Infection Braviax

[Thanos]

salut

 

Ok pour les rapports! Dans l'avant dernier scan, plus aucune infection active n'a été détectée par MBAM: il ne s'agissait que de points de restauration infectés qu'on aurait supprimé de toute façon

On va d'ailleurs faire le ménage à présent >>

 

Passe par le Menu Démarrer > Exécuter ( pour cela utilise la combinaison de touches [Touche Windows]+[R]) > et tape ceci > ComboFix /u (il ya un espace entre x et / )

Une fenêtre va s'ouvrir et ComboFix sera désinstallé de ton pc.

 

Tu peux supprimer le fichier drweb-cureit.exe sur le Bureau.

 

On va utiliser un petit programme que tu vas pouvoir conserver et qui sert à faire le nettoyage des fichiers inutiles (fichiers temporaires/cookies/cache internet etc...). Conserve le car tu pourras l'utiliser par la suite.

 

Télécharge ATF Cleaner by Atribune sur ton bureau.

 

Double-clique sur ATF Cleaner afin de lancer le programme.

• Sous l'onglet Main, choisis : Select All
  Clique sur le bouton Empty Selected
   
  Si tu utilises le navigateur Firefox :
   
   
  
• Clique Firefox au haut et choisis : Select All
  Clique le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
   
  Si tu utilises le navigateur Opera :
   
   
  
• Clique Opera au haut et choisis : Select All
  Clique le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
   
  Clique Exit, du menu prinicipal, afin de fermer le programme.
  

On purge la restauration système car il y a peut être des points de restauration infectés (ca évitera de réinstaller l'infection au cas où tu es amené à l'utiliser) => aide visuelle

Clique sur Démarrer.

Clique avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés.

Clique sur l'onglet «Restauration du système».

Sélectionne «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs»

Clique sur "Appliquer".

Comme le dit le message, ceci supprimera tous les points de restauration existants. Pour faire cela, clique sur Oui.

Clique sur OK.Redémarre ton PC. Fais l'opération inverse, et réactive la restauration:un nouveau point sera automatiquement créé.

 

Un dernier scan pour voir si tout va bien et je te laisse ^^ le scan est très rapide!

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit
  

Pour info >>

 

Tu as dû constater qu'au démarrage, un choix t'est proposé à présent: Démarrer Windows ou Lancer la Console de Récupération. C'est ComboFix qui l'a installée par sécurité. Parfois, il arrive que des fichiers importants de Windows soient corrompus/effacés et c'est là que l'installation de cette Console prend tout son intérêt.

Elle permet de faire une multitude de chose: effacer des fichiers infectés - remplacer des fichiers légitimes etc....

pour plus d'informations sur la Console de Récupération, lis ce topic >> http://www.zebulon.fr/dossiers/61-console-...cuperation.html

[Michael75]

Opérations effectuées !

 

Log RSIT

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by F86SYH at 2009-09-15 17:21:14

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 8 GB (22%) free of 38 GB

Total RAM: 1022 MB (50% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:21:48, on 15/09/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Wave Systems Corp\Common\DataServer.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe

C:\Program Files\RealVNC\WinVNC\WinVNC.exe

C:\Program Files\Citrix\Client ICA\ssonsvr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Apoint\HidFind.exe

C:\Program Files\Apoint\Apntex.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\userinit.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Documents and Settings\F86SYH\Bureau\RSIT.exe

C:\Documents and Settings\F86SYH\Bureau\F86SYH.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = squid.cegedim.fr:3128

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.cegedim;*.soltim;*.soltimfm;*.esquif.fr;*.pyrenees.net;131.131.*;172.17.*;172.

18.*;128.1.*;193.252.4.*;192.168.*;*.cegedim-srh.com;133.133.*;*.intranet.proval.fr;10.*;frtlm001;intranet.*;195.6.223.14;*.c

egedim-activ;*.cegedim-portal.com;intranet.cegedim-activ.com;*.production.net;*.ametif.local;*.cimta.local;*.acismt.com;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: WinBar.lnk = C:\Qoobox\Quarantine\C\Program Files\WinBar\WinBar.exe.vir

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154765218234

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pyrenees.net

O17 - HKLM\Software\..\Telephony: DomainName = pyrenees.net

O17 - HKLM\System\CCS\Services\Tcpip\..\{29844E54-7345-4116-9267-C6D009F71889}: NameServer = 172.17.124.61,172.17.124.62

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pyrenees.net

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: VNC Server (winvnc) - RealVNC Ltd. - C:\Program Files\RealVNC\WinVNC\WinVNC.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--

End of file - 10335 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]

"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]

"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]

"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]

"Document Manager"=C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe [2006-03-09 98304]

"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]

"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718]

"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182]

"WinVNC"=C:\Program Files\RealVNC\WinVNC\WinVNC.exe [2003-03-05 335872]

"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [2002-09-02 77824]

"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-19 7401472]

"nwiz"=nwiz.exe /installquiet []

"NVHotkey"=nvHotkey.dll,Start []

"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-24 29744]

"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]

"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712]

"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

"Zone Labs Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2006-08-23 968696]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"=C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]

"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-08-09 288048]

"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe []

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe

 

C:\Documents and Settings\F86SYH\Menu Démarrer\Programmes\Démarrage

WinBar.lnk - C:\Qoobox\Quarantine\C\Program Files\WinBar\WinBar.exe.vir

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

C:\WINDOWS\system32\NavLogon.dll [2002-07-30 45056]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

wvauth

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=1

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\HomePlayer\bin\HomePlayer.exe"="C:\Program Files\HomePlayer\bin\HomePlayer.exe:*:Enabled:HomePlayer"

"C:\Documents and Settings\F86SYH\Mes documents\Programmes et Mises à jour\Freeplayer-Win32-20050905\Freeplayer\vlc\vlc.exe"="C:\Documents and Settings\F86SYH\Mes documents\Programmes et Mises à jour\Freeplayer-Win32-20050905\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player"

"C:\Program Files\Freeplayer\vlc\vlc.exe"="C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\FileZilla FTP Client\filezilla.exe"="C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe"="C:\Program Files\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe:*:Enabled:Office Password Recovery PRO"

 

======List of files/folders created in the last 1 months======

 

2009-09-15 17:21:14 ----D---- C:\rsit

2009-09-15 17:08:55 ----SD---- C:\ComboFix

2009-09-15 10:49:22 ----A---- C:\WINDOWS\system32\MSVCRTD.DLL

2009-09-15 10:49:22 ----A---- C:\WINDOWS\system32\MSVCP60D.DLL

2009-09-15 10:49:15 ----A---- C:\WINDOWS\system32\AudPlayer.dll

2009-09-15 10:49:15 ----A---- C:\WINDOWS\system32\AudioVisu.dll

2009-09-15 10:49:15 ----A---- C:\WINDOWS\system32\AudioRecord.dll

2009-09-15 10:49:15 ----A---- C:\WINDOWS\system32\AudioInfos.dll

2009-09-15 10:49:14 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL

2009-09-15 10:49:14 ----A---- C:\WINDOWS\system32\TABCTFR.DLL

2009-09-15 10:49:14 ----A---- C:\WINDOWS\system32\inetfr.DLL

2009-09-15 10:49:14 ----A---- C:\WINDOWS\system32\AudFile.dll

2009-09-15 10:49:14 ----A---- C:\WINDOWS\system32\AudDisplay.dll

2009-09-15 10:49:14 ----A---- C:\WINDOWS\system32\AudDesign.dll

2009-09-15 10:49:13 ----D---- C:\Program Files\Free Audio Pack

2009-09-15 10:49:13 ----A---- C:\WINDOWS\system32\lame_enc.dll

2009-09-15 10:49:13 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL

2009-09-13 21:51:02 ----SHD---- C:\RECYCLER

2009-09-13 17:10:42 ----A---- C:\ComboFix.txt

2009-09-13 17:03:34 ----D---- C:\WINDOWS\temp

2009-09-13 13:36:54 ----A---- C:\Boot.bak

2009-09-13 13:36:38 ----RASHD---- C:\cmdcons

2009-09-12 13:12:51 ----D---- C:\ComboTestFix

2009-09-09 20:09:06 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll

2009-09-09 20:09:03 ----A---- C:\WINDOWS\system32\vsregexp.dll

2009-09-09 20:09:03 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll

2009-09-09 20:09:01 ----A---- C:\WINDOWS\system32\zlcommdb.dll

2009-09-09 20:09:01 ----A---- C:\WINDOWS\system32\zlcomm.dll

2009-09-09 20:08:55 ----A---- C:\WINDOWS\system32\vsxml.dll

2009-09-09 20:08:55 ----A---- C:\WINDOWS\system32\vswmi.dll

2009-09-09 20:08:54 ----D---- C:\WINDOWS\system32\ZoneLabs

2009-09-09 20:08:54 ----A---- C:\WINDOWS\system32\vspubapi.dll

2009-09-09 20:08:54 ----A---- C:\WINDOWS\system32\vsmonapi.dll

2009-09-09 20:08:19 ----D---- C:\Program Files\Zone Labs

2009-09-09 20:08:04 ----A---- C:\WINDOWS\system32\vsutil.dll

2009-09-09 20:08:04 ----A---- C:\WINDOWS\system32\vsinit.dll

2009-09-07 22:23:02 ----A---- C:\WINDOWS\system32\vsdata.dll

2009-09-07 22:22:19 ----D---- C:\WINDOWS\Internet Logs

2009-09-06 00:59:08 ----D---- C:\WINDOWS\ERDNT

2009-09-05 13:00:15 ----D---- C:\WINDOWS\Minidump

2009-09-05 11:36:53 ----A---- C:\avenger.txt

2009-09-02 23:21:39 ----A---- C:\List'em.txt

2009-09-02 23:17:07 ----D---- C:\Documents and Settings\F86SYH\Application Data\Malwarebytes

2009-09-02 23:16:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-09-02 23:16:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

 

======List of files/folders modified in the last 1 months======

 

2009-09-15 17:21:27 ----D---- C:\WINDOWS\Prefetch

2009-09-15 17:21:26 ----D---- C:\Documents and Settings\F86SYH\Application Data\uTorrent

2009-09-15 17:20:48 ----SHD---- C:\System Volume Information

2009-09-15 17:20:48 ----D---- C:\WINDOWS\system32\Restore

2009-09-15 17:20:33 ----SHD---- C:\WINDOWS\Installer

2009-09-15 17:20:32 ----D---- C:\Config.Msi

2009-09-15 17:20:31 ----D---- C:\WINDOWS\system32

2009-09-15 17:20:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-09-15 17:20:00 ----D---- C:\Program Files\Fichiers communs\Adobe

2009-09-15 17:19:54 ----D---- C:\WINDOWS\WinSxS

2009-09-15 17:19:46 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2009-09-15 17:19:29 ----D---- C:\Program Files\Adobe

2009-09-15 17:17:29 ----HD---- C:\WINDOWS\inf

2009-09-15 17:17:21 ----D---- C:\WINDOWS

2009-09-15 17:16:47 ----RSHD---- C:\WINDOWS\system32\dllcache

2009-09-15 17:16:26 ----D---- C:\WINDOWS\system32\CatRoot2

2009-09-15 17:16:26 ----A---- C:\WINDOWS\ModemLog_Modem standard 33600 bps.txt

2009-09-15 17:16:20 ----A---- C:\WINDOWS\ModemLog_Dell Wireless 5505 Mobile Broadband (3G HSDPA) Minicard Modem.txt

2009-09-15 17:16:20 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt

2009-09-15 17:15:19 ----D---- C:\WINDOWS\security

2009-09-15 17:15:16 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-09-15 10:49:13 ----RD---- C:\Program Files

2009-09-15 10:00:43 ----D---- C:\Program Files\Mozilla Firefox

2009-09-14 19:14:35 ----D---- C:\WINDOWS\system32\drivers

2009-09-13 22:15:53 ----D---- C:\Program Files\RealVNC

2009-09-13 21:53:37 ----D---- C:\WINDOWS\Help

2009-09-13 17:07:05 ----A---- C:\WINDOWS\system.ini

2009-09-13 17:03:56 ----D---- C:\WINDOWS\system32\config

2009-09-13 17:03:12 ----SD---- C:\Documents and Settings\F86SYH\Application Data\Microsoft

2009-09-13 16:57:09 ----D---- C:\WINDOWS\AppPatch

2009-09-13 16:57:04 ----D---- C:\Program Files\Fichiers communs

2009-09-13 16:07:44 ----D---- C:\Program Files\SpywareBlaster

2009-09-13 15:07:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-09-13 13:36:54 ----RASH---- C:\boot.ini

2009-09-12 13:11:07 ----SHD---- C:\WINDOWS\CSC

2009-09-10 14:17:31 ----A---- C:\WINDOWS\AviSplitter.INI

2009-09-06 14:12:53 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-09-06 12:52:55 ----HD---- C:\WINDOWS\$hf_mig$

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]

R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]

R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]

R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2006-08-23 392824]

R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-07-25 21275]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]

R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS []

R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568]

R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]

R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]

R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]

R3 eDataVideoCap;eDataVideoCap; C:\WINDOWS\system32\DRIVERS\eDataVideoCap.sys [2007-12-13 25600]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]

R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 NAVAP;NAVAP; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys []

R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20070124.024\NAVENG.sys []

R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20070124.024\NAVEX15.sys []

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-19 3595296]

R3 NWADI;NWADI Bus Enumerator; C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2006-06-14 155264]

R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver; C:\WINDOWS\system32\DRIVERS\nwdelmdm.sys [2006-03-08 77952]

R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver; C:\WINDOWS\system32\DRIVERS\nwdelser.sys [2006-03-08 77952]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-05 5888]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]

R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []

R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-22 47104]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]

R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-26 27264]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]

R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]

S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]

S1 wceusbsh;Pilote d'hôte USB série pour Windows CE; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-08-04 32128]

S3 BCOREUSB;BCOREUSB.Sys CSR test driver; C:\WINDOWS\System32\Drivers\BCOREUSB.sys [2005-10-03 86867]

S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]

S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]

S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-04 274944]

S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 E100B;Pilote de carte Intel ® PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]

S3 fbxusb;FreeBox USB Network Adapter; C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848]

S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]

S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2006-06-30 18560]

S3 RDID1046;EDIROL UA-25; C:\WINDOWS\system32\Drivers\rdwm1046.sys [2004-04-02 163390]

S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]

S3 SYMIDSCO;SYMIDSCO; \??\C:\WINDOWS\system32\Drivers\SYMIDSCO.SYS []

S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]

S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-01-20 108928]

S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-09-15 36480]

S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-01-11 62848]

S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]

S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-04-06 50048]

S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-02-09 39936]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]

S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]

S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]

S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]

S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]

S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]

R2 DataSvr2;DataSvr2; C:\Program Files\Wave Systems Corp\Common\DataServer.exe [2006-03-25 315392]

R2 DefWatch;DefWatch; C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe [2002-09-02 32768]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753]

R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-04-06 380928]

R2 Norton AntiVirus Server;Symantec AntiVirus Client; C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe [2002-09-03 581632]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-19 143428]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164]

R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745]

R2 tcsd_win32.exe;NTRU Hybrid TSS v2.0.7 TCS; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe [2005-11-30 180224]

R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2006-08-23 75768]

R2 winvnc;VNC Server; C:\Program Files\RealVNC\WinVNC\WinVNC.exe [2003-03-05 335872]

R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2005-12-28 262217]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-24 29744]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S4 Bluetooth Hid Switch Service;Bluetooth Hid Switch Service; C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe [2005-08-30 188416]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

 

-----------------EOF-----------------

 

 

 

 

Info RSIT

 

info.txt logfile of random's system information tool 1.06 2009-09-15 17:21:52

 

======Uninstall list======

 

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Access Companion-->C:\WINDOWS\system32\DmUninst.exe -dm

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}

Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}

Advanced Office Password Recovery (remove only)-->C:\Program Files\Elcomsoft\AOPR\uninstall.exe

ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE

Any Video Converter 2.5.8-->"C:\Program Files\Any Video Converter\unins000.exe"

Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Broadcom Advanced Control Suite-->MsiExec.exe /X{26E1BFB0-E87E-4696-9F89-B467F01F81E5}

Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}

Broadcom TPM Driver Installer-->MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}

Cakewalk VST Adapter 4-->C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG

Client MetaFrame Presentation Server-->MsiExec.exe /I{2C42ED1E-6315-4E63-89E6-057EA114EBB8}

Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf

Dell Embassy Trust Suite by Wave Systems-->C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe

Dell Mobile Broadband Card Utility-->MsiExec.exe /X{DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28}

Digital Line Detect-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel

Document Manager Lite-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} /l1036

DreamStation DXi2-->C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2

EMBASSY Security Center-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEAFE1E5-076B-430A-96D9-B567792AFA88}

EMBASSY Trust Suite by Wave Systems-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe" -l0x9

ETS Launch Pad-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{DD41AC25-61B2-4FC9-90AA-672F32139AC3}

FileZilla Client 3.1.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe

Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe

Free Mp3 Wma Converter V 1.81-->"C:\Program Files\Free Audio Pack\unins000.exe"

Freeplayer-->C:\Program Files\Freeplayer\Uninstall.exe

Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Haali Media Splitter-->"C:\Program Files\Matroska Pack\haali\uninstall.exe"

High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe

HijackThis 2.0.2-->"C:\Documents and Settings\F86SYH\Bureau\HijackThis.exe" /uninstall

HomePlayer-->C:\WINDOWS\iun6002.exe "C:\Program Files\HomePlayer\irunin.ini"

Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2

IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe

IsoBuster 2.5-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"

iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}

Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}

LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U

Logiciel Intel® PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Matroska Pack-->C:\Program Files\Matroska Pack\uninstall.exe

mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}

mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}

MediaInfo 0.7.7.6-->C:\Program Files\MediaInfo\uninst.exe

mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}

Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Mise à jour de sécurité pour Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf

Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}

MKVtoolnix 1.6.5-->C:\Program Files\MKVtoolnix\uninst.exe

mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}

mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}

MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}

Modem Helper-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe

Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe

Mozilla Firefox (2.0.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\uninst.exe

mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}

mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}

mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}

mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}

MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}

Multimedia Conference version 3.2.0.3-->RunDll32 C:\WINDOWS\system32\advpack.dll,LaunchINFSection C:\WINDOWS\INF\eDataV3_3_2_0_3.inf,DefaultUninstall

mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}

mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}

mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}

mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}

NetWaiting-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x40c ControlPanel

NTRU Hybrid TSS v2.0.7-->MsiExec.exe /I{D1183FA8-AA29-4C82-B998-9593D7AF42FE}

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

OZ776 SCR CardBus Windows Driver-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48} /l1036

Paint.NET v3.10-->MsiExec.exe /X{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}

PDFCreator-->C:\Program Files\PDFCreator\unins000.exe

PowerArchiver-->C:\Program Files\PowerArchiver\UNINST.EXE

PowerDVD 5.7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PowerPaint 2.50-->"C:\Program Files\FLISoft\PowerPaint\unins000.exe"

Preboot Manager-->MsiExec.exe /I{AE765884-4770-4A92-82D9-AB3192512B31}

Private Information Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{0B0A2153-58A6-4244-B458-25EDF5FCD809}

QuickSet-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x40c APPDRVNT4

QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}

Satsuki Decoder Pack-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe

Secure Update-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}

Security Wizards-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4} /l1036

SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe

SONAR LE-->C:\PROGRA~1\Cakewalk\SONARL~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\SONARL~1\INSTALL.LOG

SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"

Symantec AntiVirus Client-->MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}

TeLL me More-->"C:\TELL ME MORE NV\BIN\unsetup.exe" -file "C:\TELL ME MORE NV\unsetup.aui"

VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}

VNC 3.3.7-->"C:\Program Files\RealVNC\unins000.exe"

Wave Infrastructure Installer-->MsiExec.exe /I{B5AB9CB4-4AAE-44CC-A6AF-37388326E85F}

Wave Support Software-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6CDAED1C-5B60-4818-88A7-E4A90CD367AF} /l1036

Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}

Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

 

======Security center information======

 

FW: ZoneAlarm Firewall

 

======System event log======

 

Computer Name: FRPRN236

Event Code: 3019

Message: Le redirecteur n'a pas réussi à déterminer le type de la connexion.

 

Record Number: 9306

Source Name: MRxSmb

Time Written: 20090908165401.000000+120

Event Type: Avertissement

User:

 

Computer Name: FRPRN236

Event Code: 3019

Message: Le redirecteur n'a pas réussi à déterminer le type de la connexion.

 

Record Number: 9305

Source Name: MRxSmb

Time Written: 20090908165357.000000+120

Event Type: Avertissement

User:

 

Computer Name: FRPRN236

Event Code: 3019

Message: Le redirecteur n'a pas réussi à déterminer le type de la connexion.

 

Record Number: 9304

Source Name: MRxSmb

Time Written: 20090908165355.000000+120

Event Type: Avertissement

User:

 

Computer Name: FRPRN236

Event Code: 3019

Message: Le redirecteur n'a pas réussi à déterminer le type de la connexion.

 

Record Number: 9303

Source Name: MRxSmb

Time Written: 20090908165354.000000+120

Event Type: Avertissement

User:

 

Computer Name: FRPRN236

Event Code: 3019

Message: Le redirecteur n'a pas réussi à déterminer le type de la connexion.

 

Record Number: 9302

Source Name: MRxSmb

Time Written: 20090908165353.000000+120

Event Type: Avertissement

User:

 

=====Application event log=====

 

Computer Name: FRPRN236

Event Code: 14

Message:

 

 

Le démarrage des services Symantec AntiVirus a réussi.

 

Record Number: 13705

Source Name: Norton AntiVirus

Time Written: 20090719221411.000000+120

Event Type: Informations

User:

 

Computer Name: FRPRN236

Event Code: 23

Message:

 

 

Protection temps réel Symantec AntiVirus chargée.

 

Record Number: 13704

Source Name: Norton AntiVirus

Time Written: 20090719221409.000000+120

Event Type: Informations

User:

 

Computer Name: FRPRN236

Event Code: 1000

Message: Impossible d'exécuter le script suivant \\pyrenees.net\SysVol\pyrenees.net\scripts\AddLocalAdmins.vbs.L'emplacement réseau ne peut pas être atteint. Pour obtenir des informations concernant la résolution des problèmes du réseau, consultez l'aide de Windows.

 

 

Record Number: 13703

Source Name: UserInit

Time Written: 20090719221401.000000+120

Event Type: erreur

User:

 

Computer Name: FRPRN236

Event Code: 1000

Message: Impossible d'exécuter le script suivant \\pyrenees.net\SysVol\pyrenees.net\scripts\AddLocalAdmins.vbs.L'emplacement réseau ne peut pas être atteint. Pour obtenir des informations concernant la résolution des problèmes du réseau, consultez l'aide de Windows.

 

 

Record Number: 13702

Source Name: UserInit

Time Written: 20090719221401.000000+120

Event Type: erreur

User:

 

Computer Name: FRPRN236

Event Code: 0

Message:

Record Number: 13701

Source Name: RegSrvc

Time Written: 20090719221401.000000+120

Event Type: Informations

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel

"PROCESSOR_REVISION"=0e08

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

"tvdumpflags"=8

 

-----------------EOF-----------------