Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Worm/ircbot.50 [RESOLU]

fav025

Par fav025
dans Analyses et éradication malwares

 Partager

Messages recommandés

fav025 Member

fav025

Posté(e)
Posté(e) (modifié)

Bonjour à tous

 

Antivir me signale, à chaque mise en route de mon PC la présence d'un ver: Worm/ircbot.50.. J'ai beau le mettre en quarantaine, le détruire, rien n'y fait..

 

Il m'indique qu'il se trouve dans C:\x.bat

 

J'ai effectué un scan rapide avec malwayre, il n'a rien trouvé.. Peut être faudrait-il effectuer un scan complet..

 

A la mise en route ce matin, Antivir s'est déclenché 3 fois...

 

Une âme charitable aurait-elle le temps de me prodiguer des conseils pour éliminer cette s......... ?

 

Merci infiniment à l'avance.

 

Fav025

Modifié par fav025

pear Devil Member !

pear

Posté(e)
Posté(e)

Bonjour,

 

 

Téléchargez MBAM

 

[branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update et Launch soient cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

 

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

 

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

 

 

 

ensuite:

 

Téléchargez Random's system information tool (RSIT) par random/random et sauvegardez-le sur le Bureau.

 

Double-cliquez sur RSIT.exe afin de lancer RSIT.

* Cliquez Continue à l'écran Disclaimer.

* Si l'outil HIjackThis (version à jour) n'est pas présent ou détecté sur l'ordinateur, RSIT le télécharge et vous acceptez la licence.

* L'analyse terminée, deux fichiers texte s'ouvriront.:

Poster le contenu de log.txt (qui sera affiché)

ainsi que de info.txt (qui sera réduit dans la Barre des Tâches).

* Si ces deux rapports n'apparaissent pas, vous les trouverez dans le dossier C:\rsit

fav025 Member

fav025

Posté(e)
  • Auteur
Posté(e)

Bonjour Pear

 

Merci pour ta réponse.

 

J'ai mis MalwareBytes antimalware en scan.. Il n'a rien trouvé sur le disque dur.. Malheureusement, une coupure électrique a tout stoppé pendant le scan du disque dur externe..

 

Lors de la remise en route du PC, Antivir s'est a nouveau manifesté en indiquant la presence de ce maudit ver..

 

Voici les rapports demandés avec RSIT

 

log:

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Perso at 2009-08-11 06:44:03

WIN_XP Service Pack 1

System drive C: has 12 GB (16%) free of 72 GB

Total RAM: 2047 MB (79% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 06:44:10, on 11/08/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\usb_magr.exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe

C:\Documents and Settings\Perso\Mes documents\RSIT.exe

C:\Documents and Settings\Perso\Mes documents\Bureau\Logiciels PC\Perso.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\befr.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers

 

communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

 

Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft

 

Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

 

Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

 

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [universal Serial Bus device] usb_magr.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKUS\S-1-5-21-2041825689-3879812656-2972491928-1007\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin

 

Systems\PrintScreen\PrintScreen.exe /nosplash (User '?')

O4 - HKUS\S-1-5-21-2041825689-3879812656-2972491928-1007\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

 

C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

 

Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\befr.htm

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir

 

Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Google Update Service (gupdate1c987ab43d1cc70) (gupdate1c987ab43d1cc70) - Google Inc. - C:\Program

 

Files\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal

 

Firewall 4\kpf4ss.exe

O23 - Service: lxcr_device - - C:\WINDOWS\System32\lxcrcoms.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4

 

SDK\system\vcssecs.exe

 

--

End of file - 6484 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\$~$Sys0$.job

C:\WINDOWS\tasks\$~$Sys1$.job

C:\WINDOWS\tasks\$~$Sys2$.job

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

 

Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

 

Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

 

Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

 

[2008-12-03 304736]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

 

Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

 

Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

 

[2006-08-31 322368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

 

Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-05 657904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

 

Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

 

Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-30 846364]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program

 

Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-12-03 185872]

"Universal Serial Bus device"=C:\WINDOWS\usb_magr.exe [2009-08-08 76288]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Gadwin PrintScreen 3.1"=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2005-09-27 1073152]

"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2002-08-30 13312]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]

C:\Program Files\a-squared Anti-Malware\a2guard.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

C:\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-09-12 335872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

C:\Program Files\DNA\btdna.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

Mixer.exe /startup []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\System32\ctfmon.exe [2002-08-30 13312]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-02-07 98304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]

C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-02-02 290816]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]

C:\Program Files\Free Download Manager\fdm.exe -autorun []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]

C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [2006-03-23 1591808]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.1]

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2005-09-27 1073152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

C:\Program Files\Logitech\Video\ISStart.exe [2003-12-16 188416]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

C:\Program Files\Logitech\Video\LogiTray.exe [2003-12-16 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]

C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2006-01-22 286720]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]

C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2006-03-10 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

C:\WINDOWS\SOUNDMAN.EXE [2003-04-24 54784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier.exe]

C:\Program Files\SuperCopier\SuperCopier.exe [2003-04-25 683520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-12-03 185872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]

C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe [2003-08-13 299008]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu

 

Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check 2.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu

 

Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SharedAccess"=2

"Eventlog"=2

"EPSONStatusAgent2"=2

"wuauserv"=2

"ATI Smart"=2

"Ati HotKey Poller"=2

"helpsvc"=2

"gusvc"=2

"aawservice"=2

"a2free"=2

"a2AntiMalware"=2

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=

:\WINDOW

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=95000000

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=

"NoDriveAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplic

 

ations\list]

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplicat

 

ions\list]

 

======File associations======

 

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

 

======List of files/folders created in the last 1 months======

 

2009-08-11 06:44:03 ----D---- C:\rsit

2009-08-11 06:37:50 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-08-10 06:41:07 ----D---- C:\Program Files\Prevx

2009-08-10 06:41:01 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI

2009-08-08 23:52:43 ----D---- C:\Program Files\FSFDT

2009-08-08 23:14:05 ----RSH---- C:\WINDOWS\usb_magr.exe

2009-08-08 23:13:21 ----A---- C:\WINDOWS\System32\Ms12x.exe

2009-08-06 09:09:23 ----D---- C:\Program Files\FSacars

2009-07-15 17:32:55 ----A---- C:\WINDOWS\System32\Ms07.exe

 

======List of files/folders modified in the last 1 months======

 

2009-08-11 06:40:47 ----D---- C:\WINDOWS

2009-08-11 06:38:45 ----D---- C:\WINDOWS\Temp

2009-08-11 06:23:40 ----D---- C:\Program Files\Mozilla Firefox

2009-08-10 06:41:07 ----RD---- C:\Program Files

2009-08-10 06:41:07 ----D---- C:\WINDOWS\System32\drivers

2009-08-10 06:41:00 ----A---- C:\WINDOWS\wininit.ini

2009-08-09 21:32:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-08-09 21:23:39 ----D---- C:\RealityXP

2009-08-09 16:29:44 ----D---- C:\Program Files\FS Panel Studio

2009-08-09 09:42:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-08-08 23:13:21 ----D---- C:\WINDOWS\system32

2009-08-08 21:41:22 ----D---- C:\WINDOWS\System32\CatRoot2

2009-08-08 19:52:02 ----D---- C:\Documents and Settings\Perso\Application Data\teamspeak2

2009-08-07 14:50:40 ----D---- C:\Program Files\NCalc5.07

2009-08-07 12:02:46 ----A---- C:\WINDOWS\ModemLog_Aztech CNR2900 V.92 Modem.txt

2009-08-06 09:09:24 ----SHD---- C:\WINDOWS\Installer

2009-08-06 09:09:24 ----D---- C:\Config.Msi

2009-07-30 07:25:01 ----D---- C:\gmax

2009-07-24 19:14:46 ----D---- C:\Program Files\HexEdit

2009-07-24 17:40:14 ----RSD---- C:\WINDOWS\Fonts

2009-07-22 17:56:14 ----D---- C:\Program Files\SquawkBox

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2002-12-12 35328]

R1 Asapi;Asapi; C:\WINDOWS\System32\drivers\Asapi.sys [2002-08-06 11264]

R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2009-02-13 45416]

R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 274432]

R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 81920]

R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2009-07-13 28520]

R1 vcsmpdrv;vcsmpdrv; C:\WINDOWS\System32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-04-25 730092]

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]

R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]

R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-04-24 41984]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2003-01-21 210024]

R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2003-01-17 507008]

R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]

R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29

 

19328]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29

 

19328]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384]

S3 EPUSBSTOR;EPSON USB Storage Driver; C:\WINDOWS\System32\DRIVERS\epusbsto.sys [2001-09-10 17976]

S3 hidgame;Activateur de port HID à manette de jeu Microsoft; C:\WINDOWS\System32\DRIVERS\hidgame.sys [2001-08-17 8576]

S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]

S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2003-01-21 1290312]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-07-09 10112]

S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2003-01-17 162136]

S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-08-29 891711]

S3 QCMerced;Logitech QuickCam Messenger; C:\WINDOWS\System32\DRIVERS\LVCM.sys [2003-06-27 472332]

S3 RecAgent;recagent; \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys []

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-07-09 10880]

S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2003-01-21 84784]

S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2002-08-29 56832]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-13 185089]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]

R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe [2005-12-19

 

1368064]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]

R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-01-17 45056]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]

R2 VCSSecS;Virtual CD v4 Security service (SDK - Version); C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16

 

139264]

S2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2009-08-10 4368952]

S2 gupdate1c987ab43d1cc70;Google Update Service (gupdate1c987ab43d1cc70); C:\Program Files\Google\Update\GoogleUpdate.exe

 

[2009-02-05 133104]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;

 

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

S3 lxcr_device;lxcr_device; C:\WINDOWS\System32\lxcrcoms.exe [2006-02-03 495616]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S4 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe [2008-05-12 587384]

S4 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-06-25 718880]

S4 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-29 611664]

S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2006-05-03 413696]

S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]

S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 182768]

 

-----------------EOF-----------------

 

 

Info:

 

info.txt logfile of random's system information tool 1.06 2009-08-11 06:44:13

 

======Uninstall list======

 

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

-->C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove

-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\SETUP.EXE" -uninstall

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

'757 Freighter Captain' Expansion Model-->C:\Program Files\Microsoft Games\Flight Simulator 9\csA754_uninstall.exe

'757-200 Captain' Pro Pack-->C:\Program Files\Microsoft Games\Flight Simulator 9\csP752_uninstall.exe

A310 The Master's Edition v1.5 Update-->0:\Documents and Settings\Perso\Mes documents\A310 v.1.5\A310.Patch.1.5.Uninstal.exe

ActiveSky Version 6 and ActiveSky Graphics-->MsiExec.exe /X{6C06AC26-DBD1-46E5-9863-33E7633566E5}

ActiveSky2004.5 Update-->MsiExec.exe /X{C30E5DE8-AF71-48B9-8E4E-B2B8F98CD8E6}

Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}

Advanced Voice Client 1.0-->"C:\Program Files\Advanced Voice Client\unins000.exe"

aerosoft's - aerosoft's Ibiza and Formentera - FS2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6054E11-9CD7-4F04-92B2-1F7D3BA58C72}\Setup.exe" -uninst

aerosoft's - Brussels 2007-->C:\Program Files\InstallShield Installation Information\{D4FB2856-E6EB-4864-A241-4587ED21A11B}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly

aerosoft's - CanaryIslands 3.2 Update - FS2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B0000B7-89C7-49FD-B9CC-139CA2456822}\Setup.exe" -uninst

aerosoft's - France 1 - FS2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AA7A04E-2A01-4208-A477-236CD1010AE1}\Setup.exe" -uninst

aerosoft's - France 2 - FS2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AEB54C5-FF4A-4CCF-A51C-BB9C3DD56E05}\Setup.exe" -uninst

aerosoft's - German Airports 1 Bundle - FS2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C80DD6F-0BFF-4177-97E0-4A2DD831FD62}\Setup.exe" -uninst

aerosoft's - German Airports 2 - Cologne-Bonn - FS2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46464A5D-7D14-41E3-9C26-E3C186F37D84}\Setup.exe" -uninst

aerosoft's - German Airports 2 - Dortmund-->C:\Program Files\InstallShield Installation Information\{3ABDFABB-FA48-4BCA-9ECC-3EFC1E5143D2}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly

aerosoft's - German Airports 2 - Leipzig - FS2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{705F27B3-5B35-4EC4-A258-BF16D83BE22B}\Setup.exe" -uninst

aerosoft's - German Airports 2 - Muenster-Osnabrueck-->C:\Program Files\InstallShield Installation Information\{608B7A43-D176-4309-8999-D772F9A01CD4}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly

aerosoft's - German Airports 3 - FS2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECE1939E-3491-409E-87B7-E7DF65E7B909}\Setup.exe" -uninst

aerosoft's - German Airports 3 - Paderborn-Lippstadt-->C:\Program Files\InstallShield Installation Information\{F87CADC4-D447-462A-80C5-A1B996B2F61F}\setup.exe -runfromtemp -l0x0009 -removeonly

aerosoft's - German Airports 4 - FS2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{674D3526-6B4F-468A-9802-1130A39B1562}\Setup.exe" -uninst

aerosoft's - Gibraltar 2004 - FS2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D82B298-37CB-45A9-8DCF-653AE7970B51}\Setup.exe" -uninst

aerosoft's - London Heathrow 2008-->C:\Program Files\InstallShield Installation Information\{C0A6901F-C919-47A3-A4D9-E2056314086B}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly

aerosoft's - Madrid 2008-->C:\Program Files\InstallShield Installation Information\{0FC39141-1BB8-4C29-9D74-A6710131B74F}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly

aerosoft's - Mega Airport Frankfurt - FS2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4E22434-1BCE-4C91-A1E4-FC352DFD4B3B}\Setup.exe" -uninst

aerosoft's - Scenery Germany - Bremen-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19590C2B-8710-4DEB-BEC9-75491179BE7D}\Setup.exe" -uninst

aerosoft's - Scenery Germany 3 - FS2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48209CA1-7163-43AB-B55C-23C3BB431CFA}\Setup.exe" -uninst

Aircraft Container SDK-->MsiExec.exe /I{757F289C-0811-496A-8199-4CE49A2A324D}

a-squared Free 4.0-->"C:\Program Files\a-squared Free\unins000.exe"

ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe"

AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

BlazeDVD V3.0 Professional-->"C:\Program Files\BlazeVideo\BlazeDVD 3\unins000.exe"

By Pilots for Pilots-->C:\PROGRA~1\BYPILO~1\UNWISE.EXE C:\PROGRA~1\BYPILO~1\INSTALL.LOG

C-130 Extra Pack 1.1-->C:\Program Files\Microsoft Games\Flight Simulator 9\csE130_uninstall.exe

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CIS Antonov An-24-->MsiExec.exe /I{0705D688-35BC-4CB5-9889-49FC7F16204F}

CLOUD9 Amsterdam 1.02-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2874FFC3-24DA-4BE7-B122-0573CED08A98}\Setup.exe" -l0x9

Correctif Windows XP (SP2) Q327979-->C:\WINDOWS\$NtUninstallQ327979$\spuninst\spuninst.exe

Correctif Windows XP (SP2) q330512-->C:\WINDOWS\$NtUninstallq330512$\spuninst\spuninst.exe

Correctif Windows XP (SP2) Q330909-->C:\WINDOWS\$NtUninstallQ330909$\spuninst\spuninst.exe

Correctif Windows XP (SP2) Q331816-->C:\WINDOWS\$NtUninstallQ331816$\spuninst\spuninst.exe

Correctif Windows XP (SP2) Q810020-->C:\WINDOWS\$NtUninstallQ810020$\spuninst\spuninst.exe

Correctif Windows XP (SP2) Q814545-->C:\WINDOWS\$NtUninstallQ814545$\spuninst\spuninst.exe

Correctif Windows XP (SP2) Q815411-->C:\WINDOWS\$NtUninstallQ815411$\spuninst\spuninst.exe

Easy CD-DA Extractor 10-->"C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 10\irunin.xml"

EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly

EclipseUI-->MsiExec.exe /I{33221E20-4DBB-4C7F-99CF-18967C66137A}

EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"

FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"

Flight Simulator 2004 BGLComp SDK-->MsiExec.exe /I{12BE408B-65A7-4A5E-90BC-28965F7F08C9}

Flight Simulator 2004 Panels SDK-->MsiExec.exe /I{E35A1DBE-30E3-4F87-A1B9-593B87594B45}

FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"

Fraps (remove only)-->"C:\Fraps\uninstall.exe"

FS Panel Studio for FSX Build 20207-->C:\Program Files\FS Panel Studio\uninst.exe

FSacars-->MsiExec.exe /I{FFC78FC9-2FE6-4648-BFEB-446C61C2D61E}

FSAddon - FSCargo-->C:\Program Files\Microsoft Games\Flight Simulator 9\UnInstall_FSCargo.exe

FSAutoStart-->MsiExec.exe /I{666E0B91-3FD3-43B7-B6A2-EB9012758982}

FSDreamTeam Zurich9 1.3.1-->"C:\Program Files\Microsoft Games\Flight Simulator 9\unins000.exe"

FSFDT FSCopilot-->C:\Program Files\FSFDT\uninstallFSCopilot.exe

FSFDT FSInn-->C:\Program Files\FSFDT\uninstallFSInn.exe

FSNavigator-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F76FF6D-B992-4FD9-8686-F09F868B2C58}\Setup.exe" -l0x9

Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe

getPlus® for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1

gmax-->MsiExec.exe /X{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}

Google Chrome-->"C:\Program Files\Google\Chrome\Application\1.0.154.65\Installer\setup.exe" --uninstall --system-level

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}

HexEdit-->MsiExec.exe /I{6EC2F8D1-6303-4E49-9F17-4D537C648F5B}

HijackThis 2.0.2-->"C:\Documents and Settings\Perso\Mes documents\Bureau\Logiciels PC\HijackThis.exe" /uninstall

ISD Project - LIPZ and LIPV 2003-->MsiExec.exe /I{DFA94D6A-1446-4690-878D-23F3D5417711}

IvAc v1.1.12 (b183)-->"C:\Program Files\IVAO\IvAc\unins000.exe"

IvAi v0.3.2-->"C:\Program Files\IVAO\IvAi\unins000.exe"

IvAp v1.3.8 (b2150)-->"C:\Program Files\IVAO\IvAp\unins000.exe"

Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

La boite a couleurs version 1.6.14-->"C:\Program Files\LaBoiteACouleurs\unins000.exe"

LAGO Turin Scenery 1.51 for FS2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{95ECE1FC-5020-4957-8A40-E574FEEC6937}\Setup.exe" -l0x9

Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Legendary C-130-->C:\Program Files\Microsoft Games\Flight Simulator 9\csC130_uninstall.exe

Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG

Logitech QuickCam-->MsiExec.exe /I{A488D63E-B3DD-4423-892F-2F2EC8909518}

Macromedia Dreamweaver MX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x40c mmUninstall

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft DirectX Transform optional components-->RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft Speech SDK 5.1-->MsiExec.exe /I{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

MTL v2.0.1-->"C:\Program Files\IVAO\MTL\unins000.exe"

Natural World Trees-->MsiExec.exe /X{5CDDCA2E-2882-4BCC-96A2-14163D5234DE}

Navigation Data 2002-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\PIANE Corp.\Navigation Data 2002\Uninst.isu"

NCalc 5.1.1-->"C:\Program Files\NCalc5.07\unins000.exe"

Notepad++-->C:\Program Files\Notepad++\uninstall.exe

Nvu 1.0-->"C:\Program Files\Nvu\unins000.exe"

OCS PT-154-->C:\WINDOWS\OCS PT-154 Uninstaller.exe

Office Viewer OCX v3.0-->"C:\Program Files\OA\unins000.exe"

OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}

Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

Package du correctif Windows XP [voir Q331060 pour plus de détails]-->C:\WINDOWS\$NtUninstallQ331060$\spuninst\spuninst.exe

PCI Audio Applications-->C:\Program Files\PCI Audio Applications\Bin\Uninstall.exe

PCI Audio Driver-->cmuninst.exe

PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"

Prevx 3.0-->"C:\Program Files\Prevx\prevx.exe" /prop UNINSTALL=Y

Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

Ramboost-->C:\Program Files\ramboost\Uninstal.exe

Reality XP Flight Line Wx500-->"C:\Program Files\Microsoft Games\Flight Simulator 9\RealityXP\Flight Line Wx500\unins000.exe"

RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Remove UK2000 Birmingham Xtreme files-->C:\WINDOWS\iun506.exe C:\Program Files\Microsoft Games\Flight Simulator 9\UK2000 scenery\UK2000 Birmingham Xtreme\irunin.ini

Remove UK2000 Edinburgh FREE files-->C:\WINDOWS\iun506.exe C:\Documents and Settings\Perso\Mes documents\egphfreefs9\Edinburgh EGPH\\UK2000 Edinburgh FREE\irunin.ini

Rwy12 Object Placer-->G:\Runway 12\Uninstal.exe

SCS Tu-134A v1.2 for MS Flight Simulator 2004-->C:\Program Files\Microsoft Games\Flight Simulator 9\Uninstal.exe

SigmaTel MSCN Audio Player-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}\setup.exe" -l0x40c -remove

Simple AI (C:\Program Files\Simple AI\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Simple AI\ST6UNST.LOG"

Simple AI-->MsiExec.exe /I{0857DFCB-CBC7-4129-B848-8AD2BD2F5482}

Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}

Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}

Sunbelt Kerio Personal Firewall-->MsiExec.exe /X{A990EAA7-8941-4621-BC27-4F16261D3180}

SuperCopier-->"C:\Program Files\SuperCopier\SCUninst.exe"

TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"

TeamSpeak 2 Server RC2-->"C:\Program Files\Teamspeak2_RC2\unins001.exe"

Tehran Scenery 2003-->C:\WINDOWS\unvise32.exe C:\DOCUMENTS AND SETTINGS\PERSO\MES DOCUMENTS\CLEF USB\11.11.07\uninstal.log

The FFS Saab 340 Base Installer-->"C:\WINDOWS\The FFS Saab 340 Update\uninstall.exe" "/U:C:\Program Files\Microsoft Games\Flight Simulator 9\FFS\Saab340B\Uninstall\ffs_saab_340B_uninstall.xml"

The FFS Saab 340 Update-->"C:\WINDOWS\The FFS Saab 340 Update\uninstall.exe" "/U:C:\Program Files\Microsoft Games\Flight Simulator 9\FFS\Saab340B\Uninstall\ffs_saab_340B_uninstall.xml"

TOPCAT 2.21 (03APR08)-->C:\Program Files\TOPCAT\uninst.exe

Transall C160-->C:\Program Files\Microsoft Games\Flight Simulator 9\Transall160 Uninstall.exe

UHHH_upd-->C:\WINDOWS\System32\GKSUI20.EXE C:\Program Files\Uninstall2135.DAT

UHHH-->C:\WINDOWS\System32\GKSUI20.EXE C:\Program Files\UHHH V1.00\Uninstall1E2B.DAT

UkanWebEplaquette-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{057EC7FE-067F-11D6-BBC1-0050FC0BAF3F}\Setup.exe"

Ust Kamenogorsk Airport Version 1.0-->"G:\Reinstallation FS2004\Addon Scenery G\UASK\UASK\unins000.exe"

vasFMC 2.0a9-->"C:\Program Files\Microsoft Games\Flight Simulator 9\unins001.exe"

VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Virtual E6-B 1.4-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Virtual E6-B\ST6UNST.LOG"

VP6 VFW Codec-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A23866A0-738B-4091-9924-0B0DE3988A15}\Setup.exe" -l0x9

VRC-->"C:\Program Files\VRC\uninstall.exe"

Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Yahoo! Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe

Yahoo! Internet Mail-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

 

=====HijackThis Backups=====

 

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-06-28]

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot [2009-06-28]

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) [2009-06-28]

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [2009-06-28]

 

======Hosts File======

 

127.0.0.1 localhost

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ATI Technologies\ATI Control Panel;C:\PROGRA~1\FICHIE~1\TVNAVI~1

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=0801

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

 

 

Merci à toi pour ton analyse

 

fav025

fav025 Member

fav025

Posté(e)
  • Auteur
Posté(e) (modifié)

Bonjour Pear

 

J'ai (enfin !) reussi à faire un sacn complet avec Malwarebytes Antimalware..

 

Voici le rapport:

 

Malwarebytes' Anti-Malware 1.40

Version de la base de données: 2610

Windows 5.1.2600 Service Pack 1

 

12/08/2009 15:12:12

mbam-log-2009-08-12 (15-12-12).txt

 

Type de recherche: Examen complet (C:\|G:\|)

Eléments examinés: 816126

Temps écoulé: 5 hour(s), 8 minute(s), 58 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

J'ai également refait le scan avec RSIT:

 

le log:

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Perso at 2009-08-12 15:13:02

WIN_XP Service Pack 1

System drive C: has 12 GB (16%) free of 72 GB

Total RAM: 2047 MB (74% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:13:19, on 12/08/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\WgaTray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\usb_magr.exe

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Perso\Mes documents\RSIT.exe

C:\Documents and Settings\Perso\Mes documents\Bureau\Logiciels PC\Perso.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\befr.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [universal Serial Bus device] usb_magr.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKUS\S-1-5-21-2041825689-3879812656-2972491928-1007\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash (User '?')

O4 - HKUS\S-1-5-21-2041825689-3879812656-2972491928-1007\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\befr.htm

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe

O23 - Service: lxcr_device - - C:\WINDOWS\System32\lxcrcoms.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

 

--

End of file - 6267 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\$~$Sys0$.job

C:\WINDOWS\tasks\$~$Sys1$.job

C:\WINDOWS\tasks\$~$Sys2$.job

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-03 304736]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-05 657904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-30 846364]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-12-03 185872]

"Universal Serial Bus device"=C:\WINDOWS\usb_magr.exe [2009-08-08 76288]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Gadwin PrintScreen 3.1"=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2005-09-27 1073152]

"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2002-08-30 13312]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]

C:\Program Files\a-squared Anti-Malware\a2guard.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

C:\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-09-12 335872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

C:\Program Files\DNA\btdna.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

Mixer.exe /startup []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\System32\ctfmon.exe [2002-08-30 13312]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]

C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-02-07 98304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]

C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-02-02 290816]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]

C:\Program Files\Free Download Manager\fdm.exe -autorun []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]

C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [2006-03-23 1591808]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen 3.1]

C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2005-09-27 1073152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

C:\WINDOWS\system32\dumprep 0 -k []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]

C:\Program Files\Logitech\Video\ISStart.exe [2003-12-16 188416]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]

C:\Program Files\Logitech\Video\LogiTray.exe [2003-12-16 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]

C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2006-01-22 286720]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]

C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2006-03-10 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

C:\WINDOWS\SOUNDMAN.EXE [2003-04-24 54784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier.exe]

C:\Program Files\SuperCopier\SuperCopier.exe [2003-04-25 683520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-12-03 185872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VCSPlayer]

C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe [2003-08-13 299008]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WooCnxMon]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EPSON Status Monitor 3 Environment Check 2.lnk]

[]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SharedAccess"=2

"Eventlog"=2

"EPSONStatusAgent2"=2

"wuauserv"=2

"ATI Smart"=2

"Ati HotKey Poller"=2

"helpsvc"=2

"gusvc"=2

"aawservice"=2

"a2free"=2

"a2AntiMalware"=2

"gupdate1c987ab43d1cc70"=2

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=

:\WINDOW

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=95000000

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=

"NoDriveAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======File associations======

 

.js - open - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"

 

======List of files/folders created in the last 1 months======

 

2009-08-12 09:08:09 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-08-11 06:44:03 ----D---- C:\rsit

2009-08-08 23:52:43 ----D---- C:\Program Files\FSFDT

2009-08-08 23:14:05 ----N---- C:\WINDOWS\usb_magr.exe

2009-08-08 23:13:21 ----A---- C:\WINDOWS\System32\Ms12x.exe

2009-08-06 09:09:23 ----D---- C:\Program Files\FSacars

2009-07-15 17:32:55 ----A---- C:\WINDOWS\System32\Ms07.exe

 

======List of files/folders modified in the last 1 months======

 

2009-08-12 10:03:08 ----D---- C:\WINDOWS\System32\CatRoot2

2009-08-12 10:01:51 ----RD---- C:\Program Files

2009-08-12 10:01:51 ----D---- C:\WINDOWS\Temp

2009-08-12 10:01:48 ----D---- C:\WINDOWS\System32\drivers

2009-08-12 10:00:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-08-12 09:43:59 ----D---- C:\Program Files\Mozilla Firefox

2009-08-12 09:09:06 ----D---- C:\WINDOWS

2009-08-11 22:22:39 ----A---- C:\WINDOWS\wininit.ini

2009-08-11 22:22:25 ----RASH---- C:\BOOT.INI

2009-08-11 22:22:25 ----A---- C:\WINDOWS\win.ini

2009-08-11 22:22:25 ----A---- C:\WINDOWS\system.ini

2009-08-09 21:23:39 ----D---- C:\RealityXP

2009-08-09 16:29:44 ----D---- C:\Program Files\FS Panel Studio

2009-08-09 09:42:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-08-08 23:13:21 ----D---- C:\WINDOWS\system32

2009-08-08 19:52:02 ----D---- C:\Documents and Settings\Perso\Application Data\teamspeak2

2009-08-07 14:50:40 ----D---- C:\Program Files\NCalc5.07

2009-08-07 12:02:46 ----A---- C:\WINDOWS\ModemLog_Aztech CNR2900 V.92 Modem.txt

2009-08-06 09:09:24 ----SHD---- C:\WINDOWS\Installer

2009-08-06 09:09:24 ----D---- C:\Config.Msi

2009-07-30 07:25:01 ----D---- C:\gmax

2009-07-24 19:14:46 ----D---- C:\Program Files\HexEdit

2009-07-24 17:40:14 ----RSD---- C:\WINDOWS\Fonts

2009-07-22 17:56:14 ----D---- C:\Program Files\SquawkBox

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2002-12-12 35328]

R1 Asapi;Asapi; C:\WINDOWS\System32\drivers\Asapi.sys [2002-08-06 11264]

R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2009-02-13 45416]

R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-12-15 274432]

R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2005-12-15 81920]

R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2009-07-13 28520]

R1 vcsmpdrv;vcsmpdrv; C:\WINDOWS\System32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-04-25 730092]

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]

R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]

R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-04-24 41984]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\System32\drivers\mbamswissarmy.sys []

R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2003-01-21 210024]

R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2003-01-17 507008]

R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]

R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384]

S3 EPUSBSTOR;EPSON USB Storage Driver; C:\WINDOWS\System32\DRIVERS\epusbsto.sys [2001-09-10 17976]

S3 hidgame;Activateur de port HID à manette de jeu Microsoft; C:\WINDOWS\System32\DRIVERS\hidgame.sys [2001-08-17 8576]

S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]

S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2003-01-21 1290312]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-07-09 10112]

S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2003-01-17 162136]

S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-08-29 891711]

S3 QCMerced;Logitech QuickCam Messenger; C:\WINDOWS\System32\DRIVERS\LVCM.sys [2003-06-27 472332]

S3 RecAgent;recagent; \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys []

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-07-09 10880]

S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2003-01-21 84784]

S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2002-08-29 56832]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-13 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-13 185089]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]

R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe [2005-12-19 1368064]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]

R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-01-17 45056]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]

R2 VCSSecS;Virtual CD v4 Security service (SDK - Version); C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

S3 lxcr_device;lxcr_device; C:\WINDOWS\System32\lxcrcoms.exe [2006-02-03 495616]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

S4 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe [2008-05-12 587384]

S4 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-06-25 718880]

S4 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-29 611664]

S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2006-05-03 413696]

S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]

S4 gupdate1c987ab43d1cc70;Google Update Service (gupdate1c987ab43d1cc70); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]

S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 182768]

 

-----------------EOF-----------------

 

Pendant le scan de Malawarebyetes, Antivir s'est déclanché deux fois:

 

- worms/kolab.dgc (disque C:)

 

- TR/spy.786622 (disque G:)

 

 

Merci infiniment à vous pour votre analyse

 

fav025

Modifié par fav025

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...