Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Impossible de lancer Avast/spybot/ [résolu]

Arnoras

Par Arnoras
dans Analyses et éradication malwares

 Partager

Messages recommandés

Arnoras Junior Member

Arnoras

Posté(e)
Posté(e) (modifié)

Bonsoir, voilà j'ai un léger ( très léger ???? ) problème, identique qu'a celui ci : >>LIEN<<

 

à savoir :

 

Mon ordinateur est infecté par un virus qui empéche l'utilisation de mon antivirus Avast, Ccleaner, Spybot, Adward....

 

Je ne peux pas lancer HiJackThis, ni msn, ni aucun logiciel il me semble a part les navigateur internet...(encore heureux -_-')

 

voici, comme demander dans le topic que j'ai cité, le rapport fais par combofix :

 

ComboFix 09-02-24.02 - Arnoras 2009-02-25 20:17:53.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1729 [GMT 1:00]

Lancé depuis: c:\documents and settings\Arnoras\Bureau\combo-fix.exe

AV: avast! antivirus 4.8.1335 [VPS 090225-1] *On-access scanning disabled* (Updated)

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Arnoras\Application Data\BITS

c:\documents and settings\Arnoras\Application Data\BITS\BITS.ini

c:\documents and settings\Arnoras\Application Data\BITS\DHTTable.dat

c:\documents and settings\Arnoras\Application Data\BITS\ProxyList.ini

c:\documents and settings\Arnoras\Application Data\drivers\downld

c:\documents and settings\Arnoras\Application Data\drivers\downld\110843.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\111562.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\112109.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\121343.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\121515.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\121578.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\130750.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\159937.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\160078.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\160109.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\187687.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\188640.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\188781.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\191000.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\191812.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\192437.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\204000.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\205000.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\205125.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\205156.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\205187.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\206109.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\207093.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\207859.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\208546.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\228437.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\229109.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\229781.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\238703.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\239593.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\239750.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\242437.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\244156.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\244703.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\248078.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\248296.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\248437.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\259218.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\260703.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\261250.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\280593.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\281781.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\282562.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\302906.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\303046.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\303218.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\343031.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\343203.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\343265.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\399000.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\400578.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\404343.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\405046.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\405265.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\48390.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\49203.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\49359.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\57703.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\58593.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\58828.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\72171.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\73109.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\73703.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\84171.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\84390.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\84453.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\86171.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\86718.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\86781.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\87062.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\88218.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\88468.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\89296.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\97437.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\97796.exe

c:\documents and settings\Arnoras\Application Data\drivers\downld\97984.exe

c:\documents and settings\Arnoras\Application Data\drivers\srosa2.sys

c:\documents and settings\Arnoras\Application Data\drivers\wfsintwq.sys

c:\documents and settings\Arnoras\Application Data\drivers\winupgro.exe

c:\documents and settings\Arnoras\Application Data\m

c:\documents and settings\Arnoras\Application Data\m\data.oct

c:\documents and settings\Arnoras\Application Data\m\flec006.exe

c:\documents and settings\Arnoras\Application Data\m\list.oct

c:\documents and settings\Arnoras\Application Data\m\shared\3D Patriotic Elf 1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\3D Super Skull 1.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\642-582 Free Test Exam Questions 10.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\8-Ball 1.1a.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Abcc Free 3GP iPod Zune iPhone MP4 FLV Converter 4.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Abcc Free DVD to AVI MPEG WMV MP4 MOV FLV Ripper 4.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Acronyms Master 2.0.0.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Advanced Archive Repair 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Advanced Email2RSS Professional 3.5.64.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Advanced HTML Encrypt and Password Protect 1.09.18.zip

c:\documents and settings\Arnoras\Application Data\m\shared\AfterHour 2.4.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Aiseesoft DVD to Apple TV Converter 3.2.16.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Allgäu Webcams 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Alphabeta.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Alternate Task Manager 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Anxiety Panic Attack 1.3.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Apex Free 3GP Video Converter 6.67.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Argentum Backup 2.60.zip

c:\documents and settings\Arnoras\Application Data\m\shared\AusLogics BoostSpeed 4.2.7.172.zip

c:\documents and settings\Arnoras\Application Data\m\shared\avast!.4.antivirus.protection.server.edition.v4.1.63.zip

c:\documents and settings\Arnoras\Application Data\m\shared\AVI File Viewer 1.0.1.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\AVX Get Host 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\awMail 1.35.zip

c:\documents and settings\Arnoras\Application Data\m\shared\AxelCD 2.17.zip

c:\documents and settings\Arnoras\Application Data\m\shared\BareGrep 3.50a.zip

c:\documents and settings\Arnoras\Application Data\m\shared\BearShare Turbo Accelerator 6.3.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Bw Email Robot 4.50.zip

c:\documents and settings\Arnoras\Application Data\m\shared\CA Personal Firewall 2008 10.0.0.157.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Cabos 0.8.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\CheckOsVer 1.02.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\CMUD 1.34.zip

c:\documents and settings\Arnoras\Application Data\m\shared\CNN 4 in 1 NEWS feed 2.00.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Compact Alarmer 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\CompanionLink Professional 3.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Compare It! 4.01.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Compu-Rx 2.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\ContactKeeper 1.4.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Corpse Flower (Titan Arum) Webcam C 1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\CounterStrike Stats Watcher 0.0.0.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\csASPZipFile 1.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Dai.sy 1.1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\DateCopy 2.01.zip

c:\documents and settings\Arnoras\Application Data\m\shared\DC Simple Calendar 1.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Document Import Kit for SharePoint 2007 (DocKIT) 1.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\DRS 2006 Webreceiver 1.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\DVD Icons For Movies.zip

c:\documents and settings\Arnoras\Application Data\m\shared\DynamicPDF for Java 4.0.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\EaseBackup 5.79.2.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Evening Sanctuary Screen Saver 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Fair Winds Screensaver 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Fast Destination Finder² 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Fast Port Scanner 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Flower Hill 3D Screensaver 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Free Desktop Clock 2.2.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Free InuYasha Screensaver 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\FreeOTFE 4.30.zip

c:\documents and settings\Arnoras\Application Data\m\shared\GAVSubmit 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Google Mini 2.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Google Password Recovery 1.10.02.08.zip

c:\documents and settings\Arnoras\Application Data\m\shared\HDD Scan and Restoration Program 3.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Hippopotamus Screensaver 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\HOST Searching 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\IconEdit2 5.02.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Inspyder InSite 2.0.4.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Investment and Business Valuation 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\iPod 2 iPod 3.52 Build 2911.43016.zip

c:\documents and settings\Arnoras\Application Data\m\shared\IRCbot.KD Remover 3.5.1.11.zip

c:\documents and settings\Arnoras\Application Data\m\shared\IzPack 3.10.2 Build 2007.05.11.zip

c:\documents and settings\Arnoras\Application Data\m\shared\JEP 3.0.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\JobTracker 1.3.zip

c:\documents and settings\Arnoras\Application Data\m\shared\JoyMacro 1.00.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Mail Access Monitor for QMail 3.8.zip

c:\documents and settings\Arnoras\Application Data\m\shared\McAfee.Viruscan.Enterprise.7.Spanish.by.feat.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Medlin Label Printing 2007 3.9.zip

c:\documents and settings\Arnoras\Application Data\m\shared\MemoriesOnTV 4.1.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Mild Winter 3D Screensaver 1.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Minos Zip 3.61.zip

c:\documents and settings\Arnoras\Application Data\m\shared\MLEditor Standard Edition 1.6.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\MonoCalendar 0.7.2.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Mortgage Glossary and Terminology eBook 2.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\MusicGoals Rhythm 2.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Netviewer One2one 3.2 build 870.zip

c:\documents and settings\Arnoras\Application Data\m\shared\OneCable.net Explorer 2.1.2.773.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Open Addons 1.1.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Pak Audio Converter 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Panda.Antivirus.Platinum.(鉑金版).v7.07.00.ç¹é«”中文版.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Panda.Platinum.Internet.Security.8.05.00.ITA.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Param Google Search 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\PaxKel RSS Viewer 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\PhotoRite FX 1.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\phpMySQLConsole 0.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\PirateGirl0003 ScreenMate 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Portable AmoK Date Wizard 1.1b.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Portable Visual Clipboard 2.2.zip

c:\documents and settings\Arnoras\Application Data\m\shared\PortableClipLibrary 1.4.zip

c:\documents and settings\Arnoras\Application Data\m\shared\PowerDesk 6.0.1.3.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Properties Local Pinger 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Publish Query to Word for SQL Server Pro 1.05.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Qucs 0.0.12.zip

c:\documents and settings\Arnoras\Application Data\m\shared\QuickPlayer 1.00 Beta 63b.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Recruiting Database 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\RPS Convertor 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\RssDownloader 1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Scorecard for Life 1.0.224.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Select Edges 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Sensationware 2.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\SleekView 1.0.1.zip

c:\documents and settings\Arnoras\Application Data\m\shared\SlovoEd Compact Portuguese-Spanish 6.4.zip

c:\documents and settings\Arnoras\Application Data\m\shared\South Beach Diet 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\SpyCatcher Express 5.1.1 Build 7.zip

c:\documents and settings\Arnoras\Application Data\m\shared\SWF Lister Lite 1.5.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Synkron 1.4.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\TB0-106 - TIBCO Rendezvous 7 Certification Exam 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\the faster toolbar for IE 4.5.131.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\TopSales Basic 6.50.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Virtual Encrypted Disk Utility 2.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Visual Hindsight Professional Edition 1.2.0.421.zip

c:\documents and settings\Arnoras\Application Data\m\shared\WebInventory 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\WebIssues 0.9.2.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Weissoft ColorPicker 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Windows ID3 Editor 1.10.7.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Windows up time Gadget 1.0.0.2.zip

c:\documents and settings\Arnoras\Application Data\m\shared\WinPLOSION 2.17.zip

c:\documents and settings\Arnoras\Application Data\m\shared\WinXfer 1.0.zip

c:\documents and settings\Arnoras\Application Data\m\shared\WordCounter 2.17.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Wsa - Search For Web Files 1.8.0.6.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Yahoo! Mail Notifier 1.0.0.12.zip

c:\documents and settings\Arnoras\Application Data\m\shared\Zune Video Converter 3.6.50.019.zip

c:\documents and settings\Arnoras\Application Data\m\srvlist.oct

c:\program files\FlashGet Network

c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log

c:\program files\FlashGet Network\FlashGet universal\fgoption.ini

c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini

c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini

c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini

c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat

c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat

c:\program files\FlashGet Network\FlashGet universal\transaction.log

c:\program files\Windows Live\Messenger\MsnMsgr.exe

c:\windows\system32\AVSredirect.dll

c:\windows\system32\ban_list.txt

c:\windows\system32\drivers\down

c:\windows\system32\drivers\down\254359.exe

c:\windows\system32\drivers\npf.sys

c:\windows\system32\mdelk.exe

c:\windows\system32\packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\wintems.exe

c:\windows\system32\wpcap.dll

I:\Autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_SROSA

-------\Legacy_SROSA

-------\Legacy_SK9OU0S

-------\Service_NPF

-------\Service_sK9Ou0s

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-25 au 2009-02-25 ))))))))))))))))))))))))))))))))))))

.

 

2009-02-25 20:03 . 2009-02-25 20:03 <REP> d-------- c:\program files\Trend Micro

2009-02-25 19:59 . 2009-02-25 19:59 <REP> d-------- c:\windows\system32\Kaspersky Lab

2009-02-25 19:30 . 2009-02-25 19:30 <REP> d-------- C:\spywarebegone-fs

2009-02-25 19:30 . 2009-02-25 19:30 724,992 --a------ c:\windows\iun6002.exe

2009-02-25 19:26 . 2009-02-25 19:26 <REP> d-------- c:\program files\Spybot - Search & Destroy

2009-02-25 19:26 . 2009-02-25 19:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-02-25 19:14 . 2009-02-25 20:19 <REP> d--h----- c:\documents and settings\Arnoras\Application Data\drivers

2009-02-25 19:02 . 2009-02-25 19:02 <REP> d-------- c:\documents and settings\Arnoras\Application Data\AVS4YOU

2009-02-25 19:02 . 2009-02-25 19:02 <REP> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU

2009-02-25 19:01 . 2009-02-25 19:02 <REP> d-------- c:\program files\Fichiers communs\AVSMedia

2009-02-25 19:01 . 2009-02-25 19:02 <REP> d-------- c:\program files\AVS4YOU

2009-02-25 19:01 . 2007-10-25 11:20 974,848 --a------ c:\windows\system32\mfc70.dll

2009-02-25 19:01 . 2007-10-25 11:20 487,424 --a------ c:\windows\system32\msvcp70.dll

2009-02-25 17:53 . 2009-02-25 18:34 <REP> d-------- c:\documents and settings\Arnoras\Application Data\eBay

2009-02-25 17:53 . 2009-02-25 18:34 <REP> d-------- c:\documents and settings\All Users\Application Data\eBay

2009-02-25 14:29 . 2009-02-25 14:30 <REP> d-------- c:\program files\PhotoFiltre

2009-02-23 22:53 . 2009-02-23 22:53 <REP> d-------- c:\windows\Intelliremote

2009-02-23 22:53 . 2009-02-25 01:38 <REP> d-------- c:\documents and settings\Arnoras\Application Data\Intelliremote

2009-02-23 19:39 . 2009-02-25 18:24 168 --a------ c:\windows\usdthank.ini

2009-02-23 19:39 . 2009-02-23 19:39 31 --a------ c:\windows\idc.ini

2009-02-22 14:42 . 2006-09-12 12:46 227,328 -r-hs---- c:\windows\system32\ac3DX.ax

2009-02-22 14:42 . 2008-03-16 14:30 216,064 -r-hs---- c:\windows\system32\nbDX.dll

2009-02-22 14:42 . 2006-03-10 22:48 169,472 -r-hs---- c:\windows\system32\MatroskaDX.ax

2009-02-22 14:42 . 2006-05-03 11:06 163,328 -r-hs---- c:\windows\system32\flvDX.dll

2009-02-22 14:42 . 2005-11-25 21:46 161,792 -r-hs---- c:\windows\system32\RealMediaDX.ax

2009-02-22 14:42 . 2006-01-13 00:23 123,904 -r-hs---- c:\windows\system32\AVCDX.ax

2009-02-22 14:42 . 2003-11-21 00:00 54,784 -r-hs---- c:\windows\system32\RLAPEDec.ax

2009-02-22 14:42 . 2004-04-27 00:00 37,888 -r-hs---- c:\windows\system32\RLMPCDec.ax

2009-02-22 14:42 . 2007-02-21 12:47 31,232 -r-hs---- c:\windows\system32\msfDX.dll

2009-02-22 13:51 . 2004-11-28 21:09 679,936 --a------ c:\windows\system32\xvidcore.dll

2009-02-20 23:00 . 2009-02-25 18:34 <REP> d-------- c:\program files\eBay

2009-02-20 23:00 . 2009-02-25 12:15 <REP> d-------- c:\documents and settings\All Users\eBay

2009-02-20 22:42 . 2009-02-20 22:42 <REP> d-------- c:\program files\Fichiers communs\GeoVid

2009-02-20 22:42 . 2007-06-28 18:55 77,824 --a------ c:\windows\system32\xvid.ax

2009-02-20 22:42 . 2005-06-07 15:11 60,416 --a------ c:\windows\system32\dsetup.dll

2009-02-20 21:34 . 2004-02-22 10:11 719,872 --a------ c:\windows\system32\devil.dll

2009-02-20 21:34 . 2007-05-17 17:30 318,976 --a------ c:\windows\system32\avisynth.dll

2009-02-20 21:34 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\yv12vfw.dll

2009-02-20 21:34 . 2004-01-25 00:00 70,656 --a------ c:\windows\system32\i420vfw.dll

2009-02-20 21:32 . 2009-02-20 21:32 <REP> d-------- c:\program files\eRightSoft

2009-02-20 21:32 . 2005-02-13 00:00 186,880 -r-hs---- c:\windows\system32\RLOgg.ax

2009-02-20 21:32 . 2005-01-18 00:26 179,200 -r-hs---- c:\windows\system32\DiracSplitter.ax

2009-02-20 21:32 . 2006-08-16 15:53 175,104 -r-hs---- c:\windows\system32\CoreAAC.ax

2009-02-20 21:32 . 2005-02-06 00:00 92,672 -r-hs---- c:\windows\system32\RLVorbisDec.ax

2009-02-20 21:32 . 2005-02-22 17:55 81,920 -r-hs---- c:\windows\system32\aac_parser.ax

2009-02-20 21:32 . 2005-02-13 00:00 67,584 -r-hs---- c:\windows\system32\RLTheoraDec.ax

2009-02-20 21:32 . 2005-02-13 00:00 51,712 -r-hs---- c:\windows\system32\RLSpeexDec.ax

2009-02-20 19:45 . 2004-05-25 17:06 417,792 --a------ c:\windows\system32\ac3filter.ax

2009-02-20 19:45 . 2005-02-27 21:48 356,352 --a------ c:\windows\system32\RealMediaSplitter.ax

2009-02-20 19:45 . 2004-01-10 17:02 258,048 --a------ c:\windows\system32\GplMpgDec.ax

2009-02-19 12:54 . 2009-02-20 22:32 <REP> d-------- c:\documents and settings\Arnoras\Application Data\Apple Computer

2009-02-19 12:53 . 2009-02-19 12:53 <REP> d-------- c:\program files\iTunes

2009-02-19 12:53 . 2009-02-19 12:53 <REP> d-------- c:\program files\iPod

2009-02-19 12:53 . 2009-02-19 12:53 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-02-19 12:53 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll

2009-02-19 12:53 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys

2009-02-19 12:52 . 2009-02-19 12:53 <REP> d-------- c:\program files\QuickTime

2009-02-19 12:52 . 2009-02-19 12:53 <REP> d-------- c:\program files\Fichiers communs\Apple

2009-02-19 12:52 . 2009-02-19 12:52 <REP> d-------- c:\program files\Apple Software Update

2009-02-19 12:52 . 2009-02-19 12:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer

2009-02-19 12:52 . 2009-02-19 12:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple

2009-02-19 12:52 . 2008-11-07 14:23 32,000 --a------ c:\windows\system32\drivers\usbaapl.sys

2009-02-19 12:26 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll

2009-02-19 12:26 . 2008-04-13 20:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2009-02-19 12:26 . 2008-04-13 20:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys

2009-02-19 12:26 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll

2009-02-18 02:00 . 2009-02-18 02:05 <REP> d-------- c:\program files\ElcomSoft

2009-02-17 10:51 . 2009-02-20 10:45 <REP> d-------- c:\documents and settings\Arnoras\Application Data\U3

2009-02-16 13:47 . 2009-02-16 13:57 <REP> d-------- c:\documents and settings\Arnoras\Application Data\fretsonfire

2009-02-16 13:46 . 2009-02-17 01:29 <REP> d-------- c:\program files\Frets on Fire

2009-02-16 10:58 . 2009-02-16 11:03 65,536 --a------ c:\windows\IFinst27.exe

2009-02-15 23:14 . 2009-02-15 23:14 <REP> dr-h----- c:\documents and settings\Arnoras\Application Data\SecuROM

2009-02-15 23:09 . 2009-02-15 23:09 <REP> d-------- c:\program files\Aspyr

2009-02-14 18:32 . 2009-02-14 18:32 <REP> d-------- c:\documents and settings\Arnoras\Application Data\GlarySoft

2009-02-14 16:44 . 2009-02-14 16:44 <REP> d-------- C:\TarguTrans

2009-02-14 16:41 . 2009-02-14 16:42 <REP> d-------- c:\windows\speech

2009-02-14 16:41 . 2009-02-14 16:41 <REP> d-------- c:\windows\Lhsp

2009-02-14 16:32 . 2009-02-14 16:56 <REP> d-------- c:\program files\Power Translator 12

2009-02-14 13:13 . 2009-02-14 13:13 <REP> d-------- C:\profiles

2009-02-14 10:53 . 2009-02-14 10:53 <REP> d-------- c:\program files\WinPcap

2009-02-14 10:52 . 2009-02-14 12:32 <REP> d-------- c:\program files\Net Tools

2009-02-11 15:04 . 2009-02-11 15:04 <REP> d-------- c:\program files\LucasArts

2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\system32\sirenacm.dll

2009-02-05 22:55 . 2009-02-05 22:55 <REP> d-------- c:\program files\Glary Utilities

2009-02-05 22:55 . 2009-02-05 22:55 <REP> d-------- c:\program files\CCleaner

2009-02-05 22:52 . 2009-02-05 22:52 <REP> d-------- c:\program files\Auslogics

2009-02-05 22:45 . 2009-02-05 22:45 <REP> d-------- c:\program files\VS Revo Group

2009-02-05 13:37 . 2009-02-05 13:37 1,044,480 -ra------ c:\windows\system32\roboex32.dll

2009-02-05 13:37 . 2009-02-05 13:37 49,152 -ra------ c:\windows\system32\inetwh32.dll

2009-02-04 18:48 . 2009-02-04 18:48 <REP> dr------- c:\documents and settings\Arnoras\Application Data\Brother

2009-02-04 17:00 . 2008-04-13 20:45 20,608 --a------ c:\windows\system32\drivers\usbuhci.sys

2009-02-04 17:00 . 2008-04-13 20:45 20,608 --a--c--- c:\windows\system32\dllcache\usbuhci.sys

2009-02-04 14:12 . 2009-02-04 14:12 166 --a------ c:\windows\Navigma.INI

2009-02-01 22:38 . 2009-02-01 22:38 <REP> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts

2009-02-01 14:58 . 2009-02-01 14:58 <REP> d-------- c:\program files\LoCoSoft

2009-02-01 14:52 . 2009-02-01 14:52 <REP> d-------- c:\documents and settings\Arnoras\Application Data\AlauxSoft

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-25 19:07 --------- d-----w c:\program files\IE8

2009-02-25 18:17 --------- d-----w c:\documents and settings\Arnoras\Application Data\uTorrent

2009-02-25 18:11 --------- d-----w c:\program files\eMule

2009-02-25 17:34 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-25 00:45 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-02-25 00:44 --------- d-----w c:\program files\DAEMON Tools Toolbar

2009-02-21 20:00 --------- d-----w c:\program files\Steam

2009-02-20 18:19 --------- d-----w c:\program files\Windows Live Safety Center

2009-02-14 18:57 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2009-02-14 11:58 --------- d-----w c:\documents and settings\Arnoras\Application Data\LimeWire

2009-02-14 11:33 --------- d-----w c:\program files\AviSynth 2.5

2009-02-12 21:53 --------- d-----w c:\program files\Messenger Plus! Live

2009-02-11 21:27 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!

2009-02-08 23:02 --------- d-----w c:\program files\DeskSpace

2009-02-08 22:54 --------- d-----w c:\program files\Gpotato.eu

2009-01-15 18:47 --------- d-----w c:\program files\Common Files

2009-01-11 01:40 --------- d-----w c:\program files\Woonoz

2009-01-11 01:40 --------- d-----w c:\program files\Anniversaire

2009-01-09 19:20 --------- d-----w c:\documents and settings\Arnoras\Application Data\Mumble

2009-01-07 19:10 --------- d-----w c:\program files\Packard Bell

2009-01-07 18:48 --------- d-----w c:\program files\Fichiers communs\InstallShield

2008-12-29 17:50 --------- d-----w c:\program files\Conquete 2.0

2008-12-28 15:01 --------- d-----w c:\documents and settings\Arnoras\Application Data\SiteAdvisor

2008-12-26 20:19 --------- d-----w c:\program files\Team JPN

2008-11-16 21:15 29,138,232 ----a-w c:\program files\IE8.exe

2008-10-30 19:33 106 ----a-w c:\program files\path.ini

2008-10-08 14:37 0 ----a-w c:\program files\checkversion.txt

2008-07-17 16:36 7,710,016 ----a-w c:\program files\FLV PlayerRCATSetup.exe

2008-05-08 23:58 222 ----a-w c:\program files\pink.bmp

2008-04-10 23:15 4,162 ----a-w c:\program files\color1.bmp

2008-03-24 21:49 474 ----a-w c:\program files\color.bmp

2007-12-07 09:18 19,636 ----a-w c:\program files\th_07.jpg

2007-12-07 09:05 680 ----a-w c:\program files\bl_07.jpg

2007-12-05 13:15 23,446 ----a-w c:\program files\bk2.jpg

2007-12-05 01:06 10,528 ----a-w c:\program files\else.gif

2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll

2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll

2008-03-16 13:30 216,064 --sh--r c:\windows\system32\nbDX.dll

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

"Google Update"="c:\documents and settings\Arnoras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-14 133104]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-02-25 2144088]

"Spyware Begone"="c:\spywarebegone-fs\freescan.exe" [2005-06-09 2951168]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]

"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-25 81000]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]

"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i420vfw.dll

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" boot

"Steam"="c:\program files\Steam\Steam.exe" -silent

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"LogitechVideoRepair"=c:\program files\Logitech\Video\ISStart.exe

"LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe

"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"13040:TCP"= 13040:TCP:Utorrent

"13040:UDP"= 13040:UDP:Utorrent2

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

 

R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2008-07-05 12032]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-07-05 31592]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{794b094a-4a7c-11dd-8b4c-0013d4ab966d}]

\Shell\AutoRun\command - N:\ClickMe.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81a04a39-4e53-11dd-add4-0013d4ab966d}]

\Shell\Auto\command - cmd /C launch.bat

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

.

Contenu du dossier 'Tâches planifiées'

 

2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

 

2009-02-25 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2009-01-10 17:02]

 

2009-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-506798661-420042220-3537155185-1007.job

- c:\documents and settings\Arnoras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-14 13:16]

 

2009-01-02 c:\windows\Tasks\Maintenance en 1 clic.job

- c:\program files\TuneUp Utilities 2008\OneClick.exe []

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe

 

 

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.dufpy.com

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

FF - ProfilePath - c:\documents and settings\Arnoras\Application Data\Mozilla\Firefox\Profiles\w0wpsbtq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - component: c:\documents and settings\Arnoras\Application Data\Mozilla\Firefox\Profiles\w0wpsbtq.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll

FF - component: c:\documents and settings\Arnoras\Application Data\Mozilla\Firefox\Profiles\w0wpsbtq.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll

FF - component: c:\documents and settings\Arnoras\Application Data\Mozilla\Firefox\Profiles\w0wpsbtq.default\extensions\{8241b8d6-6bac-4f48-b012-464cf0f636e9}\components\FFAlert.dll

FF - plugin: c:\documents and settings\Arnoras\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-25 20:22:07

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Razer\Lachesis\OSD.exe

c:\program files\Razer\Lachesis\razertra.exe

c:\program files\Razer\Lachesis\razerofa.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2009-02-25 20:27:00 - La machine a redémarré

ComboFix-quarantined-files.txt 2009-02-25 19:26:58

 

Avant-CF: 108,331,491,328 octets libres

Après-CF: 108,158,828,544 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

 

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

523 --- E O F --- 2009-02-14 18:58:32

 

 

 

Merci de m'aider, ce problème est vraiment très gênant...

Modifié par Arnoras
Lien vers le commentaire
Partager sur d’autres sites

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Bonsoir, on traite chaque cas sur mesure, et sur combofix, je rabâche le même truc toute la journée : ne pas utiliser seul. Ne pas copier une procédure d'ailleurs (si l'autre a une bestiole différente, on fait quoi ? Si l'autre a des bestioles que tu n'as pas, on fait quoi ?)

 

As-tu besoin d'aide, ou sais-tu déjà faire ?

On ne se formalisera pas. :P

 

Voir ici :

http://forum.zebulon.fr/faq-fonctionnement...on-t158392.html

Lien vers le commentaire
Partager sur d’autres sites
Arnoras Junior Member

Arnoras

Posté(e)
  • Auteur
Posté(e) (modifié)

Si je m'en suis servi, c'est parceque j'ai trouvé sur google quelqu'un qui avait sensiblement le même problème que moi, et je ne voulais pas posté un autre topic inutile parmis ceux qui pullue déjà la toile... Pardon.

 

 

 

On recommence depuis le début.

 

Symptome : je ne peux utiliser ni Avast, ni spybot, ni msn, msn je ne peux plus l'installer, quand je lance l'installeur, il me dit qu'il est déjà installer =/ et quand je clique sur le raccourci, il me dit que le dossier est introuvable XD.

 

après différente manip, j'ai quand même le mode sans echec qui est utilisable, j'ai réussis a utiliser HiJackThis Voici le log qu'il m'a donné :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:32:43, on 26/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 6044 bytes

Modifié par Arnoras
Lien vers le commentaire
Partager sur d’autres sites
Arnoras Junior Member

Arnoras

Posté(e)
  • Auteur
Posté(e)

effectivement pour la première fois il a fonctionné xD, le voici :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:50:03, on 26/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Razer\Lachesis\razerhid.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Documents and Settings\Arnoras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Razer\Lachesis\OSD.exe

C:\Program Files\Razer\Lachesis\razertra.exe

C:\Program Files\Razer\Lachesis\razerofa.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dufpy.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Arnoras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spyware Begone] C:\spywarebegone-fs\freescan.exe -FastScan

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 7697 bytes

Lien vers le commentaire
Partager sur d’autres sites
Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

IL est possible que Kasperky ne fonctionne plus totalement, auquel cas il faudra le réinstaller.

 

Ta machine est très vulnérable, et sinon, Bagle s'attrape par des cracks (facile à éviter).

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

NB : Si MBAM te demande à redémarrer, fais-le.

Lien vers le commentaire
Partager sur d’autres sites
Arnoras Junior Member

Arnoras

Posté(e)
  • Auteur
Posté(e)

Voila le rapport d'analyse de MBAM, apparemment tout est "en ordre" :

 

Malwarebytes' Anti-Malware 1.34

Version de la base de données: 1804

Windows 5.1.2600 Service Pack 3

 

26/02/2009 00:59:14

mbam-log-2009-02-26 (00-59-14).txt

 

Type de recherche: Examen rapide

Eléments examinés: 65663

Temps écoulé: 3 minute(s), 9 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

Lien vers le commentaire
Partager sur d’autres sites
Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    Ca fait deux rapports donc. :P

Lien vers le commentaire
Partager sur d’autres sites
Arnoras Junior Member

Arnoras

Posté(e)
  • Auteur
Posté(e)

Log.txt :

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Arnoras at 2009-02-26 01:12:54

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 103 GB (54%) free of 190 GB

Total RAM: 2047 MB (71% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:12:56, on 26/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Razer\Lachesis\razerhid.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Documents and Settings\Arnoras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Razer\Lachesis\OSD.exe

C:\Program Files\Razer\Lachesis\razertra.exe

C:\Program Files\Razer\Lachesis\razerofa.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Arnoras\Bureau\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Arnoras.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dufpy.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Arnoras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spyware Begone] C:\spywarebegone-fs\freescan.exe -FastScan

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 7803 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GlaryInitialize.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-506798661-420042220-3537155185-1007.job

C:\WINDOWS\tasks\Maintenance en 1 clic.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{1DBAB667-A486-421e-AFE4-CF07DD0088E5}

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]

"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]

"nwiz"=nwiz.exe /install []

"Lachesis"=C:\Program Files\Razer\Lachesis\razerhid.exe [2007-09-12 172032]

"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-10-08 221184]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

"!AVG Anti-Spyware"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [2007-06-11 6731312]

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-25 206088]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288]

"Google Update"=C:\Documents and Settings\Arnoras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-14 133104]

"Spyware Begone"=C:\spywarebegone-fs\freescan.exe -FastScan []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{794b094a-4a7c-11dd-8b4c-0013d4ab966d}]

shell\AutoRun\command - N:\ClickMe.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81a04a39-4e53-11dd-add4-0013d4ab966d}]

shell\Auto\command - cmd /C launch.bat

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

 

 

======List of files/folders created in the last 1 months======

 

2009-02-26 01:12:54 ----D---- C:\rsit

2009-02-26 00:55:18 ----D---- C:\Documents and Settings\Arnoras\Application Data\Malwarebytes

2009-02-26 00:55:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-02-26 00:55:13 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-02-25 22:43:23 ----D---- C:\Program Files\Kaspersky Lab

2009-02-25 22:43:23 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2009-02-25 22:38:30 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-02-25 22:14:41 ----D---- C:\!KillBox

2009-02-25 22:12:50 ----A---- C:\InfoSat.txt

2009-02-25 22:06:39 ----SHD---- C:\RECYCLER

2009-02-25 20:27:01 ----A---- C:\ComboFix.txt

2009-02-25 20:11:28 ----A---- C:\Boot.bak

2009-02-25 20:11:21 ----RASHD---- C:\cmdcons

2009-02-25 20:10:10 ----A---- C:\WINDOWS\zip.exe

2009-02-25 20:10:10 ----A---- C:\WINDOWS\SWREG.exe

2009-02-25 20:10:10 ----A---- C:\WINDOWS\NIRCMD.exe

2009-02-25 20:10:09 ----A---- C:\WINDOWS\VFIND.exe

2009-02-25 20:10:09 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-02-25 20:10:09 ----A---- C:\WINDOWS\SWSC.exe

2009-02-25 20:10:09 ----A---- C:\WINDOWS\sed.exe

2009-02-25 20:10:09 ----A---- C:\WINDOWS\grep.exe

2009-02-25 20:10:09 ----A---- C:\WINDOWS\fdsv.exe

2009-02-25 20:09:51 ----D---- C:\WINDOWS\ERDNT

2009-02-25 20:09:51 ----D---- C:\Qoobox

2009-02-25 20:09:46 ----D---- C:\combo-fix

2009-02-25 20:03:55 ----D---- C:\Program Files\Trend Micro

2009-02-25 19:59:04 ----D---- C:\WINDOWS\system32\Kaspersky Lab

2009-02-25 19:30:26 ----A---- C:\WINDOWS\iun6002.exe

2009-02-25 19:30:25 ----D---- C:\spywarebegone-fs

2009-02-25 19:27:52 ----D---- C:\Program Files\Grisoft

2009-02-25 19:02:55 ----D---- C:\Documents and Settings\Arnoras\Application Data\AVS4YOU

2009-02-25 19:02:54 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU

2009-02-25 19:01:35 ----D---- C:\Program Files\Fichiers communs\AVSMedia

2009-02-25 19:01:35 ----D---- C:\Program Files\AVS4YOU

2009-02-25 19:01:35 ----A---- C:\WINDOWS\system32\msvcp70.dll

2009-02-25 19:01:35 ----A---- C:\WINDOWS\system32\mfc70.dll

2009-02-25 17:53:25 ----D---- C:\Documents and Settings\Arnoras\Application Data\eBay

2009-02-25 17:53:25 ----D---- C:\Documents and Settings\All Users\Application Data\eBay

2009-02-25 14:29:17 ----D---- C:\Program Files\PhotoFiltre

2009-02-23 22:53:25 ----D---- C:\Documents and Settings\Arnoras\Application Data\Intelliremote

2009-02-23 22:53:24 ----D---- C:\WINDOWS\Intelliremote

2009-02-23 19:39:34 ----A---- C:\WINDOWS\usdthank.ini

2009-02-23 19:39:34 ----A---- C:\WINDOWS\idc.ini

2009-02-23 19:38:34 ----D---- C:\Documents and Settings\Arnoras\Application Data\WinRAR

2009-02-22 14:42:45 ----RSH---- C:\WINDOWS\system32\nbDX.dll

2009-02-22 14:42:45 ----RSH---- C:\WINDOWS\system32\msfDX.dll

2009-02-22 14:42:45 ----RSH---- C:\WINDOWS\system32\flvDX.dll

2009-02-22 13:51:40 ----A---- C:\WINDOWS\system32\xvidcore.dll

2009-02-20 23:00:35 ----D---- C:\Program Files\eBay

2009-02-20 22:42:13 ----A---- C:\WINDOWS\system32\dsetup.dll

2009-02-20 22:42:08 ----D---- C:\Program Files\Fichiers communs\GeoVid

2009-02-20 21:34:21 ----A---- C:\WINDOWS\system32\devil.dll

2009-02-20 21:34:21 ----A---- C:\WINDOWS\system32\avisynth.dll

2009-02-20 21:34:19 ----A---- C:\WINDOWS\system32\yv12vfw.dll

2009-02-20 21:34:19 ----A---- C:\WINDOWS\system32\i420vfw.dll

2009-02-20 21:32:34 ----D---- C:\Program Files\eRightSoft

2009-02-19 12:54:05 ----D---- C:\Documents and Settings\Arnoras\Application Data\Apple Computer

2009-02-19 12:53:56 ----A---- C:\WINDOWS\system32\GEARAspi.dll

2009-02-19 12:53:42 ----D---- C:\Program Files\iPod

2009-02-19 12:53:38 ----D---- C:\Program Files\iTunes

2009-02-19 12:53:38 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-02-19 12:52:48 ----D---- C:\Program Files\QuickTime

2009-02-19 12:52:47 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

2009-02-19 12:52:33 ----D---- C:\Program Files\Apple Software Update

2009-02-19 12:52:13 ----D---- C:\Program Files\Fichiers communs\Apple

2009-02-19 12:52:13 ----D---- C:\Documents and Settings\All Users\Application Data\Apple

2009-02-19 12:26:50 ----A---- C:\WINDOWS\system32\ptpusb.dll

2009-02-19 12:26:47 ----A---- C:\WINDOWS\system32\ptpusd.dll

2009-02-18 02:00:21 ----D---- C:\Program Files\ElcomSoft

2009-02-17 10:51:04 ----D---- C:\Documents and Settings\Arnoras\Application Data\U3

2009-02-16 13:47:08 ----D---- C:\Documents and Settings\Arnoras\Application Data\fretsonfire

2009-02-16 13:46:51 ----D---- C:\Program Files\Frets on Fire

2009-02-16 10:58:42 ----A---- C:\WINDOWS\IFinst27.exe

2009-02-15 23:14:42 ----RHD---- C:\Documents and Settings\Arnoras\Application Data\SecuROM

2009-02-15 23:09:24 ----D---- C:\Program Files\Aspyr

2009-02-15 23:09:18 ----HDC---- C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$

2009-02-14 19:56:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$

2009-02-14 18:32:38 ----D---- C:\Documents and Settings\Arnoras\Application Data\GlarySoft

2009-02-14 16:44:32 ----D---- C:\TarguTrans

2009-02-14 16:41:51 ----D---- C:\WINDOWS\speech

2009-02-14 16:41:47 ----D---- C:\WINDOWS\Lhsp

2009-02-14 16:32:27 ----D---- C:\Program Files\Power Translator 12

2009-02-14 13:13:01 ----D---- C:\profiles

2009-02-14 11:01:16 ----A---- C:\Setting.txt

2009-02-14 10:53:16 ----D---- C:\Program Files\WinPcap

2009-02-14 10:52:41 ----D---- C:\Program Files\Net Tools

2009-02-11 15:04:35 ----D---- C:\Program Files\LucasArts

2009-02-06 18:52:40 ----A---- C:\WINDOWS\system32\sirenacm.dll

2009-02-05 22:55:23 ----D---- C:\Program Files\Glary Utilities

2009-02-05 22:55:10 ----D---- C:\Program Files\CCleaner

2009-02-05 22:52:56 ----D---- C:\Program Files\Auslogics

2009-02-05 22:45:28 ----D---- C:\Program Files\VS Revo Group

2009-02-05 13:37:24 ----RA---- C:\WINDOWS\system32\roboex32.dll

2009-02-05 13:37:24 ----RA---- C:\WINDOWS\system32\inetwh32.dll

2009-02-04 18:48:15 ----RD---- C:\Documents and Settings\Arnoras\Application Data\Brother

2009-02-04 14:12:26 ----A---- C:\WINDOWS\Navigma.INI

2009-02-01 22:38:52 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts

2009-02-01 14:58:19 ----D---- C:\Program Files\LoCoSoft

2009-02-01 14:52:46 ----D---- C:\Documents and Settings\Arnoras\Application Data\AlauxSoft

2009-01-27 07:45:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

 

======List of files/folders modified in the last 1 months======

 

2009-02-26 01:12:15 ----D---- C:\WINDOWS\Temp

2009-02-26 00:59:38 ----D---- C:\Program Files\Mozilla Firefox

2009-02-26 00:55:16 ----HD---- C:\WINDOWS\system32\drivers

2009-02-26 00:55:13 ----D---- C:\Program Files

2009-02-26 00:41:35 ----D---- C:\WINDOWS

2009-02-26 00:37:21 ----SHD---- C:\WINDOWS\Installer

2009-02-26 00:37:20 ----SHD---- C:\Config.Msi

2009-02-25 22:51:44 ----N---- C:\WINDOWS\SchedLgU.Txt

2009-02-25 22:43:46 ----HD---- C:\WINDOWS\inf

2009-02-25 22:43:37 ----D---- C:\WINDOWS\system32

2009-02-25 22:43:20 ----D---- C:\WINDOWS\system32\CatRoot

2009-02-25 22:43:19 ----D---- C:\WINDOWS\system32\CatRoot2

2009-02-25 22:09:30 ----HD---- C:\WINDOWS\$hf_mig$

2009-02-25 20:54:00 ----D---- C:\Program Files\IE8

2009-02-25 20:22:10 ----A---- C:\WINDOWS\system.ini

2009-02-25 20:20:01 ----D---- C:\WINDOWS\system32\config

2009-02-25 20:19:15 ----D---- C:\WINDOWS\AppPatch

2009-02-25 20:19:14 ----D---- C:\Program Files\Fichiers communs

2009-02-25 20:11:29 ----RASH---- C:\boot.ini

2009-02-25 19:59:05 ----SD---- C:\WINDOWS\Downloaded Program Files

2009-02-25 19:17:28 ----D---- C:\Documents and Settings\Arnoras\Application Data\uTorrent

2009-02-25 19:11:13 ----D---- C:\Program Files\eMule

2009-02-25 19:02:19 ----RSD---- C:\WINDOWS\Fonts

2009-02-25 18:34:55 ----HD---- C:\Program Files\InstallShield Installation Information

2009-02-25 15:24:23 ----D---- C:\temp

2009-02-25 14:29:28 ----D---- C:\WINDOWS\Prefetch

2009-02-25 01:45:05 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-02-25 01:44:03 ----D---- C:\Program Files\DAEMON Tools Toolbar

2009-02-25 01:43:05 ----D---- C:\WINDOWS\Debug

2009-02-21 21:00:00 ----D---- C:\Program Files\Steam

2009-02-20 22:41:43 ----D---- C:\WINDOWS\Downloaded Installations

2009-02-20 19:19:17 ----D---- C:\Program Files\Windows Live Safety Center

2009-02-20 02:09:07 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared

2009-02-19 12:53:56 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-02-19 12:52:36 ----SD---- C:\WINDOWS\Tasks

2009-02-19 12:26:54 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-02-15 23:09:19 ----SD---- C:\WINDOWS\system32\Microsoft

2009-02-15 23:08:56 ----D---- C:\WINDOWS\system32\DirectX

2009-02-14 19:57:24 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2009-02-14 12:58:27 ----D---- C:\Documents and Settings\Arnoras\Application Data\LimeWire

2009-02-14 12:33:19 ----D---- C:\Program Files\AviSynth 2.5

2009-02-12 22:53:27 ----D---- C:\Program Files\Messenger Plus! Live

2009-02-12 05:56:17 ----A---- C:\WINDOWS\system32\MRT.exe

2009-02-11 22:27:43 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2009-02-09 00:02:36 ----D---- C:\Program Files\DeskSpace

2009-02-08 23:54:48 ----D---- C:\Program Files\Gpotato.eu

2009-02-08 11:41:34 ----RSD---- C:\WINDOWS\assembly

2009-02-04 18:50:35 ----A---- C:\WINDOWS\BRWMARK.INI

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-02-25 226832]

R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-09-19 278728]

R2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-09-19 25416]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]

R3 LachesisFltr;Lachesis Mouse Driver; C:\WINDOWS\system32\drivers\Lachesis.sys [2007-08-08 12032]

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-11-24 33408]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-11-24 12928]

R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-01-31 7104]

R3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-01-31 912768]

R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]

R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 aarzypiz;aarzypiz; C:\WINDOWS\system32\drivers\aarzypiz.sys []

S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-11-26 25280]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable; C:\WINDOWS\System32\Drivers\SilvrLnk.sys [2004-01-28 21456]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-25 206088]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]

R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2003-04-04 77824]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

 

-----------------EOF-----------------

 

info.txt :

 

info.txt logfile of random's system information tool 1.05 2009-02-26 01:12:58

 

======Uninstall list======

 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}

Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log

AGEIA PhysX v2.4.4-->"C:\Program Files\AGEIA Technologies\uninstall.exe"

Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"

AusLogics Disk Defrag 1.4-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"

AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe

AVS DVDMenu Editor 1.2.1.20-->"C:\Program Files\Fichiers communs\AVSMedia\AVS DVDMenu Editor\unins000.exe"

AVS Video ReMaker 2.4-->"C:\Program Files\AVS4YOU\AVSVideoReMaker\unins000.exe"

AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"

BigAlarm v2.50-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\BigAlarm v2.50\DeIsL1.isu" -c"C:\Program Files\BigAlarm v2.50\_ISREG32.DLL"

Brother HL-2030-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF366762-77D9-4494-AAA3-317809F59113}\SETUP.exe" -l0x40c -removeonly /uninst

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Condition Zero-->"C:\Program Files\Steam\steam.exe" steam://uninstall/80

Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}

EAX Unified (SHELL)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX Unified (SHELL)\Uninst.isu"

eMule-->"C:\Program Files\eMule\Uninstall.exe"

Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}

Frets On Fire-->"C:\Program Files\Frets on Fire\Uninstall.exe"

Glary Utilities 2.10.0.622-->"C:\Program Files\Glary Utilities\unins000.exe"

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Guitar Hero III-->MsiExec.exe /I{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}

Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}

Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}

Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}

Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

LimeWire PRO 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"

Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c

Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL

Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

OpenSSL 0.9.6m-->C:\OpenSSL\unins000.exe

PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"

Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}

Razer Lachesis-->C:\Program Files\InstallShield Installation Information\{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}\Setup.exe -runfromtemp -l0x0009 -removeonly

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}

Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}

Star Wars: Episode I Racer de LucasArts-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\LucasArts\RACER\DeIsL1.isu"

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0

Switch Off-->"C:\Program Files\Switch Off\uninstall.exe"

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

Turbo Lister 2-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}

VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\usbicp_148F9D51ADD758FCD4B68B61FF903F813AA2083E\usbicp.inf

Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\lachesis_5474F75C461E8F731AF2FF7FF70E79E8AC52C56D\lachesis.inf

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinPcap 3.0-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"

Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"

 

======Security center information======

 

AV: Kaspersky Anti-Virus

 

System event log

 

Computer Name: LOCAL-2067AA02C

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

 

Record Number: 12627

Source Name: Service Control Manager

Time Written: 20090214124418.000000+060

Event Type: Informations

User: LOCAL-2067AA02C\Arnoras

 

Computer Name: LOCAL-2067AA02C

Event Code: 7023

Message: Le service Gestion d'applications s'est arrêté avec l'erreur :

Le fichier spécifié est introuvable.

 

 

Record Number: 12626

Source Name: Service Control Manager

Time Written: 20090214124418.000000+060

Event Type: erreur

User:

 

Computer Name: LOCAL-2067AA02C

Event Code: 7036

Message: Le service Gestion d'applications est entré dans l'état : arrêté.

 

Record Number: 12625

Source Name: Service Control Manager

Time Written: 20090214124418.000000+060

Event Type: Informations

User:

 

Computer Name: LOCAL-2067AA02C

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

 

Record Number: 12624

Source Name: Service Control Manager

Time Written: 20090214124418.000000+060

Event Type: Informations

User: LOCAL-2067AA02C\Arnoras

 

Computer Name: LOCAL-2067AA02C

Event Code: 7023

Message: Le service Gestion d'applications s'est arrêté avec l'erreur :

Le fichier spécifié est introuvable.

 

 

Record Number: 12623

Source Name: Service Control Manager

Time Written: 20090214124418.000000+060

Event Type: erreur

User:

 

Application event log

 

Computer Name: LOCAL-2067AA02C

Event Code: 101

Message: MsnMsgr (1900) Le moteur de base de données est arrêté.

 

Record Number: 1100

Source Name: ESENT

Time Written: 20080911222709.000000+120

Event Type: Informations

User:

 

Computer Name: LOCAL-2067AA02C

Event Code: 103

Message: MsnMsgr (1900) \\.\C:\Documents and Settings\Arnoras\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_3C2C_23DF_2C23_92C6\dfsr.db: Le moteur de base de données a arrêté une instance (0).

 

Record Number: 1099

Source Name: ESENT

Time Written: 20080911222709.000000+120

Event Type: Informations

User:

 

Computer Name: LOCAL-2067AA02C

Event Code: 11707

Message: Produit : Agendatronic -- Installation terminée.

 

Record Number: 1098

Source Name: MsiInstaller

Time Written: 20080911181300.000000+120

Event Type: Informations

User: LOCAL-2067AA02C\Arnoras

 

Computer Name: LOCAL-2067AA02C

Event Code: 302

Message: MsnMsgr (1900) \\.\C:\Documents and Settings\Arnoras\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_3C2C_23DF_2C23_92C6\dfsr.db: Le moteur de base de données a exécuté la procédure de récupération avec succès.

 

Record Number: 1097

Source Name: ESENT

Time Written: 20080911174950.000000+120

Event Type: Informations

User:

 

Computer Name: LOCAL-2067AA02C

Event Code: 301

Message: MsnMsgr (1900) \\.\C:\Documents and Settings\Arnoras\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_3C2C_23DF_2C23_92C6\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\Arnoras\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_3C2C_23DF_2C23_92C6\fsr.log.

 

Record Number: 1096

Source Name: ESENT

Time Written: 20080911174950.000000+120

Event Type: Informations

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 0, AuthenticAMD

"PROCESSOR_REVISION"=2f00

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"OPENSSL_CONF"=C:\OpenSSL\bin\openssl.cnf

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

 

-----------------EOF-----------------

Lien vers le commentaire
Partager sur d’autres sites
Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Il y a encore des bestioles à virer.

 

Branche tes clés USB et autres supports amovibles, disques durs externes, etc... avant ce qui suit (infection présente), sans aller dedans les ouvrir.

 

:!: Ce qui suit n'est que pour ta machine, et ta machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

  • Ouvre le Bloc-notes. Vérifie que dans le menu "Format", le "retour automatique à la ligne" est désactivé. Copie colle ceci dedans :

Killall::

 

file::

C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

C:\InfoSat.txt

C:\WINDOWS\IFinst27.exe

C:\WINDOWS\Navigma.INI

 

registry::

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"nwiz"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{794b094a-4a7c-11dd-8b4c-0013d4ab966d}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81a04a39-4e53-11dd-add4-0013d4ab966d}]

 

driver::

aarzypiz

  • Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
     
  • Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture

animation1md2.gif

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...