Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] Infection par TPS1

DAN21

Par DAN21
dans Analyses et éradication malwares

 Partager

Messages recommandés

DAN21 Member

DAN21

Posté(e)
Posté(e) (modifié)

Bonjour,

 

Récemment une alerte m'avertit que mon disque dur est plein !!! Après recherche je découvre un dossier à la racine C:/ dénommé TPS1 (C:/TPS1) qui pèse 15 GO :P Il ne contient que des images au format jpg , qu'il multiplie et ainsi bloque assez radipement le PC. Evidemment je m'empresse de supprimer ce dossier (j'ai ramé car étant donné que le disque était quasiment plein c'était la galère). Je récupère donc de l'espace libre et 2 mn plus tard re-création automatique de ce dossier avec importation desdites images, et re-belote. J'ai scanné avec antivir, qui n'a rien trouvé. Idem avec avast .. Quelqu'un peut-il m'aider? Merci d'avance

Modifié par DAN21

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Bonjour, j'adore ce genre de trucs (tu n'es pas le seul à l'avoir, et il y a sans doute un batch de trop dans le coin).

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    Ca fait deux rapports donc. :P

DAN21 Member

DAN21

Posté(e)
  • Auteur
Posté(e)
Bonjour, j'adore ce genre de trucs (tu n'es pas le seul à l'avoir, et il y a sans doute un batch de trop dans le coin).

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    Ca fait deux rapports donc. :P

Merci d'abord pour ta célérité. Voici les rapports demandés :

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by daniel at 2009-02-15 22:06:27

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 26 GB (45%) free of 57 GB

Total RAM: 767 MB (29% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:07 , on 15/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\cmd.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\daniel\Bureau\RSIT.exe

C:\Program Files\trend micro\daniel.exe

C:\WINDOWS\system32\ftp.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.my.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: AutorunsDisabled

O4 - Global Startup: wintp.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cf32ae7ab85740bcae45032fc5bd1528

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cf32ae7ab85740bcae45032fc5bd1528

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/07509111a47cb9...RdxIE601_fr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133865994687

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_1_0.cab

O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://62.201.137.56/mmawap/jsp/composer/p...r/mmsPlayer.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://skifunshop.no-ip.com/activex/AxisCamControl.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/st...aller_4-0-0.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

O20 - AppInit_DLLs: "C:\PROGRA~1\Google\Google,Desktop,Search\GoogleDesktopNetwork3.dll"

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 0: (no name) - http://www.valdisere.com/images05/valdisere2.jpg

O24 - Desktop Component 1: (no name) - http://www.skifunshop.com/Cam.jpg

O24 - Desktop Component 2: (no name) - http://www.trinum.com/ibox/lesgets/Images/...noire_SMALL.jpg

O24 - Desktop Component 4: Sur La Trace De La CHOUETTE D'OR - http://www.lachouette.net/index.php

 

--

End of file - 13266 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Ad-Aware Update (Daily).job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Connexion Facile à Internet.job

C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-23 308832]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]

EoBho Class

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-07 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D80C4E21-C346-4E21-8E64-20746AA20AEB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-07 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-07 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]

EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504]

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-01 29744]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-07 136600]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-10-23 185872]

"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]

"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2009-02-05 81000]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB7801]

command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB8310]

command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB8790]

command.com /c del C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5251]

cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD8929]

cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD9696]

cmd.exe /c del C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll []

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

AutorunsDisabled

wintp.exe

 

C:\Documents and Settings\daniel\Menu Démarrer\Programmes\Démarrage

OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

PowerReg Scheduler V3.exe

PowerReg Scheduler.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"=""C:\PROGRA~1\Google\Google,Desktop,Search\GoogleDesktopNetwork3.dll""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=

scecli

scecli

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=0

"NoRun"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"D:\OpFlashPreferences.exe"="D:\OpFlashPreferences.exe:*:Enabled:Operation Flashpoint preferences"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"G:\iTunes\iTunes.exe"="G:\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"

"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\Dark Oberon\dark-oberon.exe"="C:\Program Files\Dark Oberon\dark-oberon.exe:*:Disabled:dark-oberon"

"C:\Program Files\AlertInfo\AlertInfo.exe"="C:\Program Files\AlertInfo\AlertInfo.exe:*:Disabled:FeedReader"

"C:\Documents and Settings\daniel\Local Settings\Temp\ImInstaller\Magentic\magentic_install.exe"="C:\Documents and Settings\daniel\Local Settings\Temp\ImInstaller\Magentic\magentic_install.exe:*:Disabled:IncrediMail Installer"

"C:\Documents and Settings\daniel\Bureau\magentic_install.exe"="C:\Documents and Settings\daniel\Bureau\magentic_install.exe:*:Disabled:IncrediMail Installer"

"E:\iTunes\iTunes.exe"="E:\iTunes\iTunes.exe:*:Disabled:iTunes"

"C:\Program Files\SecondLife\SecondLife.exe"="C:\Program Files\SecondLife\SecondLife.exe:*:Disabled:Second Life"

"C:\Program Files\SSI\Silent Hunter II\Shell\SH2.exe"="C:\Program Files\SSI\Silent Hunter II\Shell\SH2.exe:*:Disabled:SH2"

"C:\Program Files\BitDownload\BitDownload.exe"="C:\Program Files\BitDownload\BitDownload.exe:*:Disabled:Torrent P2P application"

"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"

"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"

"C:\Documents and Settings\LICORNE\Local Settings\Temporary Internet Files\Content.IE5\8HUZCXEZ\magentic_install[1].exe"="C:\Documents and Settings\LICORNE\Local Settings\Temporary Internet Files\Content.IE5\8HUZCXEZ\magentic_install[1].exe:*:Enabled:IncrediMail Installer"

"C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"

"C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"

"C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"

"C:\Documents and Settings\LICORNE\Local Settings\Temporary Internet Files\Content.IE5\8HUZCXEZ\magentic_install[2].exe"="C:\Documents and Settings\LICORNE\Local Settings\Temporary Internet Files\Content.IE5\8HUZCXEZ\magentic_install[2].exe:*:Enabled:IncrediMail Installer"

"C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\GDSPAB0L\magentic_install[1].exe"="C:\Documents and Settings\daniel\Local Settings\Temporary Internet Files\Content.IE5\GDSPAB0L\magentic_install[1].exe:*:Enabled:IncrediMail Installer"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\HD2_SabreSquadron.exe"="C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\HD2_SabreSquadron.exe:*:Enabled:HD2_SabreSquadron"

"C:\PVSW\Bin\w3dbsmgr.exe"="C:\PVSW\Bin\w3dbsmgr.exe:*:Enabled:Database Service Manager"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\PVSW\Bin\w3dbsmgr.exe"="C:\PVSW\Bin\w3dbsmgr.exe:*:Enabled:Database Service Manager"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

shell\AutoRun\command - D:\AUTORUN.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22c50350-37b4-11dc-a0ad-806d6172696f}]

shell\AutoRun\command - D:\installcheck.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d4b87d4-1847-11dc-93cb-806d6172696f}]

shell\AutoRun\command - D:\AUTORUN.EXE

 

 

======List of files/folders created in the last 1 months======

 

2009-02-15 22:06:29 ----D---- C:\Program Files\trend micro

2009-02-15 22:06:27 ----D---- C:\rsit

2009-02-15 17:39:41 ----D---- C:\!KillBox

2009-02-15 12:27:55 ----A---- C:\WINDOWS\system32\aswBoot.exe

2009-02-15 12:27:44 ----D---- C:\Program Files\Alwil Software

2009-02-15 02:21:53 ----D---- C:\Documents and Settings\All Users\Application Data\avg8

2009-02-15 01:14:55 ----D---- C:\tps1

2009-02-15 01:14:52 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-02-15 00:38:33 ----A---- C:\WINDOWS\ntbtlog.txt

2009-02-14 16:07:19 ----D---- C:\Program Files\CCleaner

2009-02-12 11:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

2009-02-07 20:36:53 ----D---- C:\TMP

2009-02-07 20:13:33 ----D---- C:\Program Files\ma-config.com

2009-02-07 20:13:33 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2009-02-07 19:36:09 ----D---- C:\Program Files\AMD

2009-02-07 18:07:16 ----A---- C:\WINDOWS\system32\javaws.exe

2009-02-07 18:07:16 ----A---- C:\WINDOWS\system32\javaw.exe

2009-02-07 18:07:16 ----A---- C:\WINDOWS\system32\java.exe

2009-02-07 18:07:16 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-02-07 11:23:42 ----D---- C:\Program Files\Ciel Solution 2008(Ciel Compta) Activation Fr

2009-02-07 11:20:24 ----A---- C:\wintp2.exe

2009-02-07 11:20:24 ----A---- C:\wintp.exe

2009-02-07 11:20:24 ----A---- C:\start.exe

2009-02-07 11:20:24 ----A---- C:\s.bat

2009-02-07 11:20:24 ----A---- C:\a.bat

2009-02-06 21:03:45 ----A---- C:\WINDOWS\system32\msxml4a.dll

2009-02-06 21:03:44 ----N---- C:\WINDOWS\CielInfos.exe

2009-02-06 21:03:44 ----A---- C:\WINDOWS\system32\CielArchiver.dll

2009-01-17 22:48:52 ----D---- C:\Program Files\QUAD Utilities

2009-01-17 11:28:46 ----D---- C:\Documents and Settings\All Users\Application Data\EBP

2009-01-17 11:28:30 ----HD---- C:\Documents and Settings\All Users\Application Data\{DD02AF12-1A4B-45FE-A16C-7B8608E0B62E}

2009-01-16 22:12:28 ----D---- C:\Documents and Settings\All Users\Application Data\{C0200251-5770-4348-8120-68DB131964DD}

2009-01-16 21:32:35 ----D---- C:\WINDOWS\SxsCaPendDel

2009-01-16 11:34:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

 

======List of files/folders modified in the last 1 months======

 

2009-02-15 22:06:34 ----D---- C:\WINDOWS\Prefetch

2009-02-15 22:06:29 ----AD---- C:\Program Files

2009-02-15 21:12:59 ----D---- C:\WINDOWS\Temp

2009-02-15 16:50:19 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt

2009-02-15 16:50:17 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-15 16:48:24 ----D---- C:\WINDOWS\system32\config

2009-02-15 16:40:21 ----D---- C:\WINDOWS\system32

2009-02-15 16:09:04 ----D---- C:\Program Files\Mozilla Thunderbird

2009-02-15 12:29:13 ----D---- C:\WINDOWS\system32\drivers

2009-02-15 02:25:27 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-02-15 02:25:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-02-15 02:24:27 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2009-02-15 02:24:26 ----SHD---- C:\WINDOWS\Installer

2009-02-15 02:24:26 ----D---- C:\Config.Msi

2009-02-15 02:24:09 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-02-15 02:20:16 ----SD---- C:\Documents and Settings\daniel\Application Data\Microsoft

2009-02-15 02:20:14 ----D---- C:\WINDOWS

2009-02-15 02:20:11 ----D---- C:\Documents and Settings

2009-02-15 00:15:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-02-14 20:27:29 ----HD---- C:\WINDOWS\inf

2009-02-14 20:19:13 ----SD---- C:\WINDOWS\Tasks

2009-02-14 20:16:19 ----D---- C:\Program Files\Lavasoft

2009-02-14 20:16:06 ----D---- C:\WINDOWS\WinSxS

2009-02-14 20:09:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-02-14 18:54:14 ----A---- C:\WINDOWS\wininit.ini

2009-02-14 17:06:46 ----D---- C:\Documents and Settings\daniel\Application Data\Grisoft

2009-02-14 16:44:27 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft

2009-02-14 16:44:00 ----D---- C:\Program Files\Grisoft

2009-02-14 16:30:53 ----HD---- C:\Program Files\InstallShield Installation Information

2009-02-14 16:28:50 ----D---- C:\Program Files\Canon

2009-02-14 16:28:04 ----D---- C:\WINDOWS\Debug

2009-02-14 15:52:24 ----RSHD---- C:\WINDOWS\system32\dllcache

2009-02-14 15:52:11 ----A---- C:\WINDOWS\win.ini

2009-02-14 15:52:07 ----RSD---- C:\WINDOWS\Fonts

2009-02-14 15:51:49 ----A---- C:\WINDOWS\ODBC.INI

2009-02-13 13:50:31 ----D---- C:\WINDOWS\system32\Restore

2009-02-12 11:14:28 ----D---- C:\Program Files\Internet Explorer

2009-02-12 11:02:52 ----HD---- C:\WINDOWS\$hf_mig$

2009-02-07 20:13:56 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-02-07 20:13:50 ----D---- C:\Program Files\HardwareDetection

2009-02-07 19:36:20 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-02-07 18:24:20 ----D---- C:\WINDOWS\system32\DirectX

2009-02-07 18:06:33 ----D---- C:\Program Files\Java

2009-02-06 21:53:36 ----D---- C:\Program Files\Fichiers communs

2009-02-06 21:03:44 ----D---- C:\CIEL

2009-02-04 00:21:12 ----A---- C:\WINDOWS\system32\MRT.exe

2009-01-20 18:25:42 ----D---- C:\WINDOWS\Help

2009-01-20 18:21:54 ----A---- C:\WINDOWS\CielVideo.ini

2009-01-18 20:38:07 ----D---- C:\Program Files\InterActual

2009-01-16 21:15:42 ----A---- C:\WINDOWS\system32\mshtml.dll

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]

R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\System32\drivers\EABFiltr.sys []

R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-24 12032]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-06-09 271360]

R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-05-23 18048]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-02-02 100384]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-01-30 1205292]

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-10-08 94601]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]

R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]

R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2007-10-11 25624]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-04-07 1382634]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2006-09-07 47360]

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-01-13 612032]

R3 tiumfwl;tiumfwl; C:\WINDOWS\system32\drivers\tiumfwl.sys [2003-12-18 42092]

R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 W8335XP;NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG511v2.sys [2004-09-17 253440]

S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]

S1 SysTool;SysTool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 24064]

S2 pciinfo;HP Pci Information; \??\C:\DOCUME~1\daniel\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys []

S3 61883;Pilote d'unité 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]

S3 a16e79tt;a16e79tt; C:\WINDOWS\system32\drivers\a16e79tt.sys []

S3 Avc;Périphérique AVC; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]

S3 avgntdd;avgntdd; \??\C:\Program Files\AVPersonal\AVGNTDD.SYS []

S3 BCM43XX;Pilote pour carte réseau BCM 802.11b; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-12-04 286848]

S3 bfastfao;bfastfao; \??\C:\DOCUME~1\daniel\LOCALS~1\Temp\bfastfao.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CE3;Service de la carte Xircom Ethernet 10/100; C:\WINDOWS\System32\DRIVERS\ce3n5.sys [2001-08-23 27164]

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []

S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 lg3gbus;LGE KU580 driver (WDM); C:\WINDOWS\system32\DRIVERS\lg3gbus.sys [2007-04-26 83080]

S3 lg3gmdfl;LGE KU580 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\lg3gmdfl.sys [2007-04-26 15112]

S3 lg3gmdm;LGE KU580 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\lg3gmdm.sys [2007-04-26 108552]

S3 lg3gmgmt;LGE KU580 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\lg3gmgmt.sys [2007-04-26 100360]

S3 lg3gnd5;LGE KU580 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\lg3gnd5.sys [2007-04-26 23176]

S3 lg3gobex;LGE KU580 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\lg3gobex.sys [2007-04-26 98568]

S3 lg3gunic;LGE KU580 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\lg3gunic.sys [2007-04-26 98952]

S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]

S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]

S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []

S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-12 13848]

S3 PID_08A0;Logitech QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2006-06-22 720176]

S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000]

S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]

S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2003-10-23 46976]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-08-23 36937]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2007-06-28 108208]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2003-11-10 135168]

R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2005-07-23 54784]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-07 152984]

R2 LVCOMSer;LVCOMSer; C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]

R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]

R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2004-04-07 73728]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]

S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-01 29744]

S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-11-17 98304]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

 

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-02-15 22:07:13

 

======Uninstall list======

 

-->C:\PROGRA~1\CLUB-I~1\Le Compagnon Club\Uninstall.exe TONLFR

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature

-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2004 Mahjongg Lite-->C:\WINDOWS\unvise32.exe C:\Program Files\2004 Mahjongg Lite 4r\uninstal.log

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}

Agere Systems AC'97 Modem-->agrsmdel

AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x040c -removeonly

Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}

Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}

Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

Bluetooth by hp-->MsiExec.exe /X{E837279E-4C3F-411A-8E3D-0EFD97F818E3}

Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}

Bouton Impression Ecran-->MsiExec.exe /I{A45722F2-456F-4284-83B3-FA58DFD0ABDA}

Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}

Canon Internet Library for ZoomBrowser EX-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6A0DBAA6-4FEC-41B7-858E-99EF59B9173C}

Canon RAW Image Task for ZoomBrowser EX-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D076E06B-F74B-454F-A56E-7510D7B6C9F0}

Canon RemoteCapture Task for ZoomBrowser EX-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{822586CA-0B15-428C-859A-64B3728F28E7}

Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}

Canon Utilities RemoteCapture 2.7-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}

Canon Utilities ZoomBrowser EX-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Challenge Sudoku-->C:\Program Files\Play at Joe's\Challenge Sudoku\uninst.exe

Chicken Invaders v1.30-->"C:\Program Files\Chicken Invaders\unins000.exe"

Ciel Compta pour Windows-->C:\WINDOWS\unin040c.exe -fC:\CIEL\WCPTA\DeIsL1.isu

Ciel eSauvegarde V2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBF7A3DA-880B-4747-AB57-D74A4EBAC69E}\install.exe" UNINSTALL

Ciel Immobilisations pour Windows-->C:\WINDOWS\unin040c.exe -fC:\CIEL\WIMMO\DeIsL1.isu

Ciel Paye pour Windows-->C:\WINDOWS\unin040c.exe -fC:\CIEL\WPAYE\DeIsL1.isu

Coffret de pilotes Logitech Legacy USB Camera-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\legacyqcam\10.50.1091\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_10.50" /clone_wait /hide_progress

Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress

Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0613467F-A45E-4CB1-9ECE-1F3DD79FB927} /l1036

Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Customized Tetris - Aquarium Edition (v1.18 Freeware)-->c:\Program Files\ElefunMultimedia\Customized Tetris - Aquarium Edition(v1.18 Freeware)\uninstal.exe

Deluxe Pacman v1.59-->"C:\Games\Deluxe Pacman\unins000.exe"

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

DR 221-->C:\Program Files\Microsoft Games\Flight Simulator 9\DR 221 Uninstall.exe

DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"

EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9

Easy-WebPrint-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"

EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}

EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG

EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall

EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x40c UNINST

EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST

EPSON Image Clip Palette-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x40c -u

EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u

EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r

EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything

ESDX4800_4200 Guide util.-->C:\Program Files\EPSON\TPMANUAL\ESDX4800_4200\USE_G\DOCUNINS.EXE

Free FLV Converter V 5.9.1-->"C:\Program Files\Free FLV Converter\unins000.exe"

Free Video Converter V 1.4-->"C:\Program Files\Free Video Converter\unins000.exe"

Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}

HD2: Sabre Squadron Patch-->"C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\\patch-uninst.exe"

Hidden & Dangerous 2 -->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{83437081-8186-4F63-BD39-4BE8A691E055}

Hidden & Dangerous 2 Sabre Squadron-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E2222809-FDED-4C7E-8F25-2337A8F39F03} /l1036

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL

iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}

IZArc 3.81-->"C:\Program Files\IZArc\unins001.exe"

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

KC Softwares IDPhotoStudio-->"C:\Program Files\KC Softwares\IDPhotoStudio\unins000.exe"

KC Softwares SUMo-->"C:\Program Files\KC Softwares\SUMo\unins001.exe"

KC Softwares VideoInspector-->"C:\Program Files\KC Softwares\VideoInspector\unins000.exe"

Language pack for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG

LE COMPAGNON CLUB-->C:\WINDOWS\Motive\TONLFR\MCCUninst.exe

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x040c -removeonly

LG USB Modem driver [KU580]-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{510EB43C-2D49-4E9A-8448-DD2E89D6E182}\setup.exe" -l0x40c -removeonly

Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}

Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}

Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}

Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}

Magic Ball-->C:\Program Files\Alawar\Magic Ball\uninstal.exe

Micro Application - PrintPratic 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC79B672-686B-4C0A-9402-12EA1A04A99C}\Setup.exe" -l0x40c

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}

Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}

Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}

Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe

Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}

Microsoft Carioca-->MsiExec.exe /I{49D70E70-23CB-4BE5-8A67-8770F6B1BB2F}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Flight Simulator 2004 Un siècle d'aviation-->"C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Reader-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x40c

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}

Microsoft Works 4.0-->C:\Program Files\MSWorks\setup40\install.exe

Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}

MioMore Desktop 2008-->C:\Program Files\InstallShield Installation Information\{7617FC2E-EA1B-4F07-A0F5-5D5F437CB32D}\Setup.exe -runfromtemp -l0x040c -removeonly

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}

Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe

Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (2.0.0.19)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}

MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}

My Drivers 3.22-->"C:\Program Files\My Drivers\unins000.exe"

NETGEAR WG511v2 54 Mbps Wireless PC Card-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B93D24B3-928D-4805-B379-4AA47CB3794E}

NVIDIA Drivers-->C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI

NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvcp.inf

NvMixer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall

OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}

Outils Club Internet-->"C:\Program Files\Club-Internet\Assistance\OutilsCI\uninstall.exe"

PCI 1620 Cardbus Controller and Software-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{97355297-21C8-40CD-96D3-48E58037A9B8} /l1036

PhotoFiltre-->"c:\Program Files\PhotoFiltre\Uninst.exe"

PIF DESIGNER-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything

PlayStation®Network Downloader-->MsiExec.exe /X{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}

PlayStation®Store-->MsiExec.exe /X{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}

PrintPratic-->MsiExec.exe /X{B95FDFCC-2476-4E74-B6A7-B0AE5784BF4B}

Quick Launch Buttons 5.10 B5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\Setup.exe" -l0x40c -uninst

QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}

RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x040c -removeonly

Realtek RTL8139/810x Fast Ethernet NIC Driver Setup-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x40c REMOVE

RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}

SafeCast Shared Components-->C:\Program Files\Fichiers communs\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG

Silent Hunter II-->C:\WINDOWS\Silent Hunter II remove.exe remove

Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}

Sony Media Manager for PSP 3.0-->MsiExec.exe /X{21C6344A-918B-4D35-ADB6-7614F97B78EA}

SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"

SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"

SuDoku Quest-->C:\WINDOWS\unvise32.exe C:\Program Files\sudoku_quest\uninstal.log

TOM-->"C:\Program Files\Club-Internet\TOM\uninstall.exe"

UMVPLStandalone-->MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}

V1.0-->"C:\Program Files\RM-X® Easy Compress\unins000.exe"

Vade Retro pour Outlook et Outlook Express-->C:\PROGRA~1\Goto Software\Vade Retro\UNWISE.EXE C:\PROGRA~1\Goto Software\Vade Retro\INSTALL.LOG

ViaMichelin Navigation PND-->"C:\Program Files\InstallShield Installation Information\{47FF921C-E834-47A6-8CE4-F0A99CDE347F}\setup.exe" -runfromtemp -l0x040c -removeonly

Vidéo Email v2.0 pour Outlook Express -->C:\PROGRA~1\Talkway\VIDOMA~1\UNWISE.EXE C:\PROGRA~1\Talkway\VIDOMA~1\INSTALL.LOG

Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

Visual Compta v2.00-->C:\WINDOWS\UnInstall Dc2i.EXE C:\Program Files\DC2i\Visual Compta\VC32.LOG

VSO Inspector 1.1.4-->"C:\Program Files\vso\tools\unins000.exe"

Wallpaper 4.1.3-->C:\WINDOWS\iun6002.exe "C:\Program Files\Wallpaper\irunin.ini"

WaterBall 1.1-->"C:\Program Files\WaterBall\unins000.exe"

Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}

Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

Winkaa 1.0 1.0-->"C:\Program Files\Emoticons-plus.com\Winkaa 1.0\uninstall.exe"

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

Yahoo! Auto Outlook Import-->C:\WINDOWS\system32\regsvr32 /u /s C:\WINDOWS\DOWNLO~1\yautoiol.dll

Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\Yinsthelper.dll

 

======Hosts File======

 

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

 

======Security center information======

 

AV: avast! antivirus 4.8.1335 [VPS 090215-0]

 

System event log

 

Computer Name: PC165040092242

Event Code: 1003

Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir

du serveur DHCP) pour la carte réseau dont l'adresse réseau est 00904B616A63. Il s'est

produit l'erreur suivante :

L'opération a été annulée par l'utilisateur.

.

Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du

serveur d'adresse réseau (DHCP).

 

Record Number: 81731

Source Name: Dhcp

Time Written: 20081215095920.000000+060

Event Type: Avertissement

User:

 

Computer Name: PC165040092242

Event Code: 4201

Message: Le système a détecté que la carte réseau Broadcom...- Miniport d'ordonnancement de paquets était connectée au réseau,

et a lancé une opération normale sur la carte réseau.

 

Record Number: 81730

Source Name: Tcpip

Time Written: 20081215095919.000000+060

Event Type: Informations

User:

 

Computer Name: PC165040092242

Event Code: 7036

Message: Le service Acquisition d'image Windows (WIA) est entré dans l'état : en cours d'exécution.

 

Record Number: 81729

Source Name: Service Control Manager

Time Written: 20081215095917.000000+060

Event Type: Informations

User:

 

Computer Name: PC165040092242

Event Code: 4202

Message: Le système a détecté que la carte réseau Broadcom...- Miniport d'ordonnancement de paquets était déconnectée du réseau,

et la configuration réseau de la carte a été abandonnée. Si la carte

réseau n'était pas déconnectée, ceci peut indiquer un disfonctionnement.

Contactez le fabricant pour des pilotes mis à jour.

 

Record Number: 81728

Source Name: Tcpip

Time Written: 20081215095911.000000+060

Event Type: Informations

User:

 

Computer Name: PC165040092242

Event Code: 7036

Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

 

Record Number: 81727

Source Name: Service Control Manager

Time Written: 20081214190536.000000+060

Event Type: Informations

User:

 

Application event log

 

Computer Name: PC165040092242

Event Code: 1001

Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam' lors de la demande du composant '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

 

Record Number: 27065

Source Name: MsiInstaller

Time Written: 20080825093519.000000+120

Event Type: Avertissement

User: PC165040092242\daniel

 

Computer Name: PC165040092242

Event Code: 1004

Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam', composant '{B52C7B4D-F46F-438C-ADF2-05A138C57757}. La ressource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' n'existe pas

 

Record Number: 27064

Source Name: MsiInstaller

Time Written: 20080825093519.000000+120

Event Type: Avertissement

User: PC165040092242\daniel

 

Computer Name: PC165040092242

Event Code: 1001

Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam' lors de la demande du composant '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

 

Record Number: 27063

Source Name: MsiInstaller

Time Written: 20080825093519.000000+120

Event Type: Avertissement

User: AUTORITE NT\SERVICE RÉSEAU

 

Computer Name: PC165040092242

Event Code: 1004

Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam', composant '{B52C7B4D-F46F-438C-ADF2-05A138C57757}. La ressource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' n'existe pas

 

Record Number: 27062

Source Name: MsiInstaller

Time Written: 20080825093519.000000+120

Event Type: Avertissement

User: AUTORITE NT\SERVICE RÉSEAU

 

Computer Name: PC165040092242

Event Code: 1001

Message: Échec de détection du produit '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', fonctionnalité 'QuickCam' lors de la demande du composant '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

 

Record Number: 27061

Source Name: MsiInstaller

Time Written: 20080825093453.000000+120

Event Type: Avertissement

User: PC165040092242\daniel

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"NUMBER_OF_PROCESSORS"=1

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 8, AuthenticAMD

"PROCESSOR_LEVEL"=15

"PROCESSOR_REVISION"=0408

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"windir"=%SystemRoot%

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

 

-----------------EOF-----------------

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ok, je les vois tes bestioles, on va faire le ménage.

 

Ceci prépare le ménage, la 2eme étape fera le nécessaire.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  • On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  • Le bureau disparaît, c'est normal, et il va revenir.
  • Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

DAN21 Member

DAN21

Posté(e)
  • Auteur
Posté(e)

Voici le rapport ComboFix:

 

ComboFix 09-02-14.01 - daniel 2009-02-15 22:42:09.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.767.257 [GMT 1:00]

Lancé depuis: c:\documents and settings\daniel\Bureau\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090215-0] *On-access scanning disabled* (Updated)

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\a.bat

C:\install.exe

c:\program files\QUAD Utilities

c:\windows\system32\encapi32.dll

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_BOONTY_GAMES

-------\Service_Boonty Games

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 ))))))))))))))))))))))))))))))))))))

.

 

2009-02-15 22:06 . 2009-02-15 22:07 <REP> d-------- C:\rsit

2009-02-15 22:06 . 2009-02-15 22:07 <REP> d-------- c:\program files\trend micro

2009-02-15 17:39 . 2009-02-15 17:39 <REP> d-------- C:\!KillBox

2009-02-15 16:50 . 2009-02-15 22:37 48 --a------ C:\temp.ftp

2009-02-15 12:27 . 2009-02-15 12:27 <REP> d-------- c:\program files\Alwil Software

2009-02-15 02:21 . 2009-02-15 02:22 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8

2009-02-15 02:20 . 2009-02-15 02:26 262,144 --a------ c:\documents and settings\DAVID

2009-02-15 01:14 . 2009-02-15 22:37 <REP> d-------- C:\tps1

2009-02-14 16:07 . 2009-02-14 16:07 <REP> d-------- c:\program files\CCleaner

2009-02-07 20:36 . 2009-02-07 20:37 <REP> d-------- C:\TMP

2009-02-07 20:13 . 2009-02-07 20:13 <REP> d-------- c:\program files\ma-config.com

2009-02-07 20:13 . 2009-02-07 20:13 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com

2009-02-07 19:36 . 2009-02-07 19:36 <REP> d-------- c:\program files\AMD

2009-02-07 19:36 . 2006-07-01 22:42 43,520 --a------ c:\windows\system32\drivers\AmdK8.sys

2009-02-07 18:07 . 2009-02-07 18:06 410,984 --a------ c:\windows\system32\deploytk.dll

2009-02-07 11:23 . 2009-02-07 11:23 <REP> d-------- c:\program files\Ciel Solution 2008(Ciel Compta) Activation Fr

2009-02-07 11:20 . 2005-08-04 13:56 3,755,492 --a------ C:\start.exe

2009-02-07 11:20 . 2008-02-20 13:13 52,776 --a------ C:\wintp2.exe

2009-02-07 11:20 . 2007-08-07 12:53 16,384 --a------ C:\wintp.exe

2009-02-07 11:20 . 2008-03-06 15:34 83 --a------ C:\s.bat

2009-02-06 21:03 . 2002-10-29 10:35 663,552 --------- c:\windows\CielInfos.exe

2009-02-06 21:03 . 2003-06-13 15:27 360,448 --a------ c:\windows\system32\CielArchiver.dll

2009-02-06 21:03 . 2002-02-04 03:43 44,544 --a------ c:\windows\system32\msxml4a.dll

2009-01-17 11:28 . 2009-01-17 11:28 <REP> d-------- c:\documents and settings\All Users\Application Data\EBP

2009-01-17 11:28 . 2009-01-17 11:31 <REP> d--h----- c:\documents and settings\All Users\Application Data\{DD02AF12-1A4B-45FE-A16C-7B8608E0B62E}

2009-01-16 22:12 . 2009-01-16 22:12 <REP> d-------- c:\documents and settings\All Users\Application Data\{C0200251-5770-4348-8120-68DB131964DD}

2009-01-16 21:32 . 2009-01-16 22:14 <REP> d-------- c:\windows\SxsCaPendDel

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-15 15:09 --------- d-----w c:\program files\Mozilla Thunderbird

2009-02-15 01:25 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-02-15 01:25 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-02-15 01:24 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

2009-02-14 23:15 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-02-14 19:16 --------- d-----w c:\program files\Lavasoft

2009-02-14 16:06 --------- d-----w c:\documents and settings\daniel\Application Data\Grisoft

2009-02-14 15:44 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft

2009-02-14 15:30 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-14 15:28 --------- d-----w c:\program files\Canon

2009-02-07 19:13 --------- d-----w c:\program files\HardwareDetection

2009-02-07 17:06 --------- d-----w c:\program files\Java

2009-01-18 19:38 --------- d-----w c:\program files\InterActual

2008-12-26 17:02 --------- d-----w c:\program files\Free Video Converter

2008-12-23 21:26 --------- d-----w c:\program files\Mio Technology

2008-12-23 21:25 --------- d-----w c:\documents and settings\daniel\Application Data\InstallShield

2008-10-17 09:19 78,784 ----a-w c:\documents and settings\daniel\Application Data\GDIPFONTCACHEV1.DAT

2005-10-12 18:37 5,632 --sha-w c:\program files\Thumbs.db

2005-07-08 22:27 774,144 ----a-w c:\program files\RngInterstitial.dll

2001-11-28 09:35 2,122,640 ----a-w c:\program files\BodyMaster.exe

2008-02-01 15:20 122,368 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2005-11-02 18:16 8 --sh--r c:\windows\system32\F1F9066955.sys

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-01 29744]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-07 136600]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-23 185872]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\daniel\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

PowerReg Scheduler V3.exe [2004-08-25 225280]

PowerReg Scheduler.exe [2004-08-31 256000]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

wintp.exe [2007-08-07 16384]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\AutorunsDisabled

NETGEAR WG511v2 Wireless Assistant.lnk - c:\windows\Installer\{B93D24B3-928D-4805-B379-4AA47CB3794E}\NewShortcut1_1.exe [2006-08-31 2238]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD5251]

del [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD8929]

del [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingD9696]

del [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB7801]

--a------ 2003-04-24 03:00 52103 c:\windows\system32\command.com

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB8310]

--a------ 2003-04-24 03:00 52103 c:\windows\system32\command.com

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotDeletingB8790]

--a------ 2003-04-24 03:00 52103 c:\windows\system32\command.com

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\SSI\\Silent Hunter II\\Shell\\SH2.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\HD2_SabreSquadron.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4662:TCP"= 4662:TCP:emule entrant

"4672:UDP"= 4672:UDP:emule sortant

 

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-15 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-15 20560]

S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006-11-10 24064]

S2 pciinfo;HP Pci Information;\??\c:\docume~1\daniel\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\daniel\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]

S3 avgntdd;avgntdd;\??\c:\program files\AVPersonal\AVGNTDD.SYS --> c:\program files\AVPersonal\AVGNTDD.SYS [?]

S3 bfastfao;bfastfao;\??\c:\docume~1\daniel\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\daniel\LOCALS~1\Temp\bfastfao.sys [?]

S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-10-15 29744]

S3 lg3gbus;LGE KU580 driver (WDM);c:\windows\system32\drivers\lg3gbus.sys [2007-09-20 83080]

S3 lg3gmdfl;LGE KU580 USB WMC Modem Filter;c:\windows\system32\drivers\lg3gmdfl.sys [2007-09-20 15112]

S3 lg3gmdm;LGE KU580 USB WMC Modem Driver;c:\windows\system32\drivers\lg3gmdm.sys [2007-09-20 108552]

S3 lg3gmgmt;LGE KU580 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lg3gmgmt.sys [2007-09-20 100360]

S3 lg3gnd5;LGE KU580 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\lg3gnd5.sys [2007-09-20 23176]

S3 lg3gobex;LGE KU580 USB WMC OBEX Interface;c:\windows\system32\drivers\lg3gobex.sys [2007-09-20 98568]

S3 lg3gunic;LGE KU580 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\lg3gunic.sys [2007-09-20 98952]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - D:\AUTORUN.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22c50350-37b4-11dc-a0ad-806d6172696f}]

\Shell\AutoRun\command - D:\installcheck.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-02-14 c:\windows\Tasks\Ad-Aware Update (Daily).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

 

2007-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe []

 

2005-04-26 c:\windows\Tasks\Connexion Facile à Internet.job

- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-02-03 11:39]

 

2008-07-25 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://fr.my.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.01net.com/telecharger/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080

uInternet Settings,ProxyOverride = 127.0.0.1;localhost;club-internet.fr;*.club-internet.fr;grolier.fr;*.grolier.fr;*.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cf32ae7ab85740bcae45032fc5bd1528

IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cf32ae7ab85740bcae45032fc5bd1528

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_1_0.cab

DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://62.201.137.56/mmawap/jsp/composer/player/mmsPlayer.cab

DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxp://motive.club-internet.fr:2112/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab

FF - ProfilePath -

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-15 22:48:32

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-2219901023-2348022258-2261301715-1007\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_USERS\S-1-5-21-2219901023-2348022258-2261301715-1007\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-2219901023-2348022258-2261301715-1007)

@Allowed: (Read) (S-1-5-21-2219901023-2348022258-2261301715-1007)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_USERS\S-1-5-21-2219901023-2348022258-2261301715-1007\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]

"FRT"="M8NvDh+wvssMFdC7Y19pNvyLv/ILsV/Gf+TisFytF2CLkX+lXCPP6A=="

"PLCK"="fwFEXmekFGGjj6COHaTZnWJKXiWA6RbE"

"Percents"="0 0.1494 0.3707 0.4109 0.6983 0.8287 0.8378 "

"Increment"=".003636"

"PHSH"=""

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\windows\system32\drivers\CDAC11BA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2009-02-15 22:54:57 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-02-15 21:54:53

 

Avant-CF: 26 982 174 720 octets libres

Après-CF: 27,070,492,672 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect

 

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5

241 --- E O F --- 2009-02-12 10:07:41

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ca va vite aller mieux.

 

Ce qui suit n'est que pour cette machine, et cette machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

 

  • Télécharge le fichier CFscript.txt depuis ce site :
    http://senduit.com/af306f
     
  • Place-le sur le bureau, près de l'icône de combofix.
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture

animation1md2.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

DAN21 Member

DAN21

Posté(e)
  • Auteur
Posté(e)

Dernier rapport :

 

ComboFix 09-02-14.01 - daniel 2009-02-15 23:32:46.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.767.373 [GMT 1:00]

Lancé depuis: c:\documents and settings\daniel\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\daniel\Bureau\CFscript.txt

AV: avast! antivirus 4.8.1335 [VPS 090215-0] *On-access scanning disabled* (Updated)

* Un nouveau point de restauration a été créé

 

FILE ::

c:\docume~1\alluse~1\MenuDm~1\progra~1\dmarra~1\wintp.exe

c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\wintp.exe

C:\s.bat

C:\start.exe

c:\windows\system32\F1F9066955.sys

C:\wintp.exe

C:\wintp2.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\docume~1\alluse~1\MenuDm~1\progra~1\dmarra~1\wintp.exe

c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\wintp.exe

C:\s.bat

C:\start.exe

c:\windows\system32\F1F9066955.sys

C:\wintp.exe

C:\wintp2.exe

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_BFASTFAO

-------\Service_bfastfao

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-15 au 2009-02-15 ))))))))))))))))))))))))))))))))))))

.

 

2009-02-15 22:06 . 2009-02-15 22:07 <REP> d-------- C:\rsit

2009-02-15 22:06 . 2009-02-15 22:07 <REP> d-------- c:\program files\trend micro

2009-02-15 17:39 . 2009-02-15 17:39 <REP> d-------- C:\!KillBox

2009-02-15 16:50 . 2009-02-15 22:37 48 --a------ C:\temp.ftp

2009-02-15 12:27 . 2009-02-15 12:27 <REP> d-------- c:\program files\Alwil Software

2009-02-15 02:21 . 2009-02-15 02:22 <REP> d-------- c:\documents and settings\All Users\Application Data\avg8

2009-02-15 02:20 . 2009-02-15 02:26 262,144 --a------ c:\documents and settings\DAVID

2009-02-15 01:14 . 2009-02-15 23:16 <REP> d-------- C:\tps1

2009-02-14 16:07 . 2009-02-14 16:07 <REP> d-------- c:\program files\CCleaner

2009-02-07 20:36 . 2009-02-07 20:37 <REP> d-------- C:\TMP

2009-02-07 20:13 . 2009-02-07 20:13 <REP> d-------- c:\program files\ma-config.com

2009-02-07 20:13 . 2009-02-07 20:13 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com

2009-02-07 19:36 . 2009-02-07 19:36 <REP> d-------- c:\program files\AMD

2009-02-07 19:36 . 2006-07-01 22:42 43,520 --a------ c:\windows\system32\drivers\AmdK8.sys

2009-02-07 18:07 . 2009-02-07 18:06 410,984 --a------ c:\windows\system32\deploytk.dll

2009-02-07 11:23 . 2009-02-07 11:23 <REP> d-------- c:\program files\Ciel Solution 2008(Ciel Compta) Activation Fr

2009-02-06 21:03 . 2002-10-29 10:35 663,552 --------- c:\windows\CielInfos.exe

2009-02-06 21:03 . 2003-06-13 15:27 360,448 --a------ c:\windows\system32\CielArchiver.dll

2009-02-06 21:03 . 2002-02-04 03:43 44,544 --a------ c:\windows\system32\msxml4a.dll

2009-01-17 11:28 . 2009-01-17 11:28 <REP> d-------- c:\documents and settings\All Users\Application Data\EBP

2009-01-17 11:28 . 2009-01-17 11:31 <REP> d--h----- c:\documents and settings\All Users\Application Data\{DD02AF12-1A4B-45FE-A16C-7B8608E0B62E}

2009-01-16 22:12 . 2009-01-16 22:12 <REP> d-------- c:\documents and settings\All Users\Application Data\{C0200251-5770-4348-8120-68DB131964DD}

2009-01-16 21:32 . 2009-01-16 22:14 <REP> d-------- c:\windows\SxsCaPendDel

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-15 15:09 --------- d-----w c:\program files\Mozilla Thunderbird

2009-02-15 01:25 --------- d-----w c:\program files\Spybot - Search & Destroy

2009-02-15 01:25 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-02-15 01:24 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

2009-02-14 23:15 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-02-14 19:16 --------- d-----w c:\program files\Lavasoft

2009-02-14 16:06 --------- d-----w c:\documents and settings\daniel\Application Data\Grisoft

2009-02-14 15:44 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft

2009-02-14 15:30 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-14 15:28 --------- d-----w c:\program files\Canon

2009-02-07 19:13 --------- d-----w c:\program files\HardwareDetection

2009-02-07 17:06 --------- d-----w c:\program files\Java

2009-01-18 19:38 --------- d-----w c:\program files\InterActual

2008-12-26 17:02 --------- d-----w c:\program files\Free Video Converter

2008-12-23 21:26 --------- d-----w c:\program files\Mio Technology

2008-12-23 21:25 --------- d-----w c:\documents and settings\daniel\Application Data\InstallShield

2008-10-17 09:19 78,784 ----a-w c:\documents and settings\daniel\Application Data\GDIPFONTCACHEV1.DAT

2005-10-12 18:37 5,632 --sha-w c:\program files\Thumbs.db

2005-07-08 22:27 774,144 ----a-w c:\program files\RngInterstitial.dll

2001-11-28 09:35 2,122,640 ----a-w c:\program files\BodyMaster.exe

2008-02-01 15:20 122,368 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of C:\TMP ----

 

2008-10-27 10:38 995154 --a------ c:\tmp\Nov2008_d3dx10_40_x64.cab

2008-10-27 10:38 97833 --a------ c:\tmp\APR2007_xinput_x64.cab

2008-10-27 10:38 976164 --a------ c:\tmp\BDAXP.cab

2008-10-27 10:38 966445 --a------ c:\tmp\Nov2008_d3dx10_40_x86.cab

2008-10-27 10:38 96053 --a------ c:\tmp\dxupdate.cab

2008-10-27 10:38 95056 --a------ c:\tmp\DSETUP.dll

2008-10-27 10:38 94750 --a------ c:\tmp\Mar2008_XACT_x86.cab

2008-10-27 10:38 94144 --a------ c:\tmp\JUN2008_XACT_x86.cab

2008-10-27 10:38 94028 --a------ c:\tmp\Aug2008_XACT_x86.cab

2008-10-27 10:38 93700 --a------ c:\tmp\Nov2008_XACT_x86.cab

2008-10-27 10:38 917446 --a------ c:\tmp\Apr2006_MDX1_x86.cab

2008-10-27 10:38 88158 --a------ c:\tmp\AUG2006_xinput_x64.cab

2008-10-27 10:38 88117 --a------ c:\tmp\Apr2006_xinput_x64.cab

2008-10-27 10:38 87053 --a------ c:\tmp\Oct2005_xinput_x64.cab

2008-10-27 10:38 868844 --a------ c:\tmp\JUN2008_d3dx10_38_x64.cab

2008-10-27 10:38 868628 --a------ c:\tmp\Aug2008_d3dx10_39_x64.cab

2008-10-27 10:38 865616 --a------ c:\tmp\Nov2007_d3dx10_36_x64.cab

2008-10-27 10:38 853302 --a------ c:\tmp\AUG2007_d3dx10_35_x64.cab

2008-10-27 10:38 850935 --a------ c:\tmp\JUN2008_d3dx10_38_x86.cab

2008-10-27 10:38 850183 --a------ c:\tmp\Aug2008_d3dx10_39_x86.cab

2008-10-27 10:38 845900 --a------ c:\tmp\Mar2008_d3dx10_37_x64.cab

2008-10-27 10:38 819276 --a------ c:\tmp\Mar2008_d3dx10_37_x86.cab

2008-10-27 10:38 804900 --a------ c:\tmp\Nov2007_d3dx10_36_x86.cab

2008-10-27 10:38 797883 --a------ c:\tmp\AUG2007_d3dx10_35_x86.cab

2008-10-27 10:38 700060 --a------ c:\tmp\JUN2007_d3dx10_34_x64.cab

2008-10-27 10:38 699628 --a------ c:\tmp\APR2007_d3dx10_33_x64.cab

2008-10-27 10:38 56170 --a------ c:\tmp\JUN2008_X3DAudio_x64.cab

2008-10-27 10:38 56074 --a------ c:\tmp\Mar2008_X3DAudio_x64.cab

2008-10-27 10:38 55538 --a------ c:\tmp\Nov2008_X3DAudio_x64.cab

2008-10-27 10:38 54318 --a------ c:\tmp\APR2007_xinput_x86.cab

2008-10-27 10:38 47160 --a------ c:\tmp\NOV2007_X3DAudio_x64.cab

2008-10-27 10:38 47074 --a------ c:\tmp\AUG2006_xinput_x86.cab

2008-10-27 10:38 47026 --a------ c:\tmp\Apr2006_xinput_x86.cab

2008-10-27 10:38 46375 --a------ c:\tmp\Oct2005_xinput_x86.cab

2008-10-27 10:38 45464 --a------ c:\tmp\dxdllreg_x86.cab

2008-10-27 10:38 4163646 --a------ c:\tmp\Apr2006_MDX1_x86_Archive.cab

2008-10-27 10:38 22921 --a------ c:\tmp\JUN2008_X3DAudio_x86.cab

2008-10-27 10:38 22883 --a------ c:\tmp\Mar2008_X3DAudio_x86.cab

2008-10-27 10:38 22867 --a------ c:\tmp\Nov2008_X3DAudio_x86.cab

2008-10-27 10:38 19512 --a------ c:\tmp\NOV2007_X3DAudio_x86.cab

2008-10-27 10:38 1907944 --a------ c:\tmp\Nov2008_d3dx9_40_x64.cab

2008-10-27 10:38 1803074 --a------ c:\tmp\Nov2007_d3dx9_36_x64.cab

2008-10-27 10:38 1801176 --a------ c:\tmp\AUG2007_d3dx9_35_x64.cab

2008-10-27 10:38 1795100 --a------ c:\tmp\Aug2008_d3dx9_39_x64.cab

2008-10-27 10:38 1793624 --a------ c:\tmp\JUN2008_d3dx9_38_x64.cab

2008-10-27 10:38 1770878 --a------ c:\tmp\Mar2008_d3dx9_37_x64.cab

2008-10-27 10:38 1710376 --a------ c:\tmp\Nov2007_d3dx9_36_x86.cab

2008-10-27 10:38 1709168 --a------ c:\tmp\AUG2007_d3dx9_35_x86.cab

2008-10-27 10:38 1608790 --a------ c:\tmp\JUN2007_d3dx9_34_x64.cab

2008-10-27 10:38 1608374 --a------ c:\tmp\APR2007_d3dx9_33_x64.cab

2008-10-27 10:38 1608302 --a------ c:\tmp\JUN2007_d3dx9_34_x86.cab

2008-10-27 10:38 1607055 --a------ c:\tmp\APR2007_d3dx9_33_x86.cab

2008-10-27 10:38 1575392 --a------ c:\tmp\DEC2006_d3dx9_32_x86.cab

2008-10-27 10:38 1572170 --a------ c:\tmp\DEC2006_d3dx9_32_x64.cab

2008-10-27 10:38 1551228 --a------ c:\tmp\Nov2008_d3dx9_40_x86.cab

2008-10-27 10:38 1465688 --a------ c:\tmp\Aug2008_d3dx9_39_x86.cab

2008-10-27 10:38 1464894 --a------ c:\tmp\JUN2008_d3dx9_38_x86.cab

2008-10-27 10:38 1444298 --a------ c:\tmp\Mar2008_d3dx9_37_x86.cab

2008-10-27 10:38 1413918 --a------ c:\tmp\OCT2006_d3dx9_31_x64.cab

2008-10-27 10:38 1398846 --a------ c:\tmp\Apr2006_d3dx9_30_x64.cab

2008-10-27 10:38 1363812 --a------ c:\tmp\Feb2006_d3dx9_29_x64.cab

2008-10-27 10:38 1358992 --a------ c:\tmp\Dec2005_d3dx9_28_x64.cab

2008-10-27 10:38 1351558 --a------ c:\tmp\Aug2005_d3dx9_27_x64.cab

2008-10-27 10:38 1348370 --a------ c:\tmp\Apr2005_d3dx9_25_x64.cab

2008-10-27 10:38 1337018 --a------ c:\tmp\Jun2005_d3dx9_26_x64.cab

2008-10-27 10:38 13265184 --a------ c:\tmp\dxnt.cab

2008-10-27 10:38 1248515 --a------ c:\tmp\Feb2005_d3dx9_24_x64.cab

2008-10-27 10:38 122810 --a------ c:\tmp\Nov2008_XACT_x64.cab

2008-10-27 10:38 1156507 --a------ c:\tmp\BDANT.cab

2008-10-27 10:38 1128233 --a------ c:\tmp\OCT2006_d3dx9_31_x86.cab

2008-10-27 10:38 1116237 --a------ c:\tmp\Apr2006_d3dx9_30_x86.cab

2008-10-27 10:38 1085736 --a------ c:\tmp\Feb2006_d3dx9_29_x86.cab

2008-10-27 10:38 1080472 --a------ c:\tmp\Dec2005_d3dx9_28_x86.cab

2008-10-27 10:38 1079978 --a------ c:\tmp\Apr2005_d3dx9_25_x86.cab

2008-10-27 10:38 1078660 --a------ c:\tmp\Aug2005_d3dx9_27_x86.cab

2008-10-27 10:38 1065941 --a------ c:\tmp\Jun2005_d3dx9_26_x86.cab

2008-10-27 10:38 1014241 --a------ c:\tmp\Feb2005_d3dx9_24_x86.cab

2008-10-27 10:37 699488 --a------ c:\tmp\JUN2007_d3dx10_34_x86.cab

2008-10-27 10:37 696881 --a------ c:\tmp\APR2007_d3dx10_33_x86.cab

2008-10-27 10:37 274976 --a------ c:\tmp\Nov2008_XAudio_x64.cab

2008-10-27 10:37 273627 --a------ c:\tmp\Nov2008_XAudio_x86.cab

2008-10-27 10:37 272384 --a------ c:\tmp\Aug2008_XAudio_x64.cab

2008-10-27 10:37 270858 --a------ c:\tmp\Aug2008_XAudio_x86.cab

2008-10-27 10:37 270644 --a------ c:\tmp\JUN2008_XAudio_x64.cab

2008-10-27 10:37 270040 --a------ c:\tmp\JUN2008_XAudio_x86.cab

2008-10-27 10:37 252210 --a------ c:\tmp\Mar2008_XAudio_x64.cab

2008-10-27 10:37 227266 --a------ c:\tmp\Mar2008_XAudio_x86.cab

2008-10-27 10:37 213823 --a------ c:\tmp\DEC2006_d3dx10_00_x64.cab

2008-10-27 10:37 199112 --a------ c:\tmp\AUG2007_XACT_x64.cab

2008-10-27 10:37 198138 --a------ c:\tmp\JUN2007_XACT_x64.cab

2008-10-27 10:37 197778 --a------ c:\tmp\NOV2007_XACT_x64.cab

2008-10-27 10:37 196782 --a------ c:\tmp\APR2007_XACT_x64.cab

2008-10-27 10:37 195691 --a------ c:\tmp\FEB2007_XACT_x64.cab

2008-10-27 10:37 193491 --a------ c:\tmp\DEC2006_XACT_x64.cab

2008-10-27 10:37 192736 --a------ c:\tmp\DEC2006_d3dx10_00_x86.cab

2008-10-27 10:37 183919 --a------ c:\tmp\AUG2006_XACT_x64.cab

2008-10-27 10:37 183377 --a------ c:\tmp\OCT2006_XACT_x64.cab

2008-10-27 10:37 181801 --a------ c:\tmp\JUN2006_XACT_x64.cab

2008-10-27 10:37 180149 --a------ c:\tmp\Apr2006_XACT_x64.cab

2008-10-27 10:37 179375 --a------ c:\tmp\Feb2006_XACT_x64.cab

2008-10-27 10:37 1692496 --a------ c:\tmp\dsetup32.dll

2008-10-27 10:37 154028 --a------ c:\tmp\AUG2007_XACT_x86.cab

2008-10-27 10:37 153925 --a------ c:\tmp\JUN2007_XACT_x86.cab

2008-10-27 10:37 152241 --a------ c:\tmp\APR2007_XACT_x86.cab

2008-10-27 10:37 149280 --a------ c:\tmp\NOV2007_XACT_x86.cab

2008-10-27 10:37 148999 --a------ c:\tmp\FEB2007_XACT_x86.cab

2008-10-27 10:37 146615 --a------ c:\tmp\DEC2006_XACT_x86.cab

2008-10-27 10:37 139033 --a------ c:\tmp\OCT2006_XACT_x86.cab

2008-10-27 10:37 138251 --a------ c:\tmp\AUG2006_XACT_x86.cab

2008-10-27 10:37 134687 --a------ c:\tmp\JUN2006_XACT_x86.cab

2008-10-27 10:37 134119 --a------ c:\tmp\Apr2006_XACT_x86.cab

2008-10-27 10:37 133425 --a------ c:\tmp\Feb2006_XACT_x86.cab

2008-10-27 10:37 123352 --a------ c:\tmp\Mar2008_XACT_x64.cab

2008-10-27 10:37 122840 --a------ c:\tmp\Aug2008_XACT_x64.cab

2008-10-27 10:37 122070 --a------ c:\tmp\JUN2008_XACT_x64.cab

2008-10-27 10:36 526160 --a------ c:\tmp\DXSETUP.exe

 

---- Directory of C:\tps1 ----

 

 

 

((((((((((((((((((((((((((((( SnapShot@2009-02-15_22.52.54.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-02-15 22:37:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_218.dat

+ 2009-02-15 22:37:56 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6b4.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-01 29744]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-07 136600]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]

"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-23 185872]

"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\daniel\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

PowerReg Scheduler V3.exe [2004-08-25 225280]

PowerReg Scheduler.exe [2004-08-31 256000]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\AutorunsDisabled

NETGEAR WG511v2 Wireless Assistant.lnk - c:\windows\Installer\{B93D24B3-928D-4805-B379-4AA47CB3794E}\NewShortcut1_1.exe [2006-08-31 2238]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\SSI\\Silent Hunter II\\Shell\\SH2.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Illusion Softworks\\Hidden & Dangerous 2\\HD2_SabreSquadron.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"4662:TCP"= 4662:TCP:emule entrant

"4672:UDP"= 4672:UDP:emule sortant

 

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-06 35328]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-15 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-15 20560]

S1 SysTool;SysTool Overclocking Utility;c:\windows\system32\drivers\SysTool.sys [2006-11-10 24064]

S2 pciinfo;HP Pci Information;\??\c:\docume~1\daniel\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\daniel\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]

S3 avgntdd;avgntdd;\??\c:\program files\AVPersonal\AVGNTDD.SYS --> c:\program files\AVPersonal\AVGNTDD.SYS [?]

S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-10-15 29744]

S3 lg3gbus;LGE KU580 driver (WDM);c:\windows\system32\drivers\lg3gbus.sys [2007-09-20 83080]

S3 lg3gmdfl;LGE KU580 USB WMC Modem Filter;c:\windows\system32\drivers\lg3gmdfl.sys [2007-09-20 15112]

S3 lg3gmdm;LGE KU580 USB WMC Modem Driver;c:\windows\system32\drivers\lg3gmdm.sys [2007-09-20 108552]

S3 lg3gmgmt;LGE KU580 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lg3gmgmt.sys [2007-09-20 100360]

S3 lg3gnd5;LGE KU580 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\lg3gnd5.sys [2007-09-20 23176]

S3 lg3gobex;LGE KU580 USB WMC OBEX Interface;c:\windows\system32\drivers\lg3gobex.sys [2007-09-20 98568]

S3 lg3gunic;LGE KU580 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\lg3gunic.sys [2007-09-20 98952]

S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - D:\AUTORUN.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22c50350-37b4-11dc-a0ad-806d6172696f}]

\Shell\AutoRun\command - D:\installcheck.exe

.

Contenu du dossier 'Tâches planifiées'

 

2009-02-14 c:\windows\Tasks\Ad-Aware Update (Daily).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

 

2007-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe []

 

2005-04-26 c:\windows\Tasks\Connexion Facile à Internet.job

- c:\program files\Easy Internet signup\HPSdpApp.exe [2003-02-03 11:39]

 

2008-07-25 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://fr.my.yahoo.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.01net.com/telecharger/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080

uInternet Settings,ProxyOverride = 127.0.0.1;localhost;club-internet.fr;*.club-internet.fr;grolier.fr;*.grolier.fr;*.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm

IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cf32ae7ab85740bcae45032fc5bd1528

IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cf32ae7ab85740bcae45032fc5bd1528

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_1_0.cab

DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://62.201.137.56/mmawap/jsp/composer/player/mmsPlayer.cab

DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} - hxxp://motive.club-internet.fr:2112/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab

FF - ProfilePath -

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-15 23:39:48

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-2219901023-2348022258-2261301715-1007\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_USERS\S-1-5-21-2219901023-2348022258-2261301715-1007\Software\Policies\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (S-1-5-21-2219901023-2348022258-2261301715-1007)

@Allowed: (Read) (S-1-5-21-2219901023-2348022258-2261301715-1007)

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_USERS\S-1-5-21-2219901023-2348022258-2261301715-1007\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]

"FRT"="M8NvDh+wvssMFdC7Y19pNvyLv/ILsV/Gf+TisFytF2CLkX+lXCPP6A=="

"PLCK"="fwFEXmekFGGjj6COHaTZnWJKXiWA6RbE"

"Percents"="0 0.1494 0.3707 0.4109 0.6983 0.8287 0.8378 "

"Increment"=".003636"

"PHSH"=""

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

c:\windows\system32\drivers\CDAC11BA.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2009-02-15 23:44:26 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-02-15 22:44:22

ComboFix2.txt 2009-02-15 21:54:59

 

Avant-CF: 27 193 507 840 octets libres

Après-CF: 27,181,871,104 octets libres

 

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5

352 --- E O F --- 2009-02-12 10:07:41

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Clean. Le mécanisme qui remplit le disque est mort. tu peux vider le dossier tps1 après vérification du contenu (il semble vide là).

 

Poste un nouveau rapport RSIT spt.

DAN21 Member

DAN21

Posté(e)
  • Auteur
Posté(e)

Logfile of random's system information tool 1.05 (written by random/random)

Run by daniel at 2009-02-15 23:59:58

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 26 GB (45%) free of 57 GB

Total RAM: 767 MB (48% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:00 , on 16/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Documents and Settings\daniel\Bureau\RSIT.exe

C:\Program Files\trend micro\daniel.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.my.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: AutorunsDisabled

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cf32ae7ab85740bcae45032fc5bd1528

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cf32ae7ab85740bcae45032fc5bd1528

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133865994687

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_1_1_0.cab

O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://62.201.137.56/mmawap/jsp/composer/p...r/mmsPlayer.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://skifunshop.no-ip.com/activex/AxisCamControl.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/st...aller_4-0-0.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O24 - Desktop Component 0: (no name) - http://www.valdisere.com/images05/valdisere2.jpg

O24 - Desktop Component 1: (no name) - http://www.skifunshop.com/Cam.jpg

O24 - Desktop Component 2: (no name) - http://www.trinum.com/ibox/lesgets/Images/...noire_SMALL.jpg

O24 - Desktop Component 4: Sur La Trace De La CHOUETTE D'OR - http://www.lachouette.net/index.php

 

--

End of file - 12634 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Ad-Aware Update (Daily).job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Connexion Facile à Internet.job

C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-23 308832]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]

EoBho Class

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-07 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-07 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-07 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]

EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504]

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-01 29744]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-07 136600]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-10-23 185872]

"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]

"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2009-02-05 81000]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

AutorunsDisabled

 

C:\Documents and Settings\daniel\Menu Démarrer\Programmes\Démarrage

OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

PowerReg Scheduler V3.exe

PowerReg Scheduler.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\SSI\Silent Hunter II\Shell\SH2.exe"="C:\Program Files\SSI\Silent Hunter II\Shell\SH2.exe:*:Disabled:SH2"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\HD2_SabreSquadron.exe"="C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\HD2_SabreSquadron.exe:*:Enabled:HD2_SabreSquadron"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\PVSW\Bin\w3dbsmgr.exe"="C:\PVSW\Bin\w3dbsmgr.exe:*:Enabled:Database Service Manager"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

shell\AutoRun\command - D:\AUTORUN.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22c50350-37b4-11dc-a0ad-806d6172696f}]

shell\AutoRun\command - D:\installcheck.exe

 

 

======List of files/folders created in the last 1 months======

 

2009-02-15 23:57:53 ----SHD---- C:\RECYCLER

2009-02-15 23:44:30 ----A---- C:\ComboFix.txt

2009-02-15 22:40:18 ----A---- C:\Boot.bak

2009-02-15 22:40:00 ----RASHD---- C:\cmdcons

2009-02-15 22:38:03 ----A---- C:\WINDOWS\zip.exe

2009-02-15 22:38:03 ----A---- C:\WINDOWS\VFIND.exe

2009-02-15 22:38:03 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-02-15 22:38:03 ----A---- C:\WINDOWS\SWSC.exe

2009-02-15 22:38:03 ----A---- C:\WINDOWS\SWREG.exe

2009-02-15 22:38:03 ----A---- C:\WINDOWS\sed.exe

2009-02-15 22:38:03 ----A---- C:\WINDOWS\NIRCMD.exe

2009-02-15 22:38:03 ----A---- C:\WINDOWS\grep.exe

2009-02-15 22:38:03 ----A---- C:\WINDOWS\fdsv.exe

2009-02-15 22:37:47 ----D---- C:\WINDOWS\ERDNT

2009-02-15 22:37:47 ----D---- C:\Qoobox

2009-02-15 22:06:29 ----D---- C:\Program Files\trend micro

2009-02-15 22:06:27 ----D---- C:\rsit

2009-02-15 17:39:41 ----D---- C:\!KillBox

2009-02-15 12:27:55 ----A---- C:\WINDOWS\system32\aswBoot.exe

2009-02-15 12:27:44 ----D---- C:\Program Files\Alwil Software

2009-02-15 02:21:53 ----D---- C:\Documents and Settings\All Users\Application Data\avg8

2009-02-15 01:14:52 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-02-15 00:38:33 ----A---- C:\WINDOWS\ntbtlog.txt

2009-02-14 16:07:19 ----D---- C:\Program Files\CCleaner

2009-02-12 11:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

2009-02-07 20:36:53 ----D---- C:\TMP

2009-02-07 20:13:33 ----D---- C:\Program Files\ma-config.com

2009-02-07 20:13:33 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2009-02-07 19:36:09 ----D---- C:\Program Files\AMD

2009-02-07 18:07:16 ----A---- C:\WINDOWS\system32\javaws.exe

2009-02-07 18:07:16 ----A---- C:\WINDOWS\system32\javaw.exe

2009-02-07 18:07:16 ----A---- C:\WINDOWS\system32\java.exe

2009-02-07 18:07:16 ----A---- C:\WINDOWS\system32\deploytk.dll

2009-02-07 11:23:42 ----D---- C:\Program Files\Ciel Solution 2008(Ciel Compta) Activation Fr

2009-02-06 21:03:45 ----A---- C:\WINDOWS\system32\msxml4a.dll

2009-02-06 21:03:44 ----N---- C:\WINDOWS\CielInfos.exe

2009-02-06 21:03:44 ----A---- C:\WINDOWS\system32\CielArchiver.dll

2009-01-17 11:28:46 ----D---- C:\Documents and Settings\All Users\Application Data\EBP

2009-01-17 11:28:30 ----HD---- C:\Documents and Settings\All Users\Application Data\{DD02AF12-1A4B-45FE-A16C-7B8608E0B62E}

 

======List of files/folders modified in the last 1 months======

 

2009-02-15 23:53:28 ----D---- C:\WINDOWS\Prefetch

2009-02-15 23:44:38 ----D---- C:\WINDOWS\system32\drivers

2009-02-15 23:44:38 ----D---- C:\WINDOWS\system32

2009-02-15 23:44:35 ----D---- C:\WINDOWS\Temp

2009-02-15 23:44:35 ----D---- C:\WINDOWS

2009-02-15 23:39:50 ----A---- C:\WINDOWS\system.ini

2009-02-15 23:38:13 ----A---- C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt

2009-02-15 23:38:06 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-15 23:35:56 ----D---- C:\WINDOWS\system32\config

2009-02-15 23:34:29 ----D---- C:\WINDOWS\AppPatch

2009-02-15 23:34:27 ----D---- C:\Program Files\Fichiers communs

2009-02-15 22:42:16 ----AD---- C:\Program Files

2009-02-15 22:40:18 ----RASH---- C:\boot.ini

2009-02-15 16:09:04 ----D---- C:\Program Files\Mozilla Thunderbird

2009-02-15 02:25:27 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-02-15 02:25:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-02-15 02:24:27 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2009-02-15 02:24:26 ----SHD---- C:\WINDOWS\Installer

2009-02-15 02:24:26 ----D---- C:\Config.Msi

2009-02-15 02:24:09 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-02-15 02:20:16 ----SD---- C:\Documents and Settings\daniel\Application Data\Microsoft

2009-02-15 02:20:11 ----D---- C:\Documents and Settings

2009-02-15 00:15:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-02-14 20:27:29 ----HD---- C:\WINDOWS\inf

2009-02-14 20:19:13 ----SD---- C:\WINDOWS\Tasks

2009-02-14 20:16:19 ----D---- C:\Program Files\Lavasoft

2009-02-14 20:16:06 ----D---- C:\WINDOWS\WinSxS

2009-02-14 20:09:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-02-14 18:54:14 ----A---- C:\WINDOWS\wininit.ini

2009-02-14 17:06:46 ----D---- C:\Documents and Settings\daniel\Application Data\Grisoft

2009-02-14 16:44:27 ----D---- C:\Documents and Settings\All Users\Application Data\Grisoft

2009-02-14 16:44:00 ----D---- C:\Program Files\Grisoft

2009-02-14 16:30:53 ----HD---- C:\Program Files\InstallShield Installation Information

2009-02-14 16:28:50 ----D---- C:\Program Files\Canon

2009-02-14 16:28:04 ----D---- C:\WINDOWS\Debug

2009-02-14 15:52:24 ----RSHD---- C:\WINDOWS\system32\dllcache

2009-02-14 15:52:11 ----A---- C:\WINDOWS\win.ini

2009-02-14 15:52:07 ----RSD---- C:\WINDOWS\Fonts

2009-02-14 15:51:49 ----A---- C:\WINDOWS\ODBC.INI

2009-02-13 13:50:31 ----D---- C:\WINDOWS\system32\Restore

2009-02-12 11:14:28 ----D---- C:\Program Files\Internet Explorer

2009-02-12 11:02:52 ----HD---- C:\WINDOWS\$hf_mig$

2009-02-07 20:13:56 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-02-07 20:13:50 ----D---- C:\Program Files\HardwareDetection

2009-02-07 19:36:20 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-02-07 18:24:20 ----D---- C:\WINDOWS\system32\DirectX

2009-02-07 18:06:33 ----D---- C:\Program Files\Java

2009-02-06 21:03:44 ----D---- C:\CIEL

2009-02-04 00:21:12 ----A---- C:\WINDOWS\system32\MRT.exe

2009-01-20 18:25:42 ----D---- C:\WINDOWS\Help

2009-01-20 18:21:54 ----A---- C:\WINDOWS\CielVideo.ini

2009-01-18 20:38:07 ----D---- C:\Program Files\InterActual

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]

R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]

R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\System32\drivers\EABFiltr.sys []

R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-24 12032]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-06-09 271360]

R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS []

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2006-05-23 18048]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-02-02 100384]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2004-01-30 1205292]

R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-10-08 94601]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]

R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]

R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]

R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2007-10-11 25624]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-04-07 1382634]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2006-09-07 47360]

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-01-13 612032]

R3 tiumfwl;tiumfwl; C:\WINDOWS\system32\drivers\tiumfwl.sys [2003-12-18 42092]

R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 W8335XP;NETGEAR WG511v2 54 Mbps Wireless PC Card for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG511v2.sys [2004-09-17 253440]

S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]

S1 SysTool;SysTool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\SysTool.sys [2006-11-10 24064]

S2 pciinfo;HP Pci Information; \??\C:\DOCUME~1\daniel\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys []

S3 61883;Pilote d'unité 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [2008-04-13 48128]

S3 av19s9sm;av19s9sm; C:\WINDOWS\system32\drivers\av19s9sm.sys []

S3 Avc;Périphérique AVC; C:\WINDOWS\System32\DRIVERS\avc.sys [2008-04-13 38912]

S3 avgntdd;avgntdd; \??\C:\Program Files\AVPersonal\AVGNTDD.SYS []

S3 BCM43XX;Pilote pour carte réseau BCM 802.11b; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-12-04 286848]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 CE3;Service de la carte Xircom Ethernet 10/100; C:\WINDOWS\System32\DRIVERS\ce3n5.sys [2001-08-23 27164]

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []

S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

S3 lg3gbus;LGE KU580 driver (WDM); C:\WINDOWS\system32\DRIVERS\lg3gbus.sys [2007-04-26 83080]

S3 lg3gmdfl;LGE KU580 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\lg3gmdfl.sys [2007-04-26 15112]

S3 lg3gmdm;LGE KU580 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\lg3gmdm.sys [2007-04-26 108552]

S3 lg3gmgmt;LGE KU580 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\lg3gmgmt.sys [2007-04-26 100360]

S3 lg3gnd5;LGE KU580 USB Ethernet Emulation (NDIS); C:\WINDOWS\system32\DRIVERS\lg3gnd5.sys [2007-04-26 23176]

S3 lg3gobex;LGE KU580 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\lg3gobex.sys [2007-04-26 98568]

S3 lg3gunic;LGE KU580 USB Ethernet Emulation (WDM); C:\WINDOWS\system32\DRIVERS\lg3gunic.sys [2007-04-26 98952]

S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]

S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]

S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []

S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2008-04-13 51200]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-12 13848]

S3 PID_08A0;Logitech QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2006-06-22 720176]

S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000]

S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]

S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2003-10-23 46976]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-08-23 36937]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2007-06-28 108208]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [2003-11-10 135168]

R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2005-07-23 54784]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-07 152984]

R2 LVCOMSer;LVCOMSer; C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]

R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]

R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2004-04-07 73728]

R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]

R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]

S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]

S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-01 29744]

S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2004-11-17 98304]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]

S3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

 

-----------------EOF-----------------

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ok, utilise hijackthis cette fois pour la suite.

 

Relance HijackThis, clique sur "Do a system scan only" puis coche ceci et clique sur le bouton "Fix checked", en bas à gauche :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O4 - Global Startup: AutorunsDisabled

O9 - Extra button: (no name) - AutorunsDisabled - (no file)

 

 

  • Ouvre le bloc notes. Copie-colle dedans le contenu de la boite code qui suit, sans ligne blanche vide au début, ça doit commencer par Windows Registry Editor Version 5.00 comme ci dessous :

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]

  • Sauvegarde cela sur le bureau en donnant comme nom lib.reg (pas d'extension texte donc).
  • Le fichier va être créé avec une icône de base de registre, double clique dessus et confirme pour l'ajouter au registre.

 

-----------

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

NB : Si MBAM te demande à redémarrer, fais-le.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...