Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

et bien me voila...( Résolu )

coldstorage

Par coldstorage
dans Analyses et éradication malwares

 Partager

Messages recommandés

coldstorage Junior Member

coldstorage

Posté(e)
Posté(e) (modifié)

bonjours a toutes et a tous!

voila depuis quelque temps il m arrive quelque chose de désagréable avec mes 2 navigateurs(firefox ie)!

a chaque fois que je lance une recherche sur google je clicke sur les liens du bas, et bien a chaque fois je tombe sur des site publicitaires ou xxx ...

alors bien sur j ai veviner que j ai choper quelque chose quelque part,j ai lancer le grand netoyage (spybot ccleaner ad-aware kis) mais rien ny fait c esst toujours la!!

donc,je demande votre aide svp car la sa devient vraiment lourd...

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:23:47, on 28/10/2009

Platform: Windows XP SP3, v.5512 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\ALCFDRTM.EXE

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris

F3 - REG:win.ini: load=????

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: (no name) - {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - (no file)

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden

O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdnet.dll

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 7535 bytes

 

alors voila..merci d avance de votre aides!!!vraiment!!!

Modifié par coldstorage

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

Salut et bienvenue sur le forum :P

 

Quelques liens pour t'aider à commencer :

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement :P

 

Pour répondre ou ajouter un post, un rapport, etc, utilise le bouton t_reply.gif. :P

(bouton qui se trouve entre "Flash" et "Nouveau")

 

*********

 

Tu as fait un scan avec MalwareByte's Anti-Malware: poste son contenu stp >>

Pour cela lance MalwareByte's Anti-Malware, clique sur le Menu Rapports/Logs puis, sous "Eléments", sélectionne le rapport qui correspond à ton dernier scan (il y a la date du jour dans le nom du fichier).

Double-clique dessus > un rapport va s'afficher > copie/colle son contenu dans ton prochain message.

 

Poste aussi ces rapports >>

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

coldstorage Junior Member

coldstorage

Posté(e)
  • Auteur
Posté(e) (modifié)

bonjours et merci Thanos!

voila pour le raport MalwareByte's Anti-Malware!

 

alwarebytes' Anti-Malware 1.41

Version de la base de données: 2797

Windows 5.1.2600 Service Pack 3, v.5512

 

21/10/2009 20:54:51

mbam-log-2009-10-21 (20-54-51).txt

 

Type de recherche: Examen rapide

Eléments examinés: 88079

Temps écoulé: 9 minute(s), 16 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

raport random systeme!

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by aguinaldo at 2009-10-29 09:12:36

Microsoft Windows XP Professionnel Service Pack 3, v.5512

System drive C: has 21 GB (3%) free of 715 GB

Total RAM: 2046 MB (73% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:12:37, on 29/10/2009

Platform: Windows XP SP3, v.5512 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\WINDOWS\ALCFDRTM.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\aguinaldo\Bureau\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\aguinaldo.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris

F3 - REG:win.ini: load=????

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: (no name) - {A2234B15-23F2-42AD-F4E4-00AAC39C0004} - (no file)

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden

O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O20 - AppInit_DLLs: C:\WINDOWS\system32\kbdnet.dll

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 7641 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]

ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2234B15-23F2-42AD-F4E4-00AAC39C0004}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]

FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]

"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1970176]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-07-04 161064]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2009-10-17 1070984]

"AdobeCS4ServiceManager"=C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

"Adobe_ID0ENQBO"=C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]

"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-09-23 1657448]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"=C:\Program Files\uTorrent\utorrent.exe [2009-10-01 289072]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-07-04 148776]

"LightScribe Control Panel"=C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\calc]

C:\WINDOWS\system32\calc.dll,_IWMPEvents@0 []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnableDCOM]

N []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

??????

??Ÿ

???????? []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUAD Scheduler]

C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUAD Windows service]

C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^aguinaldo^Menu Démarrer^Programmes^Démarrage^scandisk.lnk]

C:\DOCUME~1\AGUINA~1\MENUDM~1\PROGRA~1\DMARRA~1\scandisk.dll,_IWMPEvents@0 []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\WINDOWS\system32\kbdnet.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-11 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=1

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"SynchronousMachineGroupPolicy"=0

"SynchronousUserGroupPolicy"=0

"ConsentPromptBehaviorAdmin"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

"ForceClassicControlPanel"=1

"NoDesktopCleanupWizard"=1

"NoInstrumentation"=1

"NoResolveSearch"=1

"NoResolveTrack"=1

"NoSMBalloonTip"=1

"NoSMConfigurePrograms"=1

"NoStartMenuMFUprogramsList"=1

"NoStrCmpLogical"=0

"NoWelcomeScreen"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=

"NoDriveTypeAutoRun"=

"NoResolveTrack"=

"NoSetActiveDesktop"=

"HideRunAsVerb"=

"NoInstrumentation"=

"NoStartMenuMFUprogramsList"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

"C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE"="C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9)"

"C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE"="C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10)"

"C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe"="C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"

"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe"="C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising"

"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"

"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

"C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"

"C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"

"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13879d0b-a175-11de-8687-00508dbbea6e}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538aa59b-ae90-11de-8689-00508dbbea6e}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacee1b9-9fb1-11de-8686-00508dbbea6e}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacee1bd-9fb1-11de-8686-00508dbbea6e}]

shell\AutoRun\command - K:\Setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacee1be-9fb1-11de-8686-00508dbbea6e}]

shell\AutoRun\command - L:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacee1c4-9fb1-11de-8686-00508dbbea6e}]

shell\AutoRun\command - M:\Torchlight_Setup.exe

 

 

======List of files/folders created in the last 1 months======

 

2009-10-29 09:12:36 ----D---- C:\rsit

2009-10-28 17:17:29 ----D---- C:\Program Files\Trend Micro

2009-10-28 17:10:14 ----D---- C:\Documents and Settings\aguinaldo\Application Data\HouseCall 6.6

2009-10-28 13:25:42 ----D---- C:\Documents and Settings\aguinaldo\Application Data\runic games

2009-10-28 13:23:43 ----D---- C:\Program Files\Runic Games

2009-10-26 10:49:55 ----D---- C:\Program Files\Kaspersky Lab

2009-10-26 10:49:55 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2009-10-26 10:46:50 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-10-26 10:30:14 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Mozilla

2009-10-26 10:28:21 ----D---- C:\Program Files\mozilla.org

2009-10-26 09:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$

2009-10-26 09:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$

2009-10-26 09:57:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$

2009-10-26 09:57:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2009-10-26 09:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2009-10-26 09:53:59 ----D---- C:\WINDOWS\ie7updates

2009-10-26 09:53:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2009-10-26 09:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2009-10-26 09:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2009-10-26 09:51:47 ----HD---- C:\WINDOWS\$hf_mig$

2009-10-26 09:46:07 ----D---- C:\Program Files\Panda Security

2009-10-25 09:11:38 ----D---- C:\Documents and Settings\aguinaldo\Application Data\abelhadigital.com

2009-10-24 09:35:54 ----D---- C:\Program Files\Machinarium

2009-10-22 23:08:10 ----D---- C:\WINDOWS\system32\AGEIA

2009-10-22 23:08:10 ----D---- C:\Program Files\AGEIA Technologies

2009-10-22 23:08:02 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

2009-10-22 22:57:10 ----D---- C:\Documents and Settings\All Users\Application Data\realtech VR

2009-10-22 22:57:06 ----D---- C:\Program Files\realtech VR

2009-10-22 22:35:35 ----D---- C:\Program Files\Eufloria

2009-10-22 12:02:08 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet

2009-10-22 11:02:49 ----D---- C:\Documents and Settings\All Users\Application Data\ALM

2009-10-22 10:46:25 ----RA---- C:\WINDOWS\system32\AdobePDFUI.dll

2009-10-22 10:46:25 ----RA---- C:\WINDOWS\system32\AdobePDF.dll

2009-10-22 10:37:43 ----D---- C:\Program Files\Adobe Media Player

2009-10-22 10:36:39 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2009-10-22 10:36:37 ----D---- C:\Program Files\Fichiers communs\Adobe AIR

2009-10-22 10:33:14 ----D---- C:\Program Files\Adobe

2009-10-21 23:13:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2009-10-21 20:38:24 ----A---- C:\WINDOWS\wininit.ini

2009-10-21 20:23:02 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-10-21 20:23:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-10-21 16:26:52 ----D---- C:\Documents and Settings\aguinaldo\Application Data\vlc

2009-10-21 15:03:28 ----D---- C:\WINDOWS\pss

2009-10-21 11:49:41 ----A---- C:\WINDOWS\system32\ztvunrar36.dll

2009-10-21 11:49:41 ----A---- C:\WINDOWS\system32\ztvunace26.dll

2009-10-21 11:49:41 ----A---- C:\WINDOWS\system32\ztvcabinet.dll

2009-10-21 11:49:41 ----A---- C:\WINDOWS\system32\UNRAR3.dll

2009-10-21 11:49:41 ----A---- C:\WINDOWS\system32\unacev2.dll

2009-10-21 11:49:40 ----D---- C:\Program Files\Trojan Remover

2009-10-21 11:49:40 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software

2009-10-21 11:49:40 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Simply Super Software

2009-10-20 22:54:37 ----D---- C:\Program Files\EditHexa

2009-10-20 22:54:37 ----A---- C:\WINDOWS\EditHexaUninstall.exe

2009-10-20 22:23:18 ----D---- C:\WINDOWS\A5W_DATA

2009-10-20 22:23:18 ----A---- C:\WINDOWS\A5W.INI

2009-10-20 22:23:13 ----A---- C:\WINDOWS\w32dasm8.ini

2009-10-20 20:34:56 ----A---- C:\WINDOWS\system32\klogon.dll

2009-10-19 14:10:11 ----D---- C:\Program Files\Fichiers communs\Adobe

2009-10-19 12:07:39 ----D---- C:\Program Files\Padus

2009-10-17 17:37:10 ----A---- C:\WINDOWS\system32\XAudio2_5.dll

2009-10-17 17:37:10 ----A---- C:\WINDOWS\system32\xactengine3_5.dll

2009-10-17 17:37:09 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll

2009-10-17 17:37:09 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll

2009-10-17 17:37:08 ----A---- C:\WINDOWS\system32\D3DX9_42.dll

2009-10-17 17:37:08 ----A---- C:\WINDOWS\system32\d3dx11_42.dll

2009-10-17 17:37:08 ----A---- C:\WINDOWS\system32\d3dx10_42.dll

2009-10-17 17:36:16 ----HD---- C:\WINDOWS\msdownld.tmp

2009-10-17 12:46:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-10-16 10:56:22 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared

2009-10-16 10:56:05 ----D---- C:\Program Files\Rosetta Stone

2009-10-16 10:56:05 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone

2009-10-14 14:20:17 ----D---- C:\Program Files\Codemasters

2009-10-14 09:12:46 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Apple Computer

2009-10-14 09:12:23 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-10-14 09:12:02 ----D---- C:\Program Files\QuickTime

2009-10-14 09:12:02 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

2009-10-13 12:07:13 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Yahoo!

2009-10-13 12:06:44 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbdkor.dll

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbdjpn.dll

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbd106.dll

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbd103.dll

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbd101c.dll

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbd101b.dll

2009-10-08 19:51:52 ----D---- C:\Documents and Settings\aguinaldo\Application Data\FastStone

2009-10-08 11:16:16 ----D---- C:\Documents and Settings\aguinaldo\Application Data\mIRC

2009-10-05 21:27:33 ----D---- C:\WINDOWS\Sun

2009-10-01 12:14:23 ----RA---- C:\WINDOWS\system32\psfind.dll

2009-10-01 08:55:51 ----A---- C:\WINDOWS\system32\BASSMOD.dll

2009-10-01 08:52:23 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

2009-09-30 15:29:16 ----D---- C:\Program Files\NCsoft

 

======List of files/folders modified in the last 1 months======

 

 

2009-10-29 09:04:11 ----D---- C:\Program Files\Mozilla Firefox

2009-10-29 09:02:07 ----D---- C:\WINDOWS\Temp

2009-10-28 17:17:29 ----D---- C:\Program Files

2009-10-28 17:11:16 ----D---- C:\WINDOWS\system32\drivers

2009-10-28 16:48:34 ----D---- C:\WINDOWS\Network Diagnostic

2009-10-28 16:46:37 ----D---- C:\WINDOWS

2009-10-28 16:44:28 ----SH---- C:\boot.ini

2009-10-28 16:44:28 ----A---- C:\WINDOWS\win.ini

2009-10-28 16:44:28 ----A---- C:\WINDOWS\system.ini

2009-10-28 13:23:41 ----SHD---- C:\WINDOWS\Installer

2009-10-28 13:23:41 ----D---- C:\WINDOWS\WinSxS

2009-10-28 13:23:31 ----D---- C:\WINDOWS\system32

2009-10-28 13:23:26 ----D---- C:\WINDOWS\system32\CatRoot2

2009-10-28 13:23:26 ----D---- C:\WINDOWS\inf

2009-10-28 12:58:15 ----D---- C:\Documents and Settings\aguinaldo\Application Data\dvdcss

2009-10-28 00:22:29 ----D---- C:\Program Files\PowerArchiver

2009-10-26 21:38:39 ----A---- C:\WINDOWS\NeroDigital.ini

2009-10-26 13:42:44 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Adobe

2009-10-26 10:54:15 ----SHD---- C:\System Volume Information

2009-10-26 10:48:02 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-10-26 10:47:46 ----SD---- C:\WINDOWS\Tasks

2009-10-26 09:59:00 ----D---- C:\WINDOWS\system32\dllcache

2009-10-26 09:56:50 ----D---- C:\Program Files\Internet Explorer

2009-10-26 09:55:26 ----D---- C:\WINDOWS\system32\CatRoot

2009-10-26 09:27:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-10-22 23:08:46 ----D---- C:\WINDOWS\Help

2009-10-22 23:08:02 ----D---- C:\Program Files\Fichiers communs

2009-10-22 23:07:46 ----D---- C:\Program Files\NVIDIA Corporation

2009-10-22 22:44:39 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-10-22 10:47:26 ----RSD---- C:\WINDOWS\Fonts

2009-10-21 12:28:43 ----SHD---- C:\RECYCLER

2009-10-21 08:47:02 ----D---- C:\WINDOWS\system32\DirectX

2009-10-21 08:34:40 ----A---- C:\WINDOWS\system32\svchost.exe

2009-10-20 12:35:46 ----D---- C:\WINDOWS\Debug

2009-10-20 12:14:55 ----HD---- C:\Program Files\InstallShield Installation Information

2009-10-14 14:26:58 ----D---- C:\WINDOWS\SxsCaPendDel

2009-10-14 14:24:53 ----RSD---- C:\WINDOWS\assembly

2009-10-09 16:45:46 ----D---- C:\Program Files\Fichiers communs\InstallShield

2009-10-09 12:59:19 ----A---- C:\WINDOWS\system32\ResHacker.ini

2009-10-08 15:44:50 ----D---- C:\temp

2009-10-05 19:06:54 ----D---- C:\Program Files\mIRCG

2009-10-04 09:23:06 ----D---- C:\Program Files\ma-config.com

2009-10-04 09:23:06 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2009-10-03 15:11:59 ----SD---- C:\Documents and Settings\aguinaldo\Application Data\Microsoft

2009-10-01 14:45:33 ----D---- C:\Program Files\THQ

2009-09-30 00:49:38 ----D---- C:\WINDOWS\Microsoft.NET

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Ext2fs;Ext2fs; C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2006-10-23 132736]

R1 IfsDrives;IfsDrives; C:\WINDOWS\system32\DRIVERS\IfsDrives.sys [2004-09-25 4608]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []

R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-10-26 315408]

R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]

R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-13 60800]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-05-13 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 afv7v4bf;afv7v4bf; C:\WINDOWS\system32\drivers\afv7v4bf.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-19 479200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-11 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-11 82944]

S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-17 152984]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2007-06-28 79136]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]

R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-07-04 267560]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-22 655624]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-07-04 779560]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-07 2821468]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]

S4 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-10-21 14336]

 

-----------------EOF-----------------

 

et bien voila je croit que je n est rien oublier!!!!

merci!!

Modifié par coldstorage
Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

et bien voila je croit que je n est rien oublier!!!!

Si :P Tu as oublié le second rapport rsit qui se nomme info.txt et qui se trouve dans le répertoire C:\rsit

Poste son contenu stp.

 

coldstorage: le scan que tu as fait date à présent. J'aimerai que tu le refasses, mais comme ceci >>

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

  • Double clique sur le fichier MalwareByte's Anti-Malware.exe pour lancer le programme.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complêt"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

N'oublie pas de brancher tes supports amovibles surtout!! carte mémoire de ton APN/clé usb/disque dur amovible etc...et met bien le programme à jour avant scan: il y a des traces d'infection par support amovible (entre autre).

coldstorage Junior Member

coldstorage

Posté(e)
  • Auteur
Posté(e)

salut Thanos!

tous d abord merci pour t on attention a mon problème!! merci

voila pour le raport MalwareByte's Anti-Malware avec comme tu me la demander mise a jour mais j ai pas de clé usb/disque dur externe...

 

Malwarebytes' Anti-Malware 1.41

Version de la base de données: 3059

Windows 5.1.2600 Service Pack 3, v.5512

 

30/10/2009 12:49:57

mbam-log-2009-10-30 (12-49-57).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 371065

Temps écoulé: 1 hour(s), 11 minute(s), 14 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 2

Dossier(s) infecté(s): 2

Fichier(s) infecté(s): 12

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a2234b15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Ertfor) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2234b15-23f2-42ad-f4e4-00aac39c0004} (Trojan.Ertfor) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\kbdnet.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\kbdnet.dll -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1858 (Worm.Autorun) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Documents and Settings\aguinaldo\Mes documents\Downloads\Garmin.City.Navigator.Europe.NT.v2010.1.Update\IMG\006-D0323-08\manifest.xml (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\s-1-5-21-0243936033-3052116371-381863308-1858\Desktop.ini (Worm.Autorun) -> Quarantined and deleted successfully.

C:\WINDOWS\010112010146116101.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\0101120101464955.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\0101120101465050.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\0101120101465249.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\0101120101465349.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\0101120101465649.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mscert.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\kbdnet.dll (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

 

le raport rsit!

 

 

info.txt logfile of random's system information tool 1.06 2009-10-29 09:12:39

 

======Uninstall list======

 

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL

-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL

-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->C:\WINDOWS\UNRecode.exe /UNINSTALL

-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}

7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"

Acrobat.com-->msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}

Acrobat.com-->MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}

Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}

Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}

Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}

Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}

Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}

Adobe Asset Services CS4-->MsiExec.exe /I{B9F4561A-924D-4510-A85A-BB0960C338CB}

Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}

Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}

Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}

Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}

Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}

Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}

Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}

Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}

Adobe Contribute CS4-->MsiExec.exe /I{A6EC82A0-1414-475D-8AFD-469089F3080D}

Adobe Creative Suite 4 Master Collection-->C:\Program Files\Fichiers communs\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe --uninstall=1

Adobe Creative Suite 4 Master Collection-->MsiExec.exe /I{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}

Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}

Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}

Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}

Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}

Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}

Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}

Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}

Adobe Encore CS4 Codecs-->MsiExec.exe /I{FB2A5FCC-B81B-48C2-A009-7804694D83E9}

Adobe Encore CS4-->MsiExec.exe /I{5EAD5443-7194-46CC-A055-428E6ABB1BAF}

Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}

Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}

Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}

Adobe Flash CS4 Extension - Flash Lite STI fr-->MsiExec.exe /I{BD423B54-8668-44B6-8610-D24514445E88}

Adobe Flash CS4 STI-fr-->MsiExec.exe /I{48F9998C-3BA0-42D3-82E6-5882441EB8CE}

Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}

Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}

Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}

Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}

Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}

Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}

Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}

Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}

Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}

Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}

Adobe Media Encoder CS4 Dolby-->MsiExec.exe /I{EE353798-E875-42E0-B58D-7E6696182EA8}

Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}

Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}

Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}

Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}

Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}

Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}

Adobe OnLocation CS4-->MsiExec.exe /I{7406DF60-016D-476B-A2C7-55D997592047}

Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}

Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}

Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}

Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}

Adobe Premiere Pro CS4 Functional Content-->MsiExec.exe /I{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}

Adobe Premiere Pro CS4 Third Party Content-->MsiExec.exe /I{C938BE91-3BB5-4B84-9EF6-88F0505D0038}

Adobe Premiere Pro CS4-->MsiExec.exe /I{D499F8DE-3F31-4900-9157-61061613704B}

Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}

Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}

Adobe Setup-->MsiExec.exe /I{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}

Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}

Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}

Adobe Soundbooth CS4 Codecs-->MsiExec.exe /I{52232EF4-CC12-4C21-ABCF-ADB79618302D}

Adobe Soundbooth CS4-->MsiExec.exe /I{14F70205-1940-4000-88C7-BE799A6B2CAD}

Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}

Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}

Adobe Version Cue CS4 Server-->MsiExec.exe /I{1B7C06E1-4888-47A6-992A-0990B9683486}

Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}

Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}

AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}

AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}

DiscJuggler-->C:\Program Files\Padus\DiscJuggler\Uninstall.exe

EditHexa-->C:\WINDOWS\EditHexaUninstall.exe "C:\Program Files\EditHexa"

Ext2Ifs-->"C:\WINDOWS\System32\UnIfs.exe"

FastStone-->"C:\Program Files\FastStone Capture\Désinstaller.exe"

Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}

GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

HouseCall 6.6-->"C:\Documents and Settings\aguinaldo\Application Data\HouseCall 6.6\uninstaller.exe"

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

IrfanView-->"C:\Program Files\IrfanView\Désinstaller.exe"

Java 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}

Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}

Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}

K-Lite Mega Codec Pack 5.2.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}

Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Machinarium-->C:\Program Files\Machinarium\uninst.exe

Ma-Config.com-->MsiExec.exe /X{425FFD94-36BD-4933-881B-FE0B9DADF2B7}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}

Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F112F66E-25CA-42DD-983C-6118EB38F606}

Microsoft Kernel-Mode Driver Framework Feature Pack 1.1-->"C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe

Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{9F5DF7FC-3AF2-4502-9084-F62FC00A5A3F}

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}

NCsoft Launcher-->"C:\Program Files\InstallShield Installation Information\{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}\setup.exe" -runfromtemp -l0x040c -removeonly

Nero 7 Essentials-->MsiExec.exe /X{3BDEE284-1516-40E8-B784-00FEBE1B1036}

NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI

NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall

NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}

OF Dragon Rising-->"C:\Program Files\InstallShield Installation Information\{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}\setup.exe" -runfromtemp -l0x040c -removeonly

OpenGL Extensions Viewer 3.0-->"C:\Program Files\realtech VR\OpenGL Extensions Viewer 3.0\uninst.exe"

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}

Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}

Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}

PowerArchiver 2007 French-->MsiExec.exe /I{1AEE96F5-C6A1-49FE-B82F-DE7DC459FE90}

Reshack/Reg2NSIS/Reg2inf-->"C:\WINDOWS\System32\UnTools.exe"

RESIDENT EVIL 5-->MsiExec.exe /X{AC08BBA0-96B9-431A-A7D0-D8598E493775}

Rosetta Stone V3-->MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}

Torchlight-->C:\Program Files\Runic Games\Torchlight\uninstall.exe

Trojan Remover 6.8.1-->"C:\Program Files\Trojan Remover\unins000.exe"

TubeMaster++ 1.3-->"C:\Program Files\TubeMaster++\unins000.exe"

Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe

VDMSound 2.0.4-->MsiExec.exe /I{8ECBE643-8230-11D5-9D6B-00A024112F81}

Virtual CDRom-->"C:\Program Files\Virtual CDRom\Désinstaller.exe"

VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}

Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Trust Anti-Pub-->"C:\WINDOWS\System32\Drivers\Etc\UnHosts.exe"

Windows Trust Installer-->"C:\Program Files\WTInstaller\Désinstaller.exe"

WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe

 

======Hosts File======

 

127.0.0.1 localhost

127.0.0.1 rad.msn.com

127.0.0.1 rad.live.com

127.0.0.1 ads1.msn.com

127.0.0.1 adfarm.mediaplex.com

127.0.0.1 101com.com

127.0.0.1 101order.com

127.0.0.1 103bees.com

127.0.0.1 1100i.com

127.0.0.1 123banners.com

 

Securitycenter WMI appears to be broken

 

======System event log======

 

Computer Name: AGUINALD-612874

Event Code: 15007

Message: La réservation de l'espace de nom identifié par le préfixe d'URL http://*:2869/ a été correctement ajoutée.

 

Record Number: 5

Source Name: HTTP

Time Written: 20070101015417.000000+060

Event Type: Informations

User:

 

Computer Name: AGUINALD-612874

Event Code: 3260

Message: Cet ordinateur a correctement été joint au workgroup 'WORKGROUP'.

 

Record Number: 4

Source Name: Workstation

Time Written: 20070101015156.000000+060

Event Type: Informations

User:

 

Computer Name: AGUINALD-612874

Event Code: 6011

Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers AGUINALD-612874.

 

Record Number: 3

Source Name: EventLog

Time Written: 20070101015128.000000+060

Event Type: Informations

User:

 

Computer Name: MACHINENAME

Event Code: 6005

Message: Le service d'Enregistrement d'événement a démarré.

 

Record Number: 2

Source Name: EventLog

Time Written: 20070101024624.000000+060

Event Type: Informations

User:

 

Computer Name: MACHINENAME

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.

 

Record Number: 1

Source Name: EventLog

Time Written: 20070101024624.000000+060

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: AGUINALD-612874

Event Code: 4113

Message:

Record Number: 8446

Source Name: Avira AntiVir

Time Written: 20091017090306.000000+120

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: AGUINALD-612874

Event Code: 4113

Message:

Record Number: 8445

Source Name: Avira AntiVir

Time Written: 20091017090306.000000+120

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: AGUINALD-612874

Event Code: 4113

Message:

Record Number: 8444

Source Name: Avira AntiVir

Time Written: 20091017090250.000000+120

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: AGUINALD-612874

Event Code: 4113

Message:

Record Number: 8443

Source Name: Avira AntiVir

Time Written: 20091017090250.000000+120

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: AGUINALD-612874

Event Code: 4113

Message:

Record Number: 8442

Source Name: Avira AntiVir

Time Written: 20091017090235.000000+120

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%VDMSPath%

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=1706

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"VDMSPath"=C:\Program Files\VDMSound\

 

-----------------EOF-----------------

 

 

ba voila thanos et surtout bonne lecture! :P

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

MBAM mis à jour a fait son scan complet et nettoyé les infections.

J'aimerai à présent que tu relances RSIT et que tu postes le rapport qui s'affiche pour voir si l'infection n'est pas revenue.

 

Est ce que tu reçois encore des pubs lors de tes surfs ?

coldstorage Junior Member

coldstorage

Posté(e)
  • Auteur
Posté(e)

voila le nouveau rapport rsit!

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by aguinaldo at 2009-10-30 23:52:00

Microsoft Windows XP Professionnel Service Pack 3, v.5512

System drive C: has 16 GB (2%) free of 715 GB

Total RAM: 2046 MB (62% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:52:05, on 30/10/2009

Platform: Windows XP SP3, v.5512 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\ALCFDRTM.EXE

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe

C:\Program Files\uTorrent\utorrent.exe

C:\Program Files\Winamp\winamp.exe

C:\Documents and Settings\aguinaldo\Bureau\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\aguinaldo.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris

F3 - REG:win.ini: load=????

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden

O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

 

--

End of file - 7497 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]

ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]

FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]

"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1970176]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]

"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-07-04 161064]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2009-10-17 1070984]

"AdobeCS4ServiceManager"=C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

"Adobe_ID0ENQBO"=C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]

"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-09-23 1657448]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"=C:\Program Files\uTorrent\utorrent.exe [2009-10-01 289072]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-07-04 148776]

"LightScribe Control Panel"=C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\calc]

C:\WINDOWS\system32\calc.dll,_IWMPEvents@0 []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnableDCOM]

N []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

??????

??Ÿ

???????? []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUAD Scheduler]

C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUAD Windows service]

C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^aguinaldo^Menu Démarrer^Programmes^Démarrage^scandisk.lnk]

C:\DOCUME~1\AGUINA~1\MENUDM~1\PROGRA~1\DMARRA~1\scandisk.dll,_IWMPEvents@0 []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-11 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=1

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"SynchronousMachineGroupPolicy"=0

"SynchronousUserGroupPolicy"=0

"ConsentPromptBehaviorAdmin"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

"ForceClassicControlPanel"=1

"NoDesktopCleanupWizard"=1

"NoInstrumentation"=1

"NoResolveSearch"=1

"NoResolveTrack"=1

"NoSMBalloonTip"=1

"NoSMConfigurePrograms"=1

"NoStartMenuMFUprogramsList"=1

"NoStrCmpLogical"=0

"NoWelcomeScreen"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=

"NoDriveTypeAutoRun"=

"NoResolveTrack"=

"NoSetActiveDesktop"=

"HideRunAsVerb"=

"NoInstrumentation"=

"NoStartMenuMFUprogramsList"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

"C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE"="C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9)"

"C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE"="C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10)"

"C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe"="C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"

"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe"="C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising"

"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"

"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

"C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"

"C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"

"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13879d0b-a175-11de-8687-00508dbbea6e}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538aa59b-ae90-11de-8689-00508dbbea6e}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacee1b9-9fb1-11de-8686-00508dbbea6e}]

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacee1bd-9fb1-11de-8686-00508dbbea6e}]

shell\AutoRun\command - K:\Setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacee1be-9fb1-11de-8686-00508dbbea6e}]

shell\AutoRun\command - L:\autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacee1c4-9fb1-11de-8686-00508dbbea6e}]

shell\AutoRun\command - M:\Torchlight_Setup.exe

 

 

======List of files/folders created in the last 1 months======

 

2009-10-30 22:40:50 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Real

2009-10-30 10:00:53 ----A---- C:\WINDOWS\system32\flags.ini

2009-10-29 09:12:36 ----D---- C:\rsit

2009-10-28 17:17:29 ----D---- C:\Program Files\Trend Micro

2009-10-28 17:10:14 ----D---- C:\Documents and Settings\aguinaldo\Application Data\HouseCall 6.6

2009-10-28 13:25:42 ----D---- C:\Documents and Settings\aguinaldo\Application Data\runic games

2009-10-28 13:23:43 ----D---- C:\Program Files\Runic Games

2009-10-26 10:49:55 ----D---- C:\Program Files\Kaspersky Lab

2009-10-26 10:49:55 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2009-10-26 10:46:50 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-10-26 10:30:14 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Mozilla

2009-10-26 10:28:21 ----D---- C:\Program Files\mozilla.org

2009-10-26 09:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$

2009-10-26 09:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$

2009-10-26 09:57:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$

2009-10-26 09:57:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2009-10-26 09:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2009-10-26 09:53:59 ----D---- C:\WINDOWS\ie7updates

2009-10-26 09:53:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2009-10-26 09:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2009-10-26 09:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2009-10-26 09:51:47 ----HD---- C:\WINDOWS\$hf_mig$

2009-10-26 09:46:07 ----D---- C:\Program Files\Panda Security

2009-10-25 09:11:38 ----D---- C:\Documents and Settings\aguinaldo\Application Data\abelhadigital.com

2009-10-24 09:35:54 ----D---- C:\Program Files\Machinarium

2009-10-22 23:08:10 ----D---- C:\WINDOWS\system32\AGEIA

2009-10-22 23:08:10 ----D---- C:\Program Files\AGEIA Technologies

2009-10-22 23:08:02 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

2009-10-22 22:57:10 ----D---- C:\Documents and Settings\All Users\Application Data\realtech VR

2009-10-22 22:57:06 ----D---- C:\Program Files\realtech VR

2009-10-22 12:02:08 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet

2009-10-22 11:02:49 ----D---- C:\Documents and Settings\All Users\Application Data\ALM

2009-10-22 10:46:25 ----RA---- C:\WINDOWS\system32\AdobePDFUI.dll

2009-10-22 10:46:25 ----RA---- C:\WINDOWS\system32\AdobePDF.dll

2009-10-22 10:37:43 ----D---- C:\Program Files\Adobe Media Player

2009-10-22 10:36:39 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2009-10-22 10:36:37 ----D---- C:\Program Files\Fichiers communs\Adobe AIR

2009-10-22 10:33:14 ----D---- C:\Program Files\Adobe

2009-10-21 23:13:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2009-10-21 20:38:24 ----A---- C:\WINDOWS\wininit.ini

2009-10-21 20:23:02 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-10-21 20:23:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-10-21 16:26:52 ----D---- C:\Documents and Settings\aguinaldo\Application Data\vlc

2009-10-21 15:03:28 ----D---- C:\WINDOWS\pss

2009-10-21 11:49:41 ----A---- C:\WINDOWS\system32\ztvunrar36.dll

2009-10-21 11:49:41 ----A---- C:\WINDOWS\system32\ztvunace26.dll

2009-10-21 11:49:41 ----A---- C:\WINDOWS\system32\ztvcabinet.dll

2009-10-21 11:49:41 ----A---- C:\WINDOWS\system32\UNRAR3.dll

2009-10-21 11:49:41 ----A---- C:\WINDOWS\system32\unacev2.dll

2009-10-21 11:49:40 ----D---- C:\Program Files\Trojan Remover

2009-10-21 11:49:40 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software

2009-10-21 11:49:40 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Simply Super Software

2009-10-20 22:54:37 ----D---- C:\Program Files\EditHexa

2009-10-20 22:54:37 ----A---- C:\WINDOWS\EditHexaUninstall.exe

2009-10-20 22:23:18 ----D---- C:\WINDOWS\A5W_DATA

2009-10-20 22:23:18 ----A---- C:\WINDOWS\A5W.INI

2009-10-20 22:23:13 ----A---- C:\WINDOWS\w32dasm8.ini

2009-10-20 20:34:56 ----A---- C:\WINDOWS\system32\klogon.dll

2009-10-19 14:10:11 ----D---- C:\Program Files\Fichiers communs\Adobe

2009-10-19 12:07:39 ----D---- C:\Program Files\Padus

2009-10-17 17:37:10 ----A---- C:\WINDOWS\system32\XAudio2_5.dll

2009-10-17 17:37:10 ----A---- C:\WINDOWS\system32\xactengine3_5.dll

2009-10-17 17:37:09 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll

2009-10-17 17:37:09 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll

2009-10-17 17:37:08 ----A---- C:\WINDOWS\system32\D3DX9_42.dll

2009-10-17 17:37:08 ----A---- C:\WINDOWS\system32\d3dx11_42.dll

2009-10-17 17:37:08 ----A---- C:\WINDOWS\system32\d3dx10_42.dll

2009-10-17 17:36:16 ----HD---- C:\WINDOWS\msdownld.tmp

2009-10-17 12:46:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-10-16 10:56:22 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared

2009-10-16 10:56:05 ----D---- C:\Program Files\Rosetta Stone

2009-10-16 10:56:05 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone

2009-10-14 14:20:17 ----D---- C:\Program Files\Codemasters

2009-10-14 09:12:46 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Apple Computer

2009-10-14 09:12:23 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-10-14 09:12:02 ----D---- C:\Program Files\QuickTime

2009-10-14 09:12:02 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

2009-10-13 12:07:13 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Yahoo!

2009-10-13 12:06:44 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbdkor.dll

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbdjpn.dll

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbd106.dll

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbd103.dll

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbd101c.dll

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbd101b.dll

2009-10-08 19:51:52 ----D---- C:\Documents and Settings\aguinaldo\Application Data\FastStone

2009-10-08 11:16:16 ----D---- C:\Documents and Settings\aguinaldo\Application Data\mIRC

2009-10-05 21:27:33 ----D---- C:\WINDOWS\Sun

2009-10-01 12:14:23 ----RA---- C:\WINDOWS\system32\psfind.dll

2009-10-01 08:55:51 ----A---- C:\WINDOWS\system32\BASSMOD.dll

2009-10-01 08:52:23 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

 

======List of files/folders modified in the last 1 months======

 

 

2009-10-30 23:08:25 ----D---- C:\Program Files\Mozilla Firefox

2009-10-30 13:14:21 ----D---- C:\Program Files\PowerArchiver

2009-10-30 12:49:57 ----SHD---- C:\RECYCLER

2009-10-30 12:49:56 ----D---- C:\WINDOWS\system32

2009-10-30 12:49:56 ----D---- C:\WINDOWS

2009-10-30 10:00:28 ----D---- C:\WINDOWS\Temp

2009-10-29 22:20:36 ----D---- C:\Program Files

2009-10-29 20:32:21 ----D---- C:\WINDOWS\system32\CatRoot2

2009-10-28 17:11:16 ----D---- C:\WINDOWS\system32\drivers

2009-10-28 16:48:34 ----D---- C:\WINDOWS\Network Diagnostic

2009-10-28 16:44:28 ----SH---- C:\boot.ini

2009-10-28 16:44:28 ----A---- C:\WINDOWS\win.ini

2009-10-28 16:44:28 ----A---- C:\WINDOWS\system.ini

2009-10-28 13:23:41 ----SHD---- C:\WINDOWS\Installer

2009-10-28 13:23:41 ----D---- C:\WINDOWS\WinSxS

2009-10-28 13:23:26 ----D---- C:\WINDOWS\inf

2009-10-28 12:58:15 ----D---- C:\Documents and Settings\aguinaldo\Application Data\dvdcss

2009-10-26 21:38:39 ----A---- C:\WINDOWS\NeroDigital.ini

2009-10-26 13:42:44 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Adobe

2009-10-26 10:54:15 ----SHD---- C:\System Volume Information

2009-10-26 10:48:02 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-10-26 10:47:46 ----SD---- C:\WINDOWS\Tasks

2009-10-26 09:59:00 ----D---- C:\WINDOWS\system32\dllcache

2009-10-26 09:56:50 ----D---- C:\Program Files\Internet Explorer

2009-10-26 09:55:26 ----D---- C:\WINDOWS\system32\CatRoot

2009-10-26 09:27:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-10-22 23:08:46 ----D---- C:\WINDOWS\Help

2009-10-22 23:08:02 ----D---- C:\Program Files\Fichiers communs

2009-10-22 23:07:46 ----D---- C:\Program Files\NVIDIA Corporation

2009-10-22 22:44:39 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-10-22 10:47:26 ----RSD---- C:\WINDOWS\Fonts

2009-10-21 08:47:02 ----D---- C:\WINDOWS\system32\DirectX

2009-10-21 08:34:40 ----A---- C:\WINDOWS\system32\svchost.exe

2009-10-20 12:35:46 ----D---- C:\WINDOWS\Debug

2009-10-20 12:14:55 ----HD---- C:\Program Files\InstallShield Installation Information

2009-10-14 14:26:58 ----D---- C:\WINDOWS\SxsCaPendDel

2009-10-14 14:24:53 ----RSD---- C:\WINDOWS\assembly

2009-10-09 16:45:46 ----D---- C:\Program Files\Fichiers communs\InstallShield

2009-10-09 12:59:19 ----A---- C:\WINDOWS\system32\ResHacker.ini

2009-10-08 15:44:50 ----D---- C:\temp

2009-10-05 19:06:54 ----D---- C:\Program Files\mIRCG

2009-10-04 09:23:06 ----D---- C:\Program Files\ma-config.com

2009-10-04 09:23:06 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2009-10-03 15:11:59 ----SD---- C:\Documents and Settings\aguinaldo\Application Data\Microsoft

2009-10-01 14:45:33 ----D---- C:\Program Files\THQ

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Ext2fs;Ext2fs; C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2006-10-23 132736]

R1 IfsDrives;IfsDrives; C:\WINDOWS\system32\DRIVERS\IfsDrives.sys [2004-09-25 4608]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []

R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-10-26 315408]

R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]

R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-13 60800]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-05-13 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 a55oh3gt;a55oh3gt; C:\WINDOWS\system32\drivers\a55oh3gt.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-19 479200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-11 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-11 82944]

S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-17 152984]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2007-06-28 79136]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]

R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-07-04 267560]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-22 655624]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-07-04 779560]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-07 2821468]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]

S4 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-10-21 14336]

 

-----------------EOF-----------------

 

merci Thanos,alors non pour l instant pas de pub pendant que je surf..je trouve sa étrange!

car j avais pas arrêter de faire des scans!

dit moi thanos quesque tu y voie la dans tous c est rapport dit moi?

j aimerait un peut apprendre moi aussi!

pourrait tu me dire se que tu cherche??

merci l amis++

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

dit moi thanos quesque tu y voie la dans tous c est rapport dit moi?

j aimerait un peut apprendre moi aussi!

pourrait tu me dire se que tu cherche??

He bien au début de la discussion tu m'as dit que tu voyais des pubs s'afficher lorsque tu lançais une recherche sur internet. Je me suis donc assuré dans un premier temps que ton pc n'avait pas été infecté par les adwares habituels connus pour afficher des pubs >> navipromo/CID/Vundo (il y en a d'autres).

Le rapport que tu avais posté ne montrait aucune de ces infections, mais en laissait apparaitre une autre.(kbdnet.dll) MBAM n'avait pas détecté cette infection lors du précédent scan (le premier que tu as posté), car il n'avait pas encore inclu cette menace. Celle ci a été récemment prise en compte, et c'est pour ca que je t'ai demandé de refaire un scan après mise à jour. MBAM a fait le nettoyage.

Le rapport rsit montrait aussi des signes d'infection par support amovibles: je te conseille chaudement de lire le topic créé par Gof à ce propos, c'est très bien écrit et accessible. Ca te permettra de connaitre/reconnaitre cette infection >> http://forum.zebulon.fr/infections-par-sup...es-t131959.html

Manifestement il n'y a plus que des traces de cette infection sur le pc. On va finir le nettoyage au passage.

 

Télécharge OTM par OldTimer et enregistre ce fichier sur le Bureau.

  • Fais un double clic sur OTM.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    :first
:services
tmcomm

:files
C:\WINDOWS\system32\calc.dll
C:\DOCUME~1\AGUINA~1\MENUDM~1\PROGRA~1\DMARRA~1\scandisk.dll
C:\Program Files\QUAD Utilities
L:\autorun.exe

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\calc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnableDCOM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUAD Scheduler]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUAD Windows service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^aguinaldo^Menu Démarrer^Programmes^Démarrage^scandisk.lnk]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13879d0b-a175-11de-8687-00508dbbea6e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538aa59b-ae90-11de-8689-00508dbbea6e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacee1b9-9fb1-11de-8686-00508dbbea6e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacee1be-9fb1-11de-8686-00508dbbea6e}]


:commands
[emptytemp]
[start explorer]


  • Retourne dans la fenêtre de OTMoveIt3, fais un clic droit dans la zone de gauche intitulée img-025804xb055.png puis choisis Coller.
  • Clique sur le bouton rouge img-025919bxiq4.png
  • Ferme OTM
  • Poste dans ta prochaine réponse le rapport de OTM (contenu du fichier C:\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

Reposte moi un dernier rapport rist stp + le rapport d'OTM :P

coldstorage Junior Member

coldstorage

Posté(e)
  • Auteur
Posté(e)

re bonjours thanos!!

 

voila pour otm!

 

All processes killed

Error: Unable to interpret <:first> in the current context!

========== SERVICES/DRIVERS ==========

Service\Driver tmcomm stopped successfully.

Service\Driver tmcomm deleted successfully.

========== FILES ==========

File/Folder C:\WINDOWS\system32\calc.dll not found.

File/Folder C:\DOCUME~1\AGUINA~1\MENUDM~1\PROGRA~1\DMARRA~1\scandisk.dll not found.

File/Folder C:\Program Files\QUAD Utilities not found.

File move failed. L:\Autorun.exe scheduled to be moved on reboot.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\calc\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnableDCOM\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUAD Scheduler\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QUAD Windows service\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^aguinaldo^Menu Démarrer^Programmes^Démarrage^scandisk.lnk\ deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13879d0b-a175-11de-8687-00508dbbea6e}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13879d0b-a175-11de-8687-00508dbbea6e}\ not found.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{538aa59b-ae90-11de-8689-00508dbbea6e}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{538aa59b-ae90-11de-8689-00508dbbea6e}\ not found.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacee1b9-9fb1-11de-8686-00508dbbea6e}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aacee1b9-9fb1-11de-8686-00508dbbea6e}\ not found.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacee1be-9fb1-11de-8686-00508dbbea6e}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aacee1be-9fb1-11de-8686-00508dbbea6e}\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: aguinaldo

->Temp folder emptied: 103895497 bytes

File delete failed. C:\Documents and Settings\aguinaldo\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

->Temporary Internet Files folder emptied: 27208440 bytes

->Java cache emptied: 13714066 bytes

->FireFox cache emptied: 88658897 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 366240 bytes

 

%systemdrive% .tmp files removed: 0 bytes

C:\WINDOWS\msdownld.tmp folder deleted successfully.

%systemroot% .tmp files removed: 2351795 bytes

%systemroot%\System32 .tmp files removed: 3072 bytes

Windows Temp folder emptied: 13394 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 225,33 mb

 

 

OTM by OldTimer - Version 3.0.0.6 log created on 10312009_130535

 

Files moved on Reboot...

File L:\Autorun.exe not found!

 

Registry entries deleted on Reboot...

 

 

 

 

et voila pour rsit!!

 

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by aguinaldo at 2009-10-31 13:11:43

Microsoft Windows XP Professionnel Service Pack 3, v.5512

System drive C: has 28 GB (4%) free of 715 GB

Total RAM: 2046 MB (75% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:11:44, on 31/10/2009

Platform: Windows XP SP3, v.5512 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20978)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\ALCFDRTM.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe

C:\Documents and Settings\aguinaldo\Bureau\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\aguinaldo.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris

F3 - REG:win.ini: load=????

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden

O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm

O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

 

--

End of file - 7650 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Automatic troubleshooting.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]

ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]

FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"=C:\WINDOWS\RaidTool\xInsIDE.exe [2007-03-20 36864]

"36X Raid Configurer"=C:\WINDOWS\system32\xRaidSetup.exe [2007-11-19 1970176]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-01-30 16116224]

"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-07-04 161064]

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2009-10-17 1070984]

"AdobeCS4ServiceManager"=C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

"Adobe_ID0ENQBO"=C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]

"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-09-23 1657448]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]

"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-07-04 148776]

"LightScribe Control Panel"=C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-11 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=1

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"SynchronousMachineGroupPolicy"=0

"SynchronousUserGroupPolicy"=0

"ConsentPromptBehaviorAdmin"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

"ForceClassicControlPanel"=1

"NoDesktopCleanupWizard"=1

"NoInstrumentation"=1

"NoResolveSearch"=1

"NoResolveTrack"=1

"NoSMBalloonTip"=1

"NoSMConfigurePrograms"=1

"NoStartMenuMFUprogramsList"=1

"NoStrCmpLogical"=0

"NoWelcomeScreen"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=

"NoDriveTypeAutoRun"=

"NoResolveTrack"=

"NoSetActiveDesktop"=

"HideRunAsVerb"=

"NoInstrumentation"=

"NoStartMenuMFUprogramsList"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

"C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE"="C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9)"

"C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE"="C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10)"

"C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe"="C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"

"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

"C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe"="C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising"

"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"

"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

"C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"

"C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"

"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacee1bd-9fb1-11de-8686-00508dbbea6e}]

shell\AutoRun\command - K:\Setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacee1be-9fb1-11de-8686-00508dbbea6e}]

shell\AutoRun\command - L:\autorun.exe

 

 

======List of files/folders created in the last 1 months======

 

2009-10-31 13:07:07 ----D---- C:\WINDOWS\Prefetch

2009-10-31 13:07:07 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-10-31 13:05:35 ----D---- C:\_OTM

2009-10-31 10:05:26 ----A---- C:\WINDOWS\system32\TURegOpt.exe

2009-10-31 10:05:25 ----A---- C:\WINDOWS\system32\uxtuneup.dll

2009-10-31 10:05:06 ----D---- C:\Documents and Settings\aguinaldo\Application Data\TuneUp Software

2009-10-31 10:04:53 ----D---- C:\Program Files\TuneUp Utilities 2010

2009-10-31 10:04:45 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2009-10-31 10:04:39 ----SHD---- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2009-10-30 22:40:50 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Real

2009-10-30 10:00:53 ----A---- C:\WINDOWS\system32\flags.ini

2009-10-29 09:12:36 ----D---- C:\rsit

2009-10-28 17:17:29 ----D---- C:\Program Files\Trend Micro

2009-10-28 17:10:14 ----D---- C:\Documents and Settings\aguinaldo\Application Data\HouseCall 6.6

2009-10-28 13:25:42 ----D---- C:\Documents and Settings\aguinaldo\Application Data\runic games

2009-10-28 13:23:43 ----D---- C:\Program Files\Runic Games

2009-10-26 10:49:55 ----D---- C:\Program Files\Kaspersky Lab

2009-10-26 10:49:55 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2009-10-26 10:46:50 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2009-10-26 10:30:14 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Mozilla

2009-10-26 10:28:21 ----D---- C:\Program Files\mozilla.org

2009-10-26 09:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$

2009-10-26 09:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$

2009-10-26 09:57:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$

2009-10-26 09:57:32 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$

2009-10-26 09:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$

2009-10-26 09:53:59 ----D---- C:\WINDOWS\ie7updates

2009-10-26 09:53:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2009-10-26 09:52:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2009-10-26 09:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2009-10-26 09:51:47 ----HD---- C:\WINDOWS\$hf_mig$

2009-10-26 09:46:07 ----D---- C:\Program Files\Panda Security

2009-10-25 09:11:38 ----D---- C:\Documents and Settings\aguinaldo\Application Data\abelhadigital.com

2009-10-24 09:35:54 ----D---- C:\Program Files\Machinarium

2009-10-22 23:08:10 ----D---- C:\WINDOWS\system32\AGEIA

2009-10-22 23:08:10 ----D---- C:\Program Files\AGEIA Technologies

2009-10-22 23:08:02 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard

2009-10-22 22:57:10 ----D---- C:\Documents and Settings\All Users\Application Data\realtech VR

2009-10-22 22:57:06 ----D---- C:\Program Files\realtech VR

2009-10-22 12:02:08 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet

2009-10-22 11:02:49 ----D---- C:\Documents and Settings\All Users\Application Data\ALM

2009-10-22 10:46:25 ----RA---- C:\WINDOWS\system32\AdobePDFUI.dll

2009-10-22 10:46:25 ----RA---- C:\WINDOWS\system32\AdobePDF.dll

2009-10-22 10:37:43 ----D---- C:\Program Files\Adobe Media Player

2009-10-22 10:36:39 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2009-10-22 10:36:37 ----D---- C:\Program Files\Fichiers communs\Adobe AIR

2009-10-22 10:33:14 ----D---- C:\Program Files\Adobe

2009-10-21 23:13:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2009-10-21 20:38:24 ----A---- C:\WINDOWS\wininit.ini

2009-10-21 20:23:02 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-10-21 20:23:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-10-21 16:26:52 ----D---- C:\Documents and Settings\aguinaldo\Application Data\vlc

2009-10-21 15:03:28 ----D---- C:\WINDOWS\pss

2009-10-21 11:49:41 ----A---- C:\WINDOWS\system32\ztvunrar36.dll

2009-10-21 11:49:41 ----A---- C:\WINDOWS\system32\ztvunace26.dll

2009-10-21 11:49:41 ----A---- C:\WINDOWS\system32\ztvcabinet.dll

2009-10-21 11:49:41 ----A---- C:\WINDOWS\system32\UNRAR3.dll

2009-10-21 11:49:41 ----A---- C:\WINDOWS\system32\unacev2.dll

2009-10-21 11:49:40 ----D---- C:\Program Files\Trojan Remover

2009-10-21 11:49:40 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software

2009-10-21 11:49:40 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Simply Super Software

2009-10-20 22:54:37 ----D---- C:\Program Files\EditHexa

2009-10-20 22:54:37 ----A---- C:\WINDOWS\EditHexaUninstall.exe

2009-10-20 22:23:18 ----D---- C:\WINDOWS\A5W_DATA

2009-10-20 22:23:18 ----A---- C:\WINDOWS\A5W.INI

2009-10-20 22:23:13 ----A---- C:\WINDOWS\w32dasm8.ini

2009-10-20 20:34:56 ----A---- C:\WINDOWS\system32\klogon.dll

2009-10-19 14:10:11 ----D---- C:\Program Files\Fichiers communs\Adobe

2009-10-19 12:07:39 ----D---- C:\Program Files\Padus

2009-10-17 17:37:10 ----A---- C:\WINDOWS\system32\XAudio2_5.dll

2009-10-17 17:37:10 ----A---- C:\WINDOWS\system32\xactengine3_5.dll

2009-10-17 17:37:09 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll

2009-10-17 17:37:09 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll

2009-10-17 17:37:08 ----A---- C:\WINDOWS\system32\D3DX9_42.dll

2009-10-17 17:37:08 ----A---- C:\WINDOWS\system32\d3dx11_42.dll

2009-10-17 17:37:08 ----A---- C:\WINDOWS\system32\d3dx10_42.dll

2009-10-17 12:46:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2009-10-16 10:56:22 ----D---- C:\Program Files\Fichiers communs\Macrovision Shared

2009-10-16 10:56:05 ----D---- C:\Program Files\Rosetta Stone

2009-10-16 10:56:05 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone

2009-10-14 14:20:17 ----D---- C:\Program Files\Codemasters

2009-10-14 09:12:46 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Apple Computer

2009-10-14 09:12:23 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-10-14 09:12:02 ----D---- C:\Program Files\QuickTime

2009-10-14 09:12:02 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer

2009-10-13 12:07:13 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Yahoo!

2009-10-13 12:06:44 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!

2009-10-10 21:36:01 ----D---- C:\Program Files\eMule

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbdkor.dll

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbdjpn.dll

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbd106.dll

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbd103.dll

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbd101c.dll

2009-10-09 12:27:32 ----A---- C:\WINDOWS\system32\kbd101b.dll

2009-10-08 19:51:52 ----D---- C:\Documents and Settings\aguinaldo\Application Data\FastStone

2009-10-08 11:16:16 ----D---- C:\Documents and Settings\aguinaldo\Application Data\mIRC

2009-10-05 21:27:33 ----D---- C:\WINDOWS\Sun

2009-10-01 12:14:23 ----RA---- C:\WINDOWS\system32\psfind.dll

2009-10-01 08:55:51 ----A---- C:\WINDOWS\system32\BASSMOD.dll

2009-10-01 08:52:23 ----A---- C:\WINDOWS\system32\CmdLineExt.dll

 

======List of files/folders modified in the last 1 months======

 

 

2009-10-31 13:08:24 ----D---- C:\Program Files\Mozilla Firefox

2009-10-31 13:07:18 ----D---- C:\WINDOWS\Temp

2009-10-31 13:07:07 ----D---- C:\WINDOWS

2009-10-31 13:05:59 ----D---- C:\WINDOWS\system32

2009-10-31 10:44:30 ----SD---- C:\WINDOWS\Tasks

2009-10-31 10:37:58 ----SHD---- C:\WINDOWS\Installer

2009-10-31 10:09:07 ----D---- C:\Program Files\PowerArchiver

2009-10-31 10:04:53 ----D---- C:\Program Files

2009-10-30 12:49:57 ----SHD---- C:\RECYCLER

2009-10-29 20:32:21 ----D---- C:\WINDOWS\system32\CatRoot2

2009-10-28 17:11:16 ----D---- C:\WINDOWS\system32\drivers

2009-10-28 16:48:34 ----D---- C:\WINDOWS\Network Diagnostic

2009-10-28 16:44:28 ----SH---- C:\boot.ini

2009-10-28 16:44:28 ----A---- C:\WINDOWS\win.ini

2009-10-28 16:44:28 ----A---- C:\WINDOWS\system.ini

2009-10-28 13:23:41 ----D---- C:\WINDOWS\WinSxS

2009-10-28 13:23:26 ----D---- C:\WINDOWS\inf

2009-10-28 12:58:15 ----D---- C:\Documents and Settings\aguinaldo\Application Data\dvdcss

2009-10-28 09:32:27 ----HD---- C:\Program Files\InstallShield Installation Information

2009-10-26 21:38:39 ----A---- C:\WINDOWS\NeroDigital.ini

2009-10-26 13:42:44 ----D---- C:\Documents and Settings\aguinaldo\Application Data\Adobe

2009-10-26 10:54:15 ----SHD---- C:\System Volume Information

2009-10-26 10:48:02 ----DC---- C:\WINDOWS\system32\DRVSTORE

2009-10-26 09:59:00 ----D---- C:\WINDOWS\system32\dllcache

2009-10-26 09:56:50 ----D---- C:\Program Files\Internet Explorer

2009-10-26 09:55:26 ----D---- C:\WINDOWS\system32\CatRoot

2009-10-26 09:27:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-10-22 23:08:46 ----D---- C:\WINDOWS\Help

2009-10-22 23:08:02 ----D---- C:\Program Files\Fichiers communs

2009-10-22 23:07:46 ----D---- C:\Program Files\NVIDIA Corporation

2009-10-22 22:44:39 ----D---- C:\WINDOWS\system32\ReinstallBackups

2009-10-22 10:47:26 ----RSD---- C:\WINDOWS\Fonts

2009-10-21 08:47:02 ----D---- C:\WINDOWS\system32\DirectX

2009-10-21 08:34:40 ----A---- C:\WINDOWS\system32\svchost.exe

2009-10-20 12:35:46 ----D---- C:\WINDOWS\Debug

2009-10-14 14:26:58 ----D---- C:\WINDOWS\SxsCaPendDel

2009-10-14 14:24:53 ----RSD---- C:\WINDOWS\assembly

2009-10-09 16:45:46 ----D---- C:\Program Files\Fichiers communs\InstallShield

2009-10-09 12:59:19 ----A---- C:\WINDOWS\system32\ResHacker.ini

2009-10-08 15:44:50 ----D---- C:\temp

2009-10-05 19:06:54 ----D---- C:\Program Files\mIRCG

2009-10-04 09:23:06 ----D---- C:\Program Files\ma-config.com

2009-10-04 09:23:06 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com

2009-10-03 15:11:59 ----SD---- C:\Documents and Settings\aguinaldo\Application Data\Microsoft

2009-10-01 14:45:33 ----D---- C:\Program Files\THQ

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 Ext2fs;Ext2fs; C:\WINDOWS\system32\DRIVERS\ext2fs.sys [2006-10-23 132736]

R1 IfsDrives;IfsDrives; C:\WINDOWS\system32\DRIVERS\IfsDrives.sys [2004-09-25 4608]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []

R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-10-26 315408]

R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-13 60800]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]

R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-05-13 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 ax5mltlo;ax5mltlo; C:\WINDOWS\system32\drivers\ax5mltlo.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]

S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-19 479200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-11 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-11 82944]

S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-17 152984]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2007-06-28 79136]

R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]

R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2009-10-21 14336]

R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-07-04 267560]

S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-22 655624]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-07-04 779560]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-07 2821468]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2009-10-31 435016]

S4 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-10-21 14336]

 

-----------------EOF-----------------

 

 

 

 

 

merci et comme d hab' bonne lecture :P

et bon week-end!!

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

Une petite correction supplémentaire à faire: si tu as un support amovible dont la lettre est L, branche le avant de faire le scan! >>

  • Fais un double clic sur OTM.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    :first

:processes
explorer.exe

:services
npggsvc

:files
C:\WINDOWS\system32\GameMon.des.exe
L:\autorun.exe

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aacee1be-9fb1-11de-8686-00508dbbea6e}]
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"load"=""

:commands
[emptytemp]
[start explorer]


  • Retourne dans la fenêtre de OTMoveIt3, fais un clic droit dans la zone de gauche intitulée img-025804xb055.png puis choisis Coller.
  • Clique sur le bouton rouge img-025919bxiq4.png
  • Ferme OTM
  • Poste dans ta prochaine réponse le rapport de OTM (contenu du fichier C:\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

 

Toujours pas de pubs ?

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...