

2009-01-03 12:05:40 ----A---- C:\WINDOWS\win.ini

2009-01-02 11:58:42 ----D---- C:\Temp

2008-12-31 14:24:29 ----A---- C:\WINDOWS\mafosav.INI

2008-12-29 17:13:48 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-12-21 18:09:48 ----A---- C:\WINDOWS\NAVIGMA.INI

2008-12-20 12:37:01 ----D---- C:\Documents and Settings\Sylvain\Application Data\AdobeUM

2008-12-18 17:51:37 ----D---- C:\Program Files\Astonsoft

2008-12-18 15:58:43 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-18 15:58:03 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-17 19:28:13 ----D---- C:\Program Files\LimeWire

2008-12-16 17:45:30 ----D---- C:\Program Files\Jewel Quest

2008-12-16 10:02:58 ----D---- C:\WINDOWS\system32\CatRoot

2008-12-16 09:58:43 ----D---- C:\Program Files\Fichiers communs

2008-12-15 18:35:15 ----D---- C:\Program Files\Dl_cats

2008-12-15 18:35:15 ----A---- C:\WINDOWS\dellstat.ini

2008-12-13 21:00:07 ----D---- C:\Program Files\QuickTime

2008-12-13 20:59:17 ----SD---- C:\WINDOWS\Tasks

2008-12-13 20:31:25 ----A---- C:\WINDOWS\wininit.ini

2008-12-13 17:40:20 ----A---- C:\WINDOWS\SYSTEM.INI

2008-12-13 17:40:17 ----D---- C:\WINDOWS\system

2008-12-13 17:13:15 ----A---- C:\WINDOWS\GLFHELP.INI

2008-12-13 15:58:37 ----A---- C:\WINDOWS\system32\IR32_32.DLL

2008-12-13 15:41:01 ----RSD---- C:\WINDOWS\Fonts

2008-12-13 10:04:53 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-12-12 18:35:12 ----A---- C:\WINDOWS\system32\mshtml.dll

2008-12-11 23:28:23 ----D---- C:\Program Files\Internet Explorer

2008-12-11 09:15:34 ----D---- C:\Program Files\Windows Media Player

2008-12-11 09:12:23 ----D---- C:\WINDOWS\Help

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-19 41600]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-01-07 75072]

R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []

R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []

R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []

R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2005-11-04 55168]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-02-24 20747]

R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]

R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2005-11-10 88800]

R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-02-24 679424]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 cmpci;Gamesurround Muse Lt; C:\WINDOWS\system32\drivers\cmaudio.sys [2001-12-11 357070]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-28 9600]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288]

R3 NVENET;NVIDIA nForce MCP Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896]

R3 RT61;802.11g Wireless Driver RT61; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-03-09 366080]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]

R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]

S3 catchme;catchme; \??\C:\CF\catchme.sys []

S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-03-25 223128]

S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys []

S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []

S3 nvax;Service for NVIDIA® nForce Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2003-04-08 29696]

S3 nvnforce;Service for NVIDIA® nForce Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2003-04-08 282880]

S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

R2 dldf_device;dldf_device; C:\WINDOWS\system32\dldfcoms.exe [2007-06-26 598664]

R2 Hinsrv;Hinsrv Service; C:\WINDOWS\system32\hinsrv.exe [2005-02-05 81920]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-04 152984]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\oacat.exe [2008-10-07 1402568]

R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]

R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Fichiers communs\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2005-11-10 204512]

R2 SG_Service;SoftGuard Service; C:\Program Files\Fichiers communs\RbtProt\sgsrv.exe [2005-04-25 155648]

R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008-10-07 3314688]

R3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S2 dldfCATSCustConnectService;dldfCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe [2007-06-26 98952]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 dlbx_device;dlbx_device; C:\WINDOWS\system32\dlbxcoms.exe -service []

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-02-24 397312]

S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-02-24 516096]

 

-----------------EOF-----------------

 

 

 

et le fichier info de rsit :

 

info.txt logfile of random's system information tool 1.05 2009-01-10 16:20:40

 

======Uninstall list======

 

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}

Abracadabra-->C:\Program Files\phelios\Abracadabra\Uninstal.exe

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}

Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->D:\WinRAR\uninstall.exe

ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE

Avira RootKit Detection-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FD25FCD-6F39-4686-AFBB-7056EBAE5E68}\setup.exe" -l0x9

Bejeweled 2 Deluxe-->C:\WINDOWS\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini"

Bobble Puzzle 0.90-->"C:\Program Files\Bobble Puzzle\unins000.exe"

BufferZone-->MsiExec.exe /X{793CFFC9-A72F-431D-9C74-2E9361E67D04}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"

Code Postal 1.2-->"C:\Program Files\Code Postal\unins000.exe"

Come2PlayK2P Toolbar-->C:\PROGRA~1\COME2P~1\UNWISE.EXE C:\PROGRA~1\COME2P~1\INSTALL.LOG

Contextual Tool Milehighads-->C:\WINDOWS\system32\cont_milehighads-remove.exe

Corel Snapfire Plus-->MsiExec.exe /X{7ADE3A47-B425-45E9-8FF6-11BE2B775645}

Dell AIO Printer 948-->C:\Program Files\Dell AIO Printer 948\Install\x86\Uninst.exe

DynDNS Updater-->C:\Program Files\DynDNS Updater\Uninstall.exe {6F6453D5-4741-478A-B481-9671884603AF}

Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar.dll"

HijackThis 2.0.2-->"C:\Utilitaire securite\HijackThis.exe" /uninstall

Image Transfer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL

ImageMixer for Sony-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"

Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}

Jasc Paint Shop Pro 8-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Jewel Quest (remove only)-->"C:\Program Files\Jewel Quest\Uninstall.exe"

Jewel Quest-->"C:\Program Files\Jewel Quest\unins000.exe"

LcCp-->c:\lccp\Uninstal.exe

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"

LuckyTender 1.3.0-->C:\Program Files\LuckyTender\uninst.exe

Luxor 3-->C:\PROGRA~1\GAMEHO~1\LUXOR3~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\LUXOR3~1\INSTALL.LOG

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Mario Forever 4.0-->C:\Program Files\Mario Forever\uninst.exe

Maxi Puzzles-->"D:\Maxi Puzzles\unins000.exe"

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Golf 3.0-->C:\Program Files\Microsoft Games\Golf 3.0\setup\setup.exe

Microsoft Motocross Madness-->"C:\Program Files\Microsoft Games\Motocross Madness\Uninstal.exe" /runtemp

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall

MicroStaff WINASPI-->C:\MWASPI\uninst.exe

Milehighads Games Collection-->C:\Program Files\Milehighads Games Collection\uninstall.exe

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Mozilla Firefox (2.0.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Multi Virus Cleaner 2008-->"C:\Program Files\AxBx\Multi Virus Cleaner 2008\unins000.exe"

Multi_Media Toolbar-->C:\PROGRA~1\MULTI_~1\UNWISE.EXE C:\PROGRA~1\MULTI_~1\INSTALL.LOG

Multi_Media_France Toolbar-->C:\PROGRA~1\MULTI_~1\UNWISE.EXE C:\PROGRA~1\MULTI_~1\INSTALL.LOG

MyHeritage Family Tree Builder-->C:\Program Files\MyHeritage\Bin\Uninstall.exe

Nero 7 Premium-->MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1036}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NVIDIA Audio Driver-->C:\WINDOWS\system32\nvuAudio.exe Uninstall C:\WINDOWS\system32\NvAudio.nvu,NVIDIA Audio Driver

Online Armor 3.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"

PCI Audio Driver-->cmuninst.exe

Pilotes NVIDIA nForce pour Windows 2000/XP-->rundll32.exe C:\WINDOWS\system32\NVNFINST.DLL,NvUninstallCrush

PrintMaster® Classic-->C:\WINDOWS\UNIN040C.EXE -f"C:\PROGRA~1\BRODER~1\PRINTM~1\DeIsL1.isu" -c"C:\PROGRA~1\BRODER~1\PRINTM~1\psfinst.dll"

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

Radar Sync Bar-->C:\PROGRA~1\RADARS~1\UNWISE.EXE C:\PROGRA~1\RADARS~1\INSTALL.LOG

RON Tool Milehighads-->C:\WINDOWS\system32\jljkmnecepcn.exe

Search Assistant Mysidesearch-->C:\WINDOWS\system32\gsnlxqnzxzllim.dll-uninst.exe

Secured eMule Toolbar-->C:\PROGRA~1\SECURE~2\UNWISE.EXE C:\PROGRA~1\SECURE~2\INSTALL.LOG

Secured eMule-->C:\PROGRA~1\SECURE~1\UNWISE.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}

Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}

Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}

Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}

Sentinel Protection Installer 7.2.1-->MsiExec.exe /I{97407E09-4EA8-49F0-A513-2C1776A6DEC0}

Serif DrawPlus 3.0-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Serif\dp30\DrawPlus_uninst.isu"

Share Accelerator-->regsvr32 /u /s "C:\Program Files\IEToolbar\Share Accelerator\ShareAcceleratorToolbar12_11_08.dll"

Sony USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL

Timbres de France-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0251056F-ABC7-4CA4-9B8C-16814EDCD907}\Setup.exe" -l0x40c

UltraVNC v1.0.2 Fr-->"C:\Program Files\UltraVNC\unins000.exe"

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}

Vb Progress-Bar ActiveX-->C:\WINDOWS\system32\uninst.exe

VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}

VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe

VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}

VIRTUA SQUAD 2-->C:\WINDOWS\Vc2Uinst.EXE C:\WINDOWS\VCOP2.INI

WiFi Station-->C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\Setup.exe -runfromtemp -l0x040c -removeonly

Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}

Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe

WPOSTAL-->C:\WPOSTAL\Uninstal.exe

 

======Security center information======

 

AV: Avira AntiVir PersonalEdition

FW: Pare-feu Online Armor

 

System event log

 

Computer Name: KIEFFER

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free.

 

Record Number: 32686

Source Name: EventLog

Time Written: 20081213175840.000000+060

Event Type: Informations

User:

 

Computer Name: KIEFFER

Event Code: 6006

Message: Le service d'Enregistrement d'événement a été arrêté.

 

Record Number: 32685

Source Name: EventLog

Time Written: 20081213175725.000000+060

Event Type: Informations

User:

 

Computer Name: KIEFFER

Event Code: 7036

Message: Le service Online Armor est entré dans l'état : en cours d'exécution.

 

Record Number: 32684

Source Name: Service Control Manager

Time Written: 20081213175601.000000+060

Event Type: Informations

User:

 

Computer Name: KIEFFER

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Online Armor.

 

Record Number: 32683

Source Name: Service Control Manager

Time Written: 20081213175537.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: KIEFFER

Event Code: 7034

Message: Le service Online Armor s'est terminé de façon inattendue pour la 1ème fois.

 

Record Number: 32682

Source Name: Service Control Manager

Time Written: 20081213175535.000000+060

Event Type: erreur

User:

 

Application event log

 

Computer Name: KIEFFER

Event Code: 4

Message:

Record Number: 5141

Source Name: SentinelProtectionServer

Time Written: 20090110092844.000000+060

Event Type: Informations

User:

 

Computer Name: KIEFFER

Event Code: 1516

Message: Windows a déchargé le Registre utilisateur KIEFFER\Mireille lorsqu'il a reçu une notification qu'aucune application ou aucun service n'utilisait le profil.

 

Record Number: 5140

Source Name: Userenv

Time Written: 20090110002118.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: KIEFFER

Event Code: 1517

Message: Windows a sauvegardé le Registre utilisateur KIEFFER\Mireille alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.

 

 

Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.

 

Record Number: 5139

Source Name: Userenv

Time Written: 20090110002115.000000+060

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: KIEFFER

Event Code: 3

Message:

10/1/2009 0:20 Client 81.56.240.252 disconnected

 

 

Record Number: 5138

Source Name: UltraVnc

Time Written: 20090110002055.000000+060

Event Type: Informations

User:

 

Computer Name: KIEFFER

Event Code: 2001

Message: Rejected Safe Mode action : Microsoft Office Outlook.

 

Record Number: 5137

Source Name: Microsoft Office 12

Time Written: 20090109234031.000000+060

Event Type: erreur

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=0801

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

 

-----------------EOF-----------------

Lien vers le commentaire
Partager sur d’autres sites

salut :P

 

Désolé pour l'attente!

 

La suite car il reste des choses à supprimer!

 

1°) information.pngAttention!! Le programme que je vais te demander de télécharger entrent en conflit avec Antivir: pour pouvoir le télécharger et l'utiliser, il faut que tu désactives le bouclier d'Antivir. Fais un clic droit sur l'icône d'Antivir dans la barre des tâches et décoche Antivir Guard enable information.png

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

 

2°) Télécharge ComboFix

  • Assure toi que tous les programmes sont fermés avant de lancer le fix!
  • Fait un double clique sur combofix.exe.
  • Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
  • Si le rapport est trop long, poste le en deux fois.
  • Si tu ne vois pas le rapport, tu le trouveras ici > C:\ComboFix.txt

Note: Si au démarrage Antivir détecte une menace, désactive le encore une fois afin de laisser ComboFix terminer son travail!. D'une manière générale, si Antivir fait des détections, ignore les (clique sur le bouton radio ignorer) Réactive Antivir une fois le rapport de ComboFix affiché.

Modifié par Thanos
Lien vers le commentaire
Partager sur d’autres sites

Ok,

pendant le scan j'ai perdu la connexion ultravnc... j'aurai du y penser lol

 

Bon voila donc le rapport combofix :

 

ComboFix 09-01-10.03 - Sylvain 2009-01-11 14:17:22.7 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.627 [GMT 1:00]

Lancé depuis: d:\sécurité\ComboFix.exe

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\All Users\Menu Démarrer\Programmes\VirusRemover2008

c:\documents and settings\All Users\Menu Démarrer\Programmes\VirusRemover2008\VirusRemover2008.lnk

c:\documents and settings\Sylvain\Menu Démarrer\Programmes\PlayMP3z

c:\documents and settings\Sylvain\Menu Démarrer\Programmes\PlayMP3z\Run PlayMP3z.lnk

c:\windows\clofghls.dll

c:\windows\system32\g4.exe

c:\windows\system32\mfcans32.DLL

c:\windows\system32\mfcuia32.dll

c:\windows\system32\msexcl35.dll

c:\windows\system32\msltus35.dll

c:\windows\system32\mspdox35.dll

c:\windows\system32\mstext35.dll

c:\windows\system32\msxbse35.dll

 

----- BITS: Il y a peut-être des sites infectés -----

 

hxxp://premium.virginmega.fr

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))

.

 

2009-01-10 16:19 . 2009-01-10 16:20 <REP> d-------- C:\rsit

2009-01-09 22:59 . 2009-01-09 22:59 <REP> d-------- c:\program files\CCleaner

2009-01-09 16:09 . 2009-01-09 16:10 <REP> d-------- c:\documents and settings\Sylvain\Application Data\Corel

2009-01-05 20:12 . 2009-01-05 20:12 684,544 --a------ c:\windows\system32\nslF8.dll

2009-01-03 11:04 . 2009-01-03 11:04 <REP> d-------- c:\documents and settings\Sylvain\Application Data\.wyzo

2009-01-01 19:20 . 2009-01-01 19:23 <REP> d-------- c:\program files\PartyGaming

2008-12-30 14:24 . 2008-12-30 14:24 <REP> d-------- c:\program files\DynDNS Updater

2008-12-30 14:24 . 2008-12-30 14:24 <REP> d-------- c:\documents and settings\All Users\Application Data\DynDNS

2008-12-30 13:06 . 2004-06-26 15:22 6,016 --a------ c:\windows\system32\drivers\vnccom.SYS

2008-12-30 13:06 . 2008-12-30 13:06 28 --a------ c:\windows\system32\'

2008-12-30 13:05 . 2008-12-30 13:21 <REP> d-------- c:\program files\UltraVNC

2008-12-30 13:05 . 2005-06-11 00:02 12,800 --a------ c:\windows\system32\vncdrv.dll

2008-12-30 13:05 . 2004-06-26 15:21 5,760 --a------ c:\windows\system32\vnchelp.dll

2008-12-30 13:05 . 2004-06-26 15:22 4,736 --a------ c:\windows\system32\drivers\vncdrv.sys

2008-12-29 17:13 . 2008-12-29 17:14 <REP> d-------- c:\windows\system32\Adobe

2008-12-29 12:53 . 2008-12-29 12:53 1,440,054 --a------ C:\screenshot.bmp

2008-12-29 09:39 . 2008-12-29 16:54 <REP> d-------- c:\program files\Bobble Puzzle

2008-12-17 15:31 . 2009-01-09 15:27 <REP> d-------- c:\documents and settings\Mireille\Application Data\948 Series

2008-12-16 18:10 . 2008-12-21 13:22 <REP> d-------- c:\program files\Bejeweled 2 Deluxe

2008-12-16 18:10 . 2008-12-16 18:10 720,896 --a------ c:\windows\iun6002ev.exe

2008-12-16 10:33 . 2008-12-16 10:33 <REP> d-------- c:\documents and settings\Sylvain\Application Data\948 Series

2008-12-16 10:21 . 2009-01-09 18:53 3,140 --ahs---- c:\windows\system32\KGyGaAvL.sys

2008-12-16 10:21 . 2009-01-09 18:53 88 -r-hs---- c:\windows\system32\CA9C025042.sys

2008-12-16 10:20 . 2009-01-09 18:53 <REP> d-------- c:\documents and settings\Mireille\Application Data\Corel

2008-12-16 10:03 . 2009-01-10 12:40 <REP> d-------- c:\documents and settings\All Users\Dl_cats

2008-12-16 10:02 . 2008-12-16 10:02 <REP> d-------- C:\logs

2008-12-16 10:01 . 2007-05-08 19:48 692,224 --a------ c:\windows\system32\dldfdrs.dll

2008-12-16 10:01 . 2007-05-03 20:50 348,160 --a------ c:\windows\system32\dldfcoin.dll

2008-12-16 10:01 . 2007-03-12 23:17 69,632 --a------ c:\windows\system32\dldfcnv4.dll

2008-12-16 10:01 . 2007-05-22 15:17 65,536 --a------ c:\windows\system32\dldfcaps.dll

2008-12-16 10:01 . 2006-08-01 06:53 40,960 --a------ c:\windows\system32\dldfvs.dll

2008-12-16 09:59 . 2008-12-16 10:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Corel

2008-12-16 09:58 . 2008-12-16 09:58 <REP> d-------- c:\program files\Fichiers communs\Corel

2008-12-16 09:58 . 2008-12-16 09:58 <REP> d-------- c:\program files\Corel

2008-12-16 09:58 . 2008-12-16 09:58 1,373,776 --a------ c:\documents and settings\All Users\Application Data\pswi_preloaded.exe

2008-12-16 09:56 . 2008-12-16 09:58 <REP> d-------- c:\program files\Abbyy FineReader 6.0 Sprint

2008-12-16 09:56 . 2007-04-10 19:23 339,968 --a------ c:\windows\system32\IMGMAN32.DLL

2008-12-16 09:56 . 2007-04-10 19:23 98,345 --a------ c:\windows\system32\IMHOST32.DLL

2008-12-16 09:56 . 2007-04-10 19:23 98,304 --a------ c:\windows\system32\IM31XPNG.DEL

2008-12-16 09:56 . 2007-04-10 19:23 69,632 --a------ c:\windows\system32\IM31XTIF.DEL

2008-12-16 09:56 . 2007-04-10 19:23 49,152 --a------ c:\windows\system32\IM31IMG.DIL

2008-12-16 09:56 . 2007-05-04 07:23 49,152 --a------ c:\windows\system32\dldfoem.dll

2008-12-16 09:56 . 2007-09-17 15:19 45,056 --a------ c:\windows\system32\DLDFPMON.DLL

2008-12-16 09:56 . 2007-09-17 15:19 32,768 --a------ c:\windows\system32\DLDFFXPU.DLL

2008-12-16 09:56 . 2007-09-17 15:21 12,288 --a------ c:\windows\system32\DLDFPMRC.DLL

2008-12-16 09:55 . 2008-12-16 09:55 <REP> d-------- c:\documents and settings\All Users\Application Data\948 Series

2008-12-16 09:53 . 2009-01-10 09:28 <REP> d-------- c:\program files\Dell AIO Printer 948

2008-12-14 15:30 . 2008-12-29 00:47 <REP> d-------- c:\program files\Milehighads Games Collection

2008-12-14 15:30 . 2009-01-06 16:52 85,239 --a------ c:\windows\system32\cont_milehighads-remove.exe

2008-12-14 15:30 . 2008-12-29 17:20 68,513 --a------ c:\windows\system32\gsnlxqnzxzllim.dll-uninst.exe

2008-12-14 15:30 . 2008-12-29 17:19 47,576 --a------ c:\windows\system32\jljkmnecepcn.exe

2008-12-14 09:56 . 2008-12-14 09:57 <REP> d-------- c:\program files\WMV9_VCM

2008-12-14 09:51 . 2003-06-23 02:44 1,415,680 --a------ c:\windows\system32\wmv9vcm.dll

2008-12-14 09:51 . 2003-08-29 00:55 423,424 --a------ c:\windows\system32\WMAVDS32.ax

2008-12-14 09:51 . 2001-03-26 03:41 245,760 --a------ c:\windows\system32\mp4sds32.ax

2008-12-13 21:02 . 2008-12-13 21:02 <REP> d-------- c:\documents and settings\Sylvain\Application Data\Apple Computer

2008-12-13 20:59 . 2008-12-13 20:59 <REP> d-------- c:\program files\Fichiers communs\Apple

2008-12-13 20:59 . 2008-12-13 20:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer

2008-12-13 20:58 . 2008-12-13 20:58 <REP> d-------- c:\program files\Apple Software Update

2008-12-13 20:58 . 2008-12-13 20:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple

2008-12-13 20:28 . 1995-06-16 02:03 51,797 --a------ c:\windows\CGMINIVW.HLP

2008-12-13 17:41 . 2008-12-13 17:49 138 --a------ c:\windows\IMSI_EZ.INI

2008-12-13 17:41 . 2008-12-13 17:41 3 --a------ c:\windows\IMSI_EZN.INI

2008-12-13 17:39 . 2008-12-13 17:39 <REP> d-------- C:\IMSI

2008-12-13 16:49 . 1997-07-19 17:00 129,808 --------- c:\windows\system32\comdlg32.ocx

2008-12-13 16:48 . 1997-07-19 17:00 155,920 --------- c:\windows\system32\comct232.ocx

2008-12-13 16:43 . 2008-12-13 17:03 <REP> d-------- c:\program files\Microsoft Games

2008-12-13 16:35 . 2008-12-13 16:36 <REP> d-------- C:\Westwood

2008-12-13 16:26 . 2008-12-13 16:30 <REP> d-------- C:\CFLEET98

2008-12-13 16:23 . 1998-09-02 14:31 28,362 --a------ c:\windows\INSTALL.DAT

2008-12-13 16:18 . 2008-12-13 16:18 <REP> d-------- c:\program files\Serif

2008-12-13 16:14 . 2008-12-13 16:19 <REP> d-------- c:\program files\Broderbund

2008-12-13 16:03 . 2008-12-13 16:03 0 --a------ c:\windows\PROTOCOL.INI

2008-12-13 15:58 . 2008-12-13 15:58 744,960 --a------ c:\windows\system32\IR41_32.DLL

2008-12-13 15:57 . 2008-12-13 15:58 <REP> d-------- c:\windows\UbiSoft

2008-12-13 15:42 . 2008-12-13 15:42 <REP> d-------- C:\COKTEL

2008-12-13 15:42 . 2008-12-13 15:42 <REP> d-------- C:\~WING.TMP

2008-12-13 15:41 . 2008-12-13 15:41 7 --a------ C:\WMDO.CFG

2008-12-13 10:02 . 2008-12-13 10:02 <REP> d-------- c:\windows\Sun

2008-12-11 09:34 . 2008-12-11 09:34 <REP> d-------- c:\program files\VirginMega

2008-12-11 09:12 . 2004-08-19 16:09 221,184 --a------ c:\windows\system32\wmpns.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-11 10:08 --------- d-----w c:\program files\Everest Poker

2009-01-11 10:02 --------- d-----w c:\documents and settings\All Users\Application Data\4D

2009-01-11 08:38 --------- d-----w c:\documents and settings\Sylvain\Application Data\OnlineArmor

2009-01-11 08:22 --------- d-----w c:\documents and settings\Mireille\Application Data\OnlineArmor

2009-01-10 13:55 --------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-01-08 21:27 --------- d-----w c:\program files\BitTorrent Fastest Tool

2009-01-08 19:25 --------- d-----w c:\documents and settings\Sylvain\Application Data\LimeWire

2009-01-04 17:38 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-04 17:38 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2008-12-20 11:37 --------- d-----w c:\documents and settings\Sylvain\Application Data\AdobeUM

2008-12-18 16:51 --------- d-----w c:\program files\Astonsoft

2008-12-17 18:28 --------- d-----w c:\program files\LimeWire

2008-12-16 16:45 --------- d-----w c:\program files\Jewel Quest

2008-12-15 17:35 --------- d-----w c:\program files\Dl_cats

2008-12-13 20:00 --------- d-----w c:\program files\QuickTime

2008-12-13 14:58 199,168 ----a-w c:\windows\system32\IR32_32.DLL

2008-12-13 09:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-12-07 15:24 --------- d-----w c:\program files\VstPlugins

2008-12-07 15:23 --------- d-----w c:\program files\Image-Line

2008-12-06 08:10 --------- d-----w c:\program files\NovaLogic

2008-12-04 17:04 410,984 ----a-w c:\windows\system32\deploytk.dll

2008-12-04 17:04 --------- d-----w c:\program files\Java

2008-12-04 14:53 --------- d-----w c:\program files\Come2PlayK2P

2008-12-04 07:27 --------- d-----w c:\program files\Multi_Media_France

2008-12-02 09:16 --------- d-----w c:\documents and settings\Sylvain\Application Data\dvdcss

2008-11-27 12:38 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-27 12:38 --------- d-----w c:\program files\Fichiers communs\Sony Shared

2008-11-27 12:35 --------- d-----w c:\documents and settings\Sylvain\Application Data\Sony Corporation

2008-11-27 08:02 68,826 ----a-w c:\windows\system32\uninst.exe

2008-11-24 19:38 --------- d-----w c:\program files\SmartGenealogy_2.8c

2008-11-24 19:34 --------- d-----w c:\program files\Fichiers communs\Borland Shared

2008-11-24 18:50 --------- d-----w c:\program files\MyHeritage

2008-11-24 18:50 --------- d-----w c:\documents and settings\Sylvain\Application Data\The Complete Genealogy Reporter - FTB

2008-11-23 19:47 --------- d-----w c:\documents and settings\Sylvain\Application Data\GameHouse

2008-11-23 14:44 --------- d-----w c:\program files\Tall Emu

2008-11-23 14:44 --------- d-----w c:\documents and settings\All Users\Application Data\OnlineArmor

2008-11-23 13:36 --------- d-----w c:\program files\Avira

2008-11-23 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\Avira

2008-11-22 16:03 --------- d-----w c:\program files\AxBx

2008-11-22 15:58 --------- d-----w c:\program files\Avira GmbH

2008-11-19 09:26 --------- d-----w c:\documents and settings\Sylvain\Application Data\WinButler

2008-11-19 08:01 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-19 08:01 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-18 16:38 --------- d-----w c:\program files\Code Postal

2008-11-18 10:50 --------- d-----w c:\program files\CDex_150

2008-11-17 23:07 102,400 ----a-w c:\windows\tskerxag.exe

2008-11-17 13:30 --------- d-----w c:\program files\Codutil 59

2008-11-13 11:14 --------- d-----w c:\program files\Iminent

2008-11-12 18:36 --------- d-----w c:\documents and settings\Mireille\Application Data\AdobeUM

2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll

2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll

2008-10-16 10:38 663,552 ----a-w c:\windows\system32\wininet.dll

2008-06-11 10:11 0 ----a-w c:\program files\temp01

2009-01-02 16:31 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2009-01-02 16:31 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2009-01-02 16:31 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2009-01-05 19:12 653,824 ----a-w c:\program files\mozilla firefox\components\nsmilehighads.dll

2009-01-02 16:31 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2009-01-02 16:31 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2008-08-04 14:08 2 --shatr c:\windows\winstart.bat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{b8a5b62c-517f-42a5-85ae-29b5497fb15f}"= "c:\program files\Come2PlayK2P\tbCome.dll" [2008-08-20 1780248]

 

[HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]

2008-08-20 23:03 1780248 --a------ c:\program files\Come2PlayK2P\tbCome.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe9ee228-582f-0489-7784-9912362322ec}]

2009-01-05 20:12 684544 --a------ c:\windows\system32\nslF8.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{b8a5b62c-517f-42a5-85ae-29b5497fb15f}"= "c:\program files\Come2PlayK2P\tbCome.dll" [2008-08-20 1780248]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{B8A5B62C-517F-42A5-85AE-29B5497FB15F}"= "c:\program files\Come2PlayK2P\tbCome.dll" [2008-08-20 1780248]

 

[HKEY_CLASSES_ROOT\clsid\{b8a5b62c-517f-42a5-85ae-29b5497fb15f}]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzBufferZoneOverlay]

@="{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}"

[HKEY_CLASSES_ROOT\CLSID\{37ADBD0B-11EC-4A2C-9F93-5C3ACC7994DF}]

2007-08-06 14:20 1222576 --a------ c:\windows\system32\RlShellExt.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzConfidentialOverlay]

@="{F594B094-8768-4632-8143-12852EBBD688}"

[HKEY_CLASSES_ROOT\CLSID\{F594B094-8768-4632-8143-12852EBBD688}]

2007-08-06 14:20 1222576 --a------ c:\windows\system32\RlShellExt.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzForbiddenOverlay]

@="{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}"

[HKEY_CLASSES_ROOT\CLSID\{F1A1DA12-E651-4AD0-A1A0-6214546B2F9D}]

2007-08-06 14:20 1222576 --a------ c:\windows\system32\RlShellExt.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SxBzUnknownOverlay]

@="{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}"

[HKEY_CLASSES_ROOT\CLSID\{E4FC4B31-8A4F-45E6-BDAC-28F612371FE3}]

2007-08-06 14:20 1222576 --a------ c:\windows\system32\RlShellExt.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2008-10-07 6216192]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"dldfmon.exe"="c:\program files\Dell AIO Printer 948\dldfmon.exe" [2007-09-18 455336]

"MemoryCardManager"="c:\program files\Dell AIO Printer 948\memcard.exe" [2007-09-18 410280]

"Dell AIO Printer 948 Fax Server"="c:\program files\Dell AIO Printer 948\fm3032.exe" [2007-09-20 312560]

"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

DynDNS Updater.lnk - c:\program files\DynDNS Updater\DynUpPs.exe [2008-06-23 94208]

Serveur UltraVNC (2).lnk - c:\program files\UltraVNC\winvnc.exe [2008-12-30 364544]

WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WifiStation.exe [2008-02-24 650240]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2008-10-07 886984]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-19 16:09 15360 c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

-ra------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 15:40 155648 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

-ra------ 2001-11-15 19:08 1216512 c:\windows\mixer.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"d:\\eChanblard\\emule.exe"=

"%windir%\\explorer.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\dldfmon.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfpswx.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\dldfaiox.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\dldfafcn.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldfjswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldftime.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\Wireless\\dldfwpss.exe"=

"c:\\WINDOWS\\system32\\dldfcfg.exe"=

"c:\\WINDOWS\\system32\\dldfih.exe"=

"c:\\Program Files\\Dell AIO Printer 948\\DLDFFax.exe"=

"c:\\WINDOWS\\system32\\dldfcoms.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6662:TCP"= 6662:TCP:kieffer

"6672:UDP"= 6672:UDP:kieffer

 

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-11-23 178376]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-11-23 30920]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-11-23 28872]

R4 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]

R4 Hinsrv;Hinsrv Service;c:\windows\system32\hinsrv.exe [2008-09-01 81920]

R4 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [2008-11-23 1402568]

R4 SG_Service;SoftGuard Service;c:\program files\Fichiers communs\RbtProt\sgsrv.exe [2005-04-25 155648]

R4 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-12-30 6016]

S4 dldfCATSCustConnectService;dldfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldfserv.exe [2008-12-16 98952]

S4 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2008-11-23 3314688]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ed971c8-78b0-11dd-9939-0008d328a685}]

\Shell\AutoRun\command - rthrw.com

\Shell\explore\Command - rthrw.com

\Shell\open\Command - rthrw.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{700d6dfc-4cd5-11dd-98be-0008d328a685}]

\Shell\AutoRun\command - rthrw.com

\Shell\explore\Command - rthrw.com

\Shell\open\Command - rthrw.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87f7a3ee-51b8-11dd-98ca-0008d328a685}]

\Shell\AutoRun\command - H:\nideiect.com

\Shell\explore\Command - H:\nideiect.com

\Shell\open\Command - H:\nideiect.com

.

Contenu du dossier 'Tâches planifiées'

 

2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2009-01-03 c:\windows\Tasks\At1.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-09 c:\windows\Tasks\At10.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-11 c:\windows\Tasks\At11.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-11 c:\windows\Tasks\At12.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-11 c:\windows\Tasks\At13.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-11 c:\windows\Tasks\At14.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-11 c:\windows\Tasks\At15.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-10 c:\windows\Tasks\At16.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-10 c:\windows\Tasks\At17.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-10 c:\windows\Tasks\At18.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-10 c:\windows\Tasks\At19.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-03 c:\windows\Tasks\At2.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-10 c:\windows\Tasks\At20.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-10 c:\windows\Tasks\At21.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-10 c:\windows\Tasks\At22.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-10 c:\windows\Tasks\At23.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-10 c:\windows\Tasks\At24.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-02 c:\windows\Tasks\At25.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-03 c:\windows\Tasks\At26.job

- c:\windows\system32\NcUfFrHN.exe []

 

2008-12-07 c:\windows\Tasks\At27.job

- c:\windows\system32\NcUfFrHN.exe []

 

2008-12-07 c:\windows\Tasks\At28.job

- c:\windows\system32\NcUfFrHN.exe []

 

2008-12-07 c:\windows\Tasks\At29.job

- c:\windows\system32\NcUfFrHN.exe []

 

2008-12-07 c:\windows\Tasks\At3.job

- c:\windows\system32\41W0527I.exe []

 

2008-12-07 c:\windows\Tasks\At30.job

- c:\windows\system32\NcUfFrHN.exe []

 

2008-12-07 c:\windows\Tasks\At31.job

- c:\windows\system32\NcUfFrHN.exe []

 

2008-12-07 c:\windows\Tasks\At32.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-09 c:\windows\Tasks\At33.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-09 c:\windows\Tasks\At34.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-11 c:\windows\Tasks\At35.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-11 c:\windows\Tasks\At36.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-11 c:\windows\Tasks\At37.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-11 c:\windows\Tasks\At38.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-11 c:\windows\Tasks\At39.job

- c:\windows\system32\NcUfFrHN.exe []

 

2008-12-07 c:\windows\Tasks\At4.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-10 c:\windows\Tasks\At40.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-10 c:\windows\Tasks\At41.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-10 c:\windows\Tasks\At42.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-10 c:\windows\Tasks\At43.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-10 c:\windows\Tasks\At44.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-10 c:\windows\Tasks\At45.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-10 c:\windows\Tasks\At46.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-10 c:\windows\Tasks\At47.job

- c:\windows\system32\NcUfFrHN.exe []

 

2009-01-10 c:\windows\Tasks\At48.job

- c:\windows\system32\NcUfFrHN.exe []

 

2008-12-07 c:\windows\Tasks\At5.job

- c:\windows\system32\41W0527I.exe []

 

2008-12-07 c:\windows\Tasks\At6.job

- c:\windows\system32\41W0527I.exe []

 

2008-12-07 c:\windows\Tasks\At7.job

- c:\windows\system32\41W0527I.exe []

 

2008-12-07 c:\windows\Tasks\At8.job

- c:\windows\system32\41W0527I.exe []

 

2009-01-09 c:\windows\Tasks\At9.job

- c:\windows\system32\41W0527I.exe []

.

- - - - ORPHELINS SUPPRIMES - - - -

 

URLSearchHooks-{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - (no file)

WebBrowser-{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7} - (no file)

WebBrowser-{FA34EE7E-55EB-41DB-9718-1AE6EA1CF9A5} - (no file)

HKCU-Run-WinButler - c:\documents and settings\Sylvain\Application Data\WinButler\WinButler.exe

HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\HOMERunner.exe

HKCU-Run-Chicdead - c:\docume~1\Sylvain\APPLIC~1\DUPEOB~1\jump list.exe

HKLM-Run-dlbxmon.exe - c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe

MSConfigStartUp-dlbxmon - c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.ustart.org

uInternet Connection Wizard,ShellNext = iexplore

IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html

IE: Backward &Links - c:\program files\Google\googletoolbar.dll/cmbacklinks.html

IE: Cac&hed Snapshot of Page - c:\program files\Google\googletoolbar.dll/cmcache.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Si&milar Pages - c:\program files\Google\googletoolbar.dll/cmsimilar.html

IE: Translate into English - c:\program files\Google\googletoolbar.dll/cmtrans.html

Trusted Zone: *.internet

Trusted Zone: *.mcafee.com

TCP: {35B3EFF2-D176-4CD0-9363-470ED3A77F48} = 212.27.53.252,212.27.54.252

 

c:\windows\system32\msvcr71.dll - c:\windows\system32\msvcp71.dll

c:\windows\system32\AVC_AX_MPEG4.dll

c:\windows\system32\AVC_AX_JPEG.dll

c:\windows\system32\AVC_AX_RTSP.dll

c:\windows\system32\AVC_AX_PB.dll

c:\windows\system32\AVC_AX_LIVE.dll

c:\windows\system32\AVC718Viewer.dll

O16 -: {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F}

hxxp://kitaclore.dyndns.org:5910/AVC_AX_DVR.cab

c:\windows\Downloaded Program Files\AVC_AX_DVR.INF

 

c:\windows\Downloaded Program Files\SearchEngineQuery.dll - O16 -: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400}

hxxp://www.myheritage.fr/Genoogle/Components/ActiveX/SearchEngineQuery.dll

FF - ProfilePath - c:\documents and settings\Sylvain\Application Data\Mozilla\Firefox\Profiles\xkipthcu.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=

FF - prefs.js: browser.search.selectedEngine - Yoog Search

FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=

FF - component: c:\program files\Mozilla Firefox\components\nsmilehighads.dll

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin9.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll

 

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Yoog Search

FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=

FF - user.js: keyword.enabled - true

FF - user.js: browser.search.defaultenginename - Yoog Search

FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-11 14:21:37

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1801674531-299502267-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

Heure de fin: 2009-01-11 14:23:57

ComboFix-quarantined-files.txt 2009-01-11 13:23:31

ComboFix2.txt 2008-11-22 21:36:32

 

Avant-CF: 14 426 791 936 octets libres

Après-CF: 14,887,124,992 octets libres

 

468 --- E O F --- 2008-12-18 14:58:53

Lien vers le commentaire
Partager sur d’autres sites

re!

 

Du nettoyage à faire encore!

 

1°) Passe par le Panneau de Configuration > Ajouter\Supprimer des Programmes et désinstalle (si tu peux) >>

Multi_Media Toolbar

Multi_Media_France Toolbar

Milehighads Games Collection

Share Accelerator

Search Assistant Mysidesearch

RON Tool Milehighads

Même si tu ne parviens pas à désinstaller ces programmes, continue la procédure >

 

2°) Rend toi sur cette page afin de télécharger le fichier CFScript > http://senduit.com/1db8a7

Patiente une seconde: le téléchargement va se lancer automatiquement.

  • Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
    img-191202xzrpd.gif
  • Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Note: Le script proposé est adapté au cas de scheuch : Vous ne devez en aucun cas l'utiliser sur votre pc!

 

3°) FoxScan est un outil développé par Loup blanc pour l'affichage et l'analyse des paramètres du navigateur Mozilla FireFox afin d'y détecter des éléments anormaux voire infectieux.

 

-> Télécharge FoxScan dans le répertoire de ton choix, par exemple dans celui dans lequel tu ranges les outils à conserver : Mes Documents\Mes Téléchargements.

-> Ouvre le répertoire dans lequel tu as téléchargé et double clique sur FoxScan.

-> Valide l'exécution si tu as un "Avertissement de sécurité" te disant que l'éditeur n'a pas pu être vérifié, etc.

-> Une fenêtre de commande s'ouvre; réponds 1 puis [Entrée] au message Selectionnez votre langue...

-> Il y a affichage de quelques informations générales puis Recherche en cours; laisse faire l'outil jusqu'à affichage de

"Recherches terminées.

Appuyer sur une touche pour continuer...". Appuie par exemple sur [Entrée].

-> Le programme ouvre alors son rapport dans une fenêtre du Bloc-notes.

Ce rapport est également rangé à la racine du disque système (généralement C:\) sous le nom de Rapport-FS.txt.

-> Poste ce rapport sur le forum (effectue un copier-coller) pour le soumettre à l'analyse du Conseiller en sécurité que te l'a demandé.

-> Ferme le Bloc-notes et attends les instructions du Conseiller sur le forum.

 

FoxScan étant un outil d'affichage, il n'est pas dangereux et peut être conservé sur le disque. Néanmoins, il est conseillé de télécharger la version la plus récente avant chaque utilisation car des améliorations ont pu y être apportées.

 

4°) Assure toi que la console Java est bien la plus récente; pour le savoir rends-toi sur cette page et clique sur Vérifier la version de Java -> http://www.java.com/fr/download/installed.jsp -> Il te sera indiqué si tu dois installer la dernière version.

Le scan doit être fait avec Internet Explorer

TUTO scan en ligne Kaspersky: http://www.vista-xp.fr/forum/topic109.html

 

  • Fais un scan en ligne Kaspersky
  • Clique sur Accept
  • Patiente le temps d'installation du Webscanner.
  • Les bases de mises à jour vont s'installer, patiente un moment
  • Clique sur Next.
  • Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie/colle la totalité du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

 

Colle ce rapport dans ta réponse sur le forum.

 

Poste les 3 rapports demandés stp: FoxScan - ComboFix et Kaspersky.

courage!! :P

Modifié par Thanos
Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...