[Résolu] Infection de mon ordinateur

[thrasher2000]

Bonjour,

 

Je suis nouveau sur le forum qu'un ami m'a fortement recommandé et je ne suis pas sur de poster au bon endroit.

 

J'ai un pc sous windows xp sp3 infecté par un truc qui semble assez costaud.

 

Je n'arrive pas a executer hijackthis ni mbam et je ne peux pas non plus installer d'antivirus.

 

Pouvez vous m'aider s'il vous plait.

Modifié le 12 février 2010 par thrasher2000

[thrasher2000]

Je precise au passage que le mode sans echec ne se lance pas, le pc reboote tout seul avant même d'arriver sur la page de chargement de windows.

 

Merci

[Falkra]

Bonjour, on va regarder ça, vois si l'outil suivant se lance.

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau. Cet outil va faire un état des lieux, lire la configuration, comme HijackThis, mais en plus détaillé.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• NB : Les rapports sont sauvegardés dans le dossier C:\rsit
  Ca fait deux rapports donc. Comme ils sont longs, tu peux faire 2 réponses, une par rapport.
  

[thrasher2000]

Merci de votre reponse rapide car je suis bien embété.

 

Je viens de lancer RSIT.exe et j'ai bien obtenu les 2 fichiers texte voici le premier "log.txt"

 

 

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Thrasher2007 at 2010-02-11 23:40:59

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 13 GB (26%) free of 50 GB

Total RAM: 3070 MB (87% free)

 

HijackThis download failed

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2008-09-05 143360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

relog_ap

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLUA"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDriveAutorun"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"

"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"

"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SERVICE.EXE"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SERVICE.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient service"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient application"

"C:\Program Files\CheckPoint\SecuRemote\bin\SCC.EXE"="C:\Program Files\CheckPoint\SecuRemote\bin\SCC.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient command line"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.EXE"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"

"C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe"="C:\Program Files\SEGA\SEGA Rally\SEGA Rally.exe:*:Enabled:SEGA Rally"

"C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe"="C:\Program Files\SEGA\SEGA Rally\SEGA Rally_SSE1.exe:*:Enabled:SEGA Rally"

"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"

"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"

"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editeur"

"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SERVICE.EXE"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SERVICE.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient service"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient application"

"C:\Program Files\CheckPoint\SecuRemote\bin\SCC.EXE"="C:\Program Files\CheckPoint\SecuRemote\bin\SCC.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient command line"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.EXE"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"

"C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{811a644a-a231-11de-ba46-0015af010e77}]

shell\AutoRun\command - K:\CHLOE.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9571763f-5331-11de-8ed1-0015af010e77}]

shell\AutoRun\command - K:\CHLOE.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96559fa7-6ec5-11de-b9ef-0015af010e77}]

shell\AutoRun\command - P:\CHLOE.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9bf2bb6-ebbe-11de-b665-0015af010e77}]

shell\AutoRun\command - Q:\InstallTomTomHOME.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff2516e4-3a70-11de-8e9f-0015af010e77}]

shell\AutoRun\command - K:\LaunchU3.exe -a

 

 

======File associations======

 

.ini - open - "C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"

.js - edit -

.js - open - "C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"

.txt - open - "C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"

 

======List of files/folders created in the last 1 months======

 

2010-02-11 23:41:00 ----D---- C:\Program Files\trend micro

2010-02-11 23:40:59 ----D---- C:\rsit

2010-02-11 23:10:37 ----D---- C:\Qoobox

2010-02-11 23:10:05 ----D---- C:\Program Files\Kaspersky Lab

2010-02-11 23:10:05 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2010-02-11 23:08:46 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files

2010-02-11 23:06:45 ----D---- C:\Program Files\ZZZTest

2010-02-11 23:00:17 ----D---- C:\Documents and Settings\Thrasher2007\Application Data\Malwarebytes

2010-02-11 23:00:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-02-11 22:51:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-02-11 22:46:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-02-11 22:46:10 ----D---- C:\Program Files\Spybot - Search & Destroy

2010-02-11 22:38:20 ----A---- C:\WINDOWS\system32\tmp.txt

2010-02-11 22:38:17 ----A---- C:\rapport.txt

2010-02-11 00:22:53 ----HD---- C:\Documents and Settings\Thrasher2007\Application Data\m

2010-02-11 00:20:58 ----HD---- C:\Documents and Settings\Thrasher2007\Application Data\drivers

2010-01-22 18:22:25 ----D---- C:\Documents and Settings\Thrasher2007\Application Data\Acronis

 

======List of files/folders modified in the last 1 months======

 

2010-02-11 23:41:00 ----RD---- C:\Program Files

2010-02-11 23:38:55 ----D---- C:\WINDOWS\Temp

2010-02-11 23:38:54 ----D---- C:\WINDOWS

2010-02-11 23:38:30 ----SHD---- C:\WINDOWS\CSC

2010-02-11 23:11:08 ----D---- C:\Program Files\Mozilla Firefox

2010-02-11 23:10:06 ----SHD---- C:\WINDOWS\Installer

2010-02-11 23:09:44 ----HD---- C:\WINDOWS\inf

2010-02-11 23:09:41 ----D---- C:\WINDOWS\system32\CatRoot2

2010-02-11 23:09:39 ----HD---- C:\Config.Msi

2010-02-11 23:02:22 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-02-11 23:00:12 ----D---- C:\WINDOWS\system32\drivers

2010-02-11 22:43:14 ----D---- C:\WINDOWS\system32

2010-02-11 08:26:23 ----D---- C:\WINDOWS\Prefetch

2010-02-11 08:22:29 ----D---- C:\Documents and Settings\Thrasher2007\Application Data\Apple Computer

2010-02-11 08:22:23 ----A---- C:\WINDOWS\uedit32.INI

2010-02-11 00:23:32 ----D---- C:\Documents and Settings\Thrasher2007\Application Data\MobileSyncBrowser

2010-02-11 00:22:45 ----D---- C:\Program Files\MobileSyncBrowser

2010-02-09 18:58:40 ----A---- C:\WINDOWS\NeroDigital.ini

2010-01-23 17:01:24 ----D---- C:\Documents and Settings\Thrasher2007\Application Data\Corel

2010-01-15 09:09:12 ----A---- C:\WINDOWS\IE4 Error Log.txt

2010-01-15 08:44:54 ----D---- C:\Documents and Settings\Thrasher2007\Application Data\vlc

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]

R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-09-12 110592]

R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-11-06 16512]

R2 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\DRIVERS\HCWBT8XX.sys [2002-02-28 280644]

R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-05-19 32768]

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]

R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]

R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-05 3300864]

R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]

R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-12 57856]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-12 19968]

R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]

S3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys []

S3 asta1y3y;asta1y3y; C:\WINDOWS\system32\drivers\asta1y3y.sys []

S3 asta1y3y;asta1y3y; C:\WINDOWS\system32\drivers\asta1y3y.sys []

S3 Asushwio;Asushwio; \??\C:\WINDOWS\system32\drivers\Asushwio.sys []

S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]

S3 btTool;btTool; \??\G:\Logiciels\2\Reg tool borg\WINDRVR.SYS []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-21 51088]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-21 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-21 21744]

S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-07-09 52096]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter; C:\WINDOWS\System32\DRIVERS\RTL8187.sys [2006-04-12 169472]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [2007-02-16 411168]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-09-11 172032]

R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-13 20543]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-09-11 135227]

R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-09-11 65599]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-02-07 173616]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

S2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -r []

S2 MySql;MySql; C:/MYAPHP/MYSQL/bin/mysqld-opt.exe []

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\Fichiers communs\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-19 654848]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]

S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]

S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-05 573440]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

 

-----------------EOF-----------------

 

 

 

 

Voici le fichier "info.txt":

 

 

info.txt logfile of random's system information tool 1.06 2010-02-11 23:41:01

 

======Uninstall list======

 

--> -c"C:\WINDOWS\PIXTRAN\sdkunin.dll"

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->C:\Program Files\MAGIX\Speed2_burnR_mxcdr\unwise.exe

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->MsiExec /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe

Acronis True Image Home-->MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}

Actionaz 2.0.7.3-->"C:\Program Files\Jmgr.info\Actionaz 2\unins000.exe"

Adobe Acrobat 8 Professional - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

AIDA32 v3.93-->"C:\Program Files\Aida32\unins000.exe"

AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x040c -removeonly

Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

ASUSUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x40c

ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}

ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x574f

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}

AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Borderlands-->MsiExec.exe /X{52B65911-1559-4ED5-9461-46957FDD48CD}

BS.Player PRO-->"C:\Program Files\Webteh\BSplayerPro\uninstall.exe"

Canon DR-2050C/2080C Scanner Driver-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\PIXTRAN\DR2080C.isu

Capcom Fighter's Generation - Version 2-->MsiExec.exe /I{90F42697-07A8-4228-833B-1E8128E901E9}

Catalyst Control Center - Branding-->MsiExec.exe /I{4893A35F-0A23-48EC-8E74-24969244D6F2}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CDRoller version 8.00-->"C:\Program Files\CDRoller\unins000.exe"

CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"

CodeStuff Starter-->"C:\Program Files\CodeStuff\Starter\unStarter.exe"

Corel Paint Shop Pro Photo XI-->MsiExec.exe /I{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}

Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"

DirectShow subtitle filter colleciton (remove only)-->"C:\WINDOWS\system32\SubtitDSuninst.exe"

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}

Easy CD-DA Extractor 10-->"C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 10\irunin.xml"

EasyPHP 2.0b1-->"C:\Program Files\EasyPHP 2.0b1\unins000.exe"

Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly

Firebird SQL Server - MAGIX Edition-->MsiExec.exe /X{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}

Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe

Free Mp3 Wma Converter V 1.81-->"C:\Program Files\Free Audio Pack\unins000.exe"

Free Video Converter V 2.2-->"C:\Program Files\Free Video Converter\unins000.exe"

Gordian Knot Rip Pack 0.35.0-->C:\Program Files\GordianKnot\uninst.exe

GTK+ Runtime 2.6.9 rev a (remove only)-->C:\Program Files\Fichiers communs\GTK\2.0\uninst.exe

Hauppauge WinTV2000-->C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG

HeadAC3he 0.24 a13 Fr-->C:\Program Files\HeadAC3he\UnInstall_HeadAC3he.exe

High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe

HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat

HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}

IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe

iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}

Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

KC Softwares VideoInspector-->"C:\Program Files\KC Softwares\VideoInspector\unins000.exe"

MAGIX 3D Maker (embeded)-->C:\Program Files\MAGIX\Common\3D_Maker_embeded\unwise.exe

MAGIX 3D Maker (embeded)-->C:\Program Files\MAGIX\Common\3D_Maker_embeded\unwise.exe

MAGIX Screenshare 4.3.6.1987 (UK)-->C:\Program Files\MAGIX\PCVisit\unwise.exe

MAGIX Screenshare-->C:\Program Files\MAGIX\PCVisit\unwise.exe

MAGIX Speed burnR-->C:\Program Files\MAGIX\Speed2_burnR_mxcdr\unwise.exe

MAGIX Video deluxe 16 Plus Version à télécharger 9.0.0.55 (F)-->C:\Program Files\MAGIX\Video_deluxe_16_Plus_Version à télécharger\unwise.exe

MAGIX Video Pro X 1.5 8.6.0.17 (UK)-->C:\Program Files\MAGIX\Video_Pro_X_1_5_Download_version\unwise.exe

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins001.exe"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe

Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}

Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}

MobileOffice D28-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE760249-AA0E-4BB4-859F-952A27BD36D7}\setup.exe" -l0x40c

MobileSyncBrowser 3.1-->C:\Program Files\MobileSyncBrowser\Uninstall.exe

MobileSyncBrowser 3.1-->C:\Program Files\MobileSyncBrowser\Uninstall.exe

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe

Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}

My Lockbox 1.2 for Windows 2000/XP-->"C:\Program Files\My Lockbox\unins000.exe"

Nero 8-->MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1036}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Norton PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1036

NVIDIA PhysX v8.10.29-->MsiExec.exe /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}

OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U

PowerDVD-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x00040c /z-uninstall

Puzzle Quest-->"C:\WINDOWS\Puzzle Quest\uninstall.exe" "/U:C:\Program Files\Puzzle Quest\Uninstall\uninstall.xml"

QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe

QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}

resident evil 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}\install.exe" -l0x40c -removeonly

Satsuki Decoder Pack-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe

Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly

Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SubRip 1.17.1 (remove only)-->"C:\Program Files\SubRip\Uninstall.exe"

Super macro 3.1-->C:\Program Files\Super macro\uninst.exe

SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

Transmute v1.65-->MsiExec.exe /X{58A44E96-0247-49A6-AD87-D6BAABF0979C}

Tweak-XP Pro 4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Tweak-XP Pro 4\irunin.ini"

UltraCompare v6.00-->MsiExec.exe /I{0F0CF767-99E8-44E0-8F1D-9D9C1C8D1B40}

UltraEdit 14.20-->MsiExec.exe /I{6BA940D2-F37B-42A3-943D-048ED7549A6D}

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe

VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"

Volume Logic Plug-in for Winamp (remove only)-->"C:\Program Files\Winamp\uninst_vl.exe"

VSO Image Resizer 2.2.2.1-->"C:\Program Files\VSO\Image Resizer\unins000.exe"

WhereIsIt? 3.51-->"C:\Program Files\WhereIsIt\unins000.exe"

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

XMPEG 5.0 RC2-3-->"C:\Program Files\XMPEG\uninstall.exe"

Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

 

======Hosts File======

 

66.98.148.65 auto.search.msn.com

66.98.148.65 auto.search.msn.es

 

======System event log======

 

Computer Name: THRASHER

Event Code: 7000

Message: Le service MySql n'a pas pu démarrer en raison de l'erreur :

Le chemin d'accès spécifié est introuvable.

 

 

Record Number: 99252

Source Name: Service Control Manager

Time Written: 20100206201119.000000+060

Event Type: erreur

User:

 

Computer Name: THRASHER

Event Code: 9

Message: RegisterTscDrift()

 

Node[ 0 ] Core[ 1 ] Cpu[ 1 ] Affinity[ 0x2 ]

 

Thread registered succesfully: SamplingRate(ms)[ 1000 ]

 

Record Number: 99251

Source Name: AmdLLD

Time Written: 20100206201111.000000+060

Event Type: Informations

User:

 

Computer Name: THRASHER

Event Code: 9

Message: RegisterTscDrift()

 

Node[ 0 ] Core[ 0 ] Cpu[ 0 ] Affinity[ 0x1 ]

 

Thread registered succesfully: SamplingRate(ms)[ 1000 ]

 

Record Number: 99250

Source Name: AmdLLD

Time Written: 20100206201111.000000+060

Event Type: Informations

User:

 

Computer Name: THRASHER

Event Code: 6005

Message: Le service d'Enregistrement d'événement a démarré.

 

Record Number: 99249

Source Name: EventLog

Time Written: 20100206201105.000000+060

Event Type: Informations

User:

 

Computer Name: THRASHER

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.

 

Record Number: 99248

Source Name: EventLog

Time Written: 20100206201105.000000+060

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: THRASHER

Event Code: 0

Message:

Record Number: 6634

Source Name: iPod Service

Time Written: 20100206201131.000000+060

Event Type: Informations

User:

 

Computer Name: THRASHER

Event Code: 1800

Message: Le service Centre de sécurité Windows a démarré.

 

Record Number: 6633

Source Name: SecurityCenter

Time Written: 20100206201119.000000+060

Event Type: Informations

User:

 

Computer Name: THRASHER

Event Code: 0

Message:

Record Number: 6632

Source Name: RichVideo

Time Written: 20100206201118.000000+060

Event Type: Informations

User:

 

Computer Name: THRASHER

Event Code: 0

Message:

Record Number: 6631

Source Name: Fabs

Time Written: 20100206201115.000000+060

Event Type: Informations

User:

 

Computer Name: THRASHER

Event Code: 1

Message:

Record Number: 6630

Source Name: Bonjour Service

Time Written: 20100206201114.000000+060

Event Type: Informations

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\DivX Shared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=6b02

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

 

-----------------EOF-----------------

 

 

Voici le deuxième "info.txt":

 

 

info.txt logfile of random's system information tool 1.06 2010-02-11 23:41:01

 

======Uninstall list======

 

--> -c"C:\WINDOWS\PIXTRAN\sdkunin.dll"

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

-->C:\Program Files\MAGIX\Speed2_burnR_mxcdr\unwise.exe

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->MsiExec /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe

Acronis True Image Home-->MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}

Actionaz 2.0.7.3-->"C:\Program Files\Jmgr.info\Actionaz 2\unins000.exe"

Adobe Acrobat 8 Professional - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

AIDA32 v3.93-->"C:\Program Files\Aida32\unins000.exe"

AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x040c -removeonly

Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

ASUSUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x40c

ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}

ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x574f

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}

AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Borderlands-->MsiExec.exe /X{52B65911-1559-4ED5-9461-46957FDD48CD}

BS.Player PRO-->"C:\Program Files\Webteh\BSplayerPro\uninstall.exe"

Canon DR-2050C/2080C Scanner Driver-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\PIXTRAN\DR2080C.isu

Capcom Fighter's Generation - Version 2-->MsiExec.exe /I{90F42697-07A8-4228-833B-1E8128E901E9}

Catalyst Control Center - Branding-->MsiExec.exe /I{4893A35F-0A23-48EC-8E74-24969244D6F2}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CDRoller version 8.00-->"C:\Program Files\CDRoller\unins000.exe"

CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"

CodeStuff Starter-->"C:\Program Files\CodeStuff\Starter\unStarter.exe"

Corel Paint Shop Pro Photo XI-->MsiExec.exe /I{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}

Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"

DirectShow subtitle filter colleciton (remove only)-->"C:\WINDOWS\system32\SubtitDSuninst.exe"

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}

Easy CD-DA Extractor 10-->"C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 10\irunin.xml"

EasyPHP 2.0b1-->"C:\Program Files\EasyPHP 2.0b1\unins000.exe"

Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly

Firebird SQL Server - MAGIX Edition-->MsiExec.exe /X{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}

Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe

Free Mp3 Wma Converter V 1.81-->"C:\Program Files\Free Audio Pack\unins000.exe"

Free Video Converter V 2.2-->"C:\Program Files\Free Video Converter\unins000.exe"

Gordian Knot Rip Pack 0.35.0-->C:\Program Files\GordianKnot\uninst.exe

GTK+ Runtime 2.6.9 rev a (remove only)-->C:\Program Files\Fichiers communs\GTK\2.0\uninst.exe

Hauppauge WinTV2000-->C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG

HeadAC3he 0.24 a13 Fr-->C:\Program Files\HeadAC3he\UnInstall_HeadAC3he.exe

High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe

HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat

HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}

IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe

iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}

Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

KC Softwares VideoInspector-->"C:\Program Files\KC Softwares\VideoInspector\unins000.exe"

MAGIX 3D Maker (embeded)-->C:\Program Files\MAGIX\Common\3D_Maker_embeded\unwise.exe

MAGIX 3D Maker (embeded)-->C:\Program Files\MAGIX\Common\3D_Maker_embeded\unwise.exe

MAGIX Screenshare 4.3.6.1987 (UK)-->C:\Program Files\MAGIX\PCVisit\unwise.exe

MAGIX Screenshare-->C:\Program Files\MAGIX\PCVisit\unwise.exe

MAGIX Speed burnR-->C:\Program Files\MAGIX\Speed2_burnR_mxcdr\unwise.exe

MAGIX Video deluxe 16 Plus Version à télécharger 9.0.0.55 (F)-->C:\Program Files\MAGIX\Video_deluxe_16_Plus_Version à télécharger\unwise.exe

MAGIX Video Pro X 1.5 8.6.0.17 (UK)-->C:\Program Files\MAGIX\Video_Pro_X_1_5_Download_version\unwise.exe

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins001.exe"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe

Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}

Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL

Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}

MobileOffice D28-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE760249-AA0E-4BB4-859F-952A27BD36D7}\setup.exe" -l0x40c

MobileSyncBrowser 3.1-->C:\Program Files\MobileSyncBrowser\Uninstall.exe

MobileSyncBrowser 3.1-->C:\Program Files\MobileSyncBrowser\Uninstall.exe

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe

Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}

My Lockbox 1.2 for Windows 2000/XP-->"C:\Program Files\My Lockbox\unins000.exe"

Nero 8-->MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1036}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Norton PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1036

NVIDIA PhysX v8.10.29-->MsiExec.exe /X{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}

OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U

PowerDVD-->"C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x00040c /z-uninstall

Puzzle Quest-->"C:\WINDOWS\Puzzle Quest\uninstall.exe" "/U:C:\Program Files\Puzzle Quest\Uninstall\uninstall.xml"

QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe

QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}

resident evil 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}\install.exe" -l0x40c -removeonly

Satsuki Decoder Pack-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe

Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}

SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly

Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SubRip 1.17.1 (remove only)-->"C:\Program Files\SubRip\Uninstall.exe"

Super macro 3.1-->C:\Program Files\Super macro\uninst.exe

SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

Transmute v1.65-->MsiExec.exe /X{58A44E96-0247-49A6-AD87-D6BAABF0979C}

Tweak-XP Pro 4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Tweak-XP Pro 4\irunin.ini"

UltraCompare v6.00-->MsiExec.exe /I{0F0CF767-99E8-44E0-8F1D-9D9C1C8D1B40}

UltraEdit 14.20-->MsiExec.exe /I{6BA940D2-F37B-42A3-943D-048ED7549A6D}

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}

VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe

VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"

Volume Logic Plug-in for Winamp (remove only)-->"C:\Program Files\Winamp\uninst_vl.exe"

VSO Image Resizer 2.2.2.1-->"C:\Program Files\VSO\Image Resizer\unins000.exe"

WhereIsIt? 3.51-->"C:\Program Files\WhereIsIt\unins000.exe"

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}

Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}

XMPEG 5.0 RC2-3-->"C:\Program Files\XMPEG\uninstall.exe"

Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

 

======Hosts File======

 

66.98.148.65 auto.search.msn.com

66.98.148.65 auto.search.msn.es

 

======System event log======

 

Computer Name: THRASHER

Event Code: 7000

Message: Le service MySql n'a pas pu démarrer en raison de l'erreur :

Le chemin d'accès spécifié est introuvable.

 

 

Record Number: 99252

Source Name: Service Control Manager

Time Written: 20100206201119.000000+060

Event Type: erreur

User:

 

Computer Name: THRASHER

Event Code: 9

Message: RegisterTscDrift()

 

Node[ 0 ] Core[ 1 ] Cpu[ 1 ] Affinity[ 0x2 ]

 

Thread registered succesfully: SamplingRate(ms)[ 1000 ]

 

Record Number: 99251

Source Name: AmdLLD

Time Written: 20100206201111.000000+060

Event Type: Informations

User:

 

Computer Name: THRASHER

Event Code: 9

Message: RegisterTscDrift()

 

Node[ 0 ] Core[ 0 ] Cpu[ 0 ] Affinity[ 0x1 ]

 

Thread registered succesfully: SamplingRate(ms)[ 1000 ]

 

Record Number: 99250

Source Name: AmdLLD

Time Written: 20100206201111.000000+060

Event Type: Informations

User:

 

Computer Name: THRASHER

Event Code: 6005

Message: Le service d'Enregistrement d'événement a démarré.

 

Record Number: 99249

Source Name: EventLog

Time Written: 20100206201105.000000+060

Event Type: Informations

User:

 

Computer Name: THRASHER

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.

 

Record Number: 99248

Source Name: EventLog

Time Written: 20100206201105.000000+060

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: THRASHER

Event Code: 0

Message:

Record Number: 6634

Source Name: iPod Service

Time Written: 20100206201131.000000+060

Event Type: Informations

User:

 

Computer Name: THRASHER

Event Code: 1800

Message: Le service Centre de sécurité Windows a démarré.

 

Record Number: 6633

Source Name: SecurityCenter

Time Written: 20100206201119.000000+060

Event Type: Informations

User:

 

Computer Name: THRASHER

Event Code: 0

Message:

Record Number: 6632

Source Name: RichVideo

Time Written: 20100206201118.000000+060

Event Type: Informations

User:

 

Computer Name: THRASHER

Event Code: 0

Message:

Record Number: 6631

Source Name: Fabs

Time Written: 20100206201115.000000+060

Event Type: Informations

User:

 

Computer Name: THRASHER

Event Code: 1

Message:

Record Number: 6630

Source Name: Bonjour Service

Time Written: 20100206201114.000000+060

Event Type: Informations

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\DivX Shared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=6b02

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

 

-----------------EOF-----------------

[thrasher2000]

Désolé, je mes suis un peu emmêlé les pinceaux et j'ai posté deux fois le log "info.txt".

 

Dans le même post en plus...

 

C'est la première fois que je poste sur un forum alors il faut etre indulgent...

[Falkra]

Pas de problème.

 

Il y a du monde. Lis tout le post avant de démarrer la procédure, il y a un ordre à respecter.

 

Étape 1: rkill (de Grinler), téléchargement

Télécharger rkill depuis l'un des liens ci-dessous:

 

Lien 1

Lien 2

Lien 3

Lien 4

 

Enregistre le fichier sur le bureau.

 

Étape 2: Pas de processus de contrôle en temps réel

Désactive le module résident de l'antivirus et celui de l'antispyware.

 

Étape 3: rkill (de Grinler), exécution

Fais un double-clic sur le fichier rkill téléchargé pour lancer l'outil.

Pour Vista, faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

 

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.

Poste le rapport que tu trouveras dans C:\rkill.log

 

Juste après rkill, tu vas utiliser Combofix. Ce logiciel n'est à utiliser que prescrit et piloté par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Attention à bien suivre ces instructions en détail, ne pas oublier de renommer combofix.exe AVANT qu'il ne soit téléchargé, quand on peut encore changer le nom du fichier et dire au navigateur où le télécharger.

 

Télécharge combofix.exe de sUBs et renomme-le TRALALA.exe avant de le sauvegarder sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Désactive l'antivirus, sinon combofix va te mettre un message (sinon, dis ok au message).
  
• Double-clique combofix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Si on te propose de redémarrer parc qu'un rootkit a été trouvé, fais-le.
  
• On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  
• Le bureau disparaît, c'est normal, et il va revenir.
  
• Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

 

Tu peux voir ces opérations dans le guide officiel (seul autorisé) :

http://www.bleepingcomputer.com/combofix/f...iliser-combofix

[thrasher2000]

Voici deja le rapport de rkill :

 

 

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as Thrasher2007 on 11/02/2010 at 23:58:04.

 

 

Processes terminated by Rkill or while it was running:

 

 

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Documents and Settings\Thrasher2007\Bureau\rkill.exe

 

 

Rkill completed on 11/02/2010 at 23:58:09.

 

 

Pour infos, je poste d'un autre pc que celui infecté et sur celui qui pose problème la seule connexion internet que j'ai est en Wifi qui ne semble pas se connecter.

Combofix n'a pas pu télécharger la console de récupération et continue en ce moment même d'analyser la machine.

 

Je poste la rapport dès qu'il a terminé.

[Falkra]

Ok ferme le navigateur pendant combofix si c'est sur la même machine, le rapport sera dispo après redémarrage, ça prend un moment c'est normal.

[thrasher2000]

Voici le log de combofix:

 

 

ComboFix 10-02-11.04 - Thrasher2007 12/02/2010 0:10.1.2 - x86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3070.2692 [GMT 1:00]

Lancé depuis: c:\documents and settings\Thrasher2007\Bureau\TRALALA.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-2044650558-3794505723-415445714-1000

c:\$recycle.bin\S-1-5-21-2115523067-2798204875-4028268331-1000

c:\$recycle.bin\S-1-5-21-715198267-1411536662-1888638207-1000

c:\documents and settings\Thrasher2007\Application Data\drivers\downld

c:\documents and settings\Thrasher2007\Application Data\drivers\winupgro.exe

c:\documents and settings\Thrasher2007\Application Data\m

c:\documents and settings\Thrasher2007\Application Data\m\data.oct

c:\documents and settings\Thrasher2007\Application Data\m\list.oct

c:\documents and settings\Thrasher2007\Application Data\m\shared\32bit Fax 9.43.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\3Q DVD to iPod Converter v2.1.0.6 by AT4RE.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\7Edit Professional 2.0-key.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\A-one DVD Copy v4.37.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\ABGroups v1.4 Retail for iPhone (3G) iPod Touch by RLYEH.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\AceHide v1.21.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Acoustica MP3 CD Burner v4.01.113 by HS.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Active WebTraffic Pro v3.70.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\ActualTests.com Cisco 646-301 ExamCheatSheet v04.21.04.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Adobe Acrobat Exchange 2.0 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Advanced MP3 Converter 1.80 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Advanced Music Recovery v3.x v4.x by FFF.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Age of Mythology v1.1 [ENGLISH] Fixed EXE.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Agent Hugo Hula Holiday v1.0 FIXED SETUP.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Alawar Back To Earth v1.1 by Explosion.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Amethyst CADwizz LE v1.05c.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Amis v2.0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Animated Cursor v1.00c.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Anonymous Browsing Toolbar v2.1.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Another War v1.0 [ENGLISH] No-CD Patch.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Any Capture Screen v3.09 build 3091 by Great Elmo.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Apollo Versatile Burner 1.2.7 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Arafasoft Slide Show Creator v1.0.200506 by TE.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Atomic Windows Messenger Password Recovery 1.10 keygen.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\AtWork 3.0.2 X for Mac.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Audio Capture Pro ActiveX Control 1.15.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Auto Update Plus v2.7 by CTi.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\AVConverter Mobile Ringtone (MR) Converter v2.3.148 by AHCU.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\AVD Graphic Studio v6.7 by DVT.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Backer 5.01.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Batch File Creation Utility 1.0.4 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\BitDefender Enterprise Manager v2.6.0 by EMBRACE.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Black List 1.9 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\BlueFox Audio Converter v2.01 by SND.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Borrowed Time (1985) (Interplay) FULL!.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Browse Anywhere 1.21.1000.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\BurgoSoft FancyShutdown v1.00 by Lz0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\BurnDrive v1.0.0.9 by EViDENCE.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\CaptureWizPro v2.0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Catalogue 4.2.3 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\CD Catalog Expert v7.21.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Cerberus FTP Server v2.2 by Digerati.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Cheetah CD Burner v3.14 WinALL by TBE.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\ClipBoard Plus 2.12 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Compare 98.1.0.1.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Cool MP3 Converter v1.81.11082004 WinALL Keymaker Only by Core.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Cool Paint 2.6.0.1.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Crypto Obfuscator For .Net 2009 Build 592117.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Crystal MPEG to AVI Converter v1.00 by Bidjan.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Cubis 2 Retail JAVA 3510i by RLYEH.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Daniusoft DVD to Creative Zen Converter v1.3.36 by SND.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\DaVinchi Memory Puzzle.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\DBPut Pro v3.1.241 by diGERATi.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Defragmenter Pro Plus v1.2.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\DeskTool 2.3.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\DIC MICHAELIS (JURIDICO2) (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Digital Atmosphere 2.1.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Digital Pro 2.0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Diji Album Editor v2.1.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\DiscJuggler Pro 3.00.758 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\DomainTracker 1.0 for Mac.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\DragThing 4.5 for Mac.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\DVD Audio To CD v1.3.2 by ViRiLiTY.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\DVD Region+CSS Free Lite v5.1.6.2.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Easy Compression Library 3.60.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\EIQ Professional Suite v4.0.07 by AGAiN.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Electrical Calculator for PalmOS.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Elite Software Audit v7.01.167 Incl Keyfilemaker by AGAiN.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\EnterVision Broadcaster v4.0.36 WinALL Cracked by ARN.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Estimate Master v4.94 Incl Keymaker by ONE.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Extra DVD to iPod Ripper Express v5.0 Crack and Serial by Bidjan.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Eye Candy 4000 4.0 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Eye Candy 5

c:\documents and settings\Thrasher2007\Application Data\m\shared\EZ Winners Lotto 2004.12.0.0 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\FarPoint Input Pro for Windows Forms v1.0.8.0 Incl Keygen by ORiON.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\FileReplicationPro 1.0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\FileSpy 2.1 su.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\FlashBack v1.5 NEW.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\FlyTreeView Pro 2.46 patch.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\FullShot 8.51 Enterprise Crack by FFF.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\FXArray v1.0.0 WinALL Incl Keygen by BRD.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\GameHouse Feeding Frenzy v2.4.2.2 by BalCrNepal.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Gameloft Splinter Cell Double Agent v1.0.5 Retail for Samsung D600 Java.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Gammadyne Mailer v29.0 Cracked by FALLEN.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\GGU-Settle v2.22 Multilanguage.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\GiftMinder 1.1 for PalmOS.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Glucose Tracker 5.2 CrAcKed.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Gmini100 v1.9.0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Grand Theft Auto 4 SAVEGAME [37%].zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Grands Gibiers v1.0.0 Incl Keyfile French by RESET.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\GuestMaster v6.0.35.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Halley’s Comet Animated Screensaver 3.11 CrAcKed.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Help Scribble 2.10.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\HelpMatic Pro 1.21.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\HydeSoft Computing DPlot v2.0.6.4 by HERiTAGE.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Hyper Alarm v3.0 Deluxe by DBC.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Ibrowser Plus for Windows CE (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\ID Network Watch 1.2.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\ID Parental Advisor 1.2.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Ignition 2.8.0.46.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\IInventory v7.0.1.12 DotNet by BRD.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\ImageMan DLL Suite v6.04.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Imposer 1.0 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\ImTOO DVD Ripper Platinum v4.0.84 build 0802.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\infallsoft Sound Recorder SE 1.01.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Informix Dynamic Server Workgroup Edition 9.30 G2 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Intocartoon Pro v2.3.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Invisible Launcher v1.01 by tRUE.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\IRC Logger 1.70.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\iSkysoft DVD to MP4 Converter v1.5.43 by SND.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\jMSN Pro 1.3.0 for Symbian OS (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Koala Film Player v2.5b Multilanguage.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Kodak Digital ROC v1.1.3 for Adobe Photoshop by PARADOX.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Kutinsoft Nature Corners v2.6.0.142 Win2kXP2k3Vista Incl Keygen by CRD.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\LexiKAN 2.09.001.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Lottog Opt 1.0e (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Madden 2003 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Magic Translator 1.0.0222.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\MailCheck v1.3.0.21.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Mazaika 2.4.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\MDE Info Handler 7.6 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\MedianSoft Batch Converter v1.0 by CAFE.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\MedioStream neoTV v1.0.0.36 Incl Keymaker by AGAiN.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Memler 2.05.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\MessagePad v1.20.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Microsoft FrontPage 1.0 for Mac.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Microsoft Golf 3.0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Microsoft Office Pro 4.3c.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\MID to MP3 Converter 3.2.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\MIRC 5.71.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\MITCalc - Tension Springs 1.17.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Mixman Studio Pro 4 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Morgan LSI MJPEG Codec v1.0.9.0 by SSG.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\MP3-Explorer v4.2.0 Crack.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\MP3 Key Changer 1.0 keygen.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\MP3 Recorder XP v1.8.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\MP3 to Wave Converter v2.21 by DBC.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Musicasoft Easy CD MP3 Workshop 1.28 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\MyScreen 3.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Navigator v1.2 for PalmOS 5.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\NetCaptor v6.5.0 by AAOCG.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\New Star Soccer 1.15.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\NextLimit RealFlow v3.1.17 MacOSX Incl Keygen by SSG.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\NFS Underground 2 v1.1 [ENGLISH] No-CD Fixed EXE 1.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Okoker Audio Factory v1.3 WinALL Keygen Only by BRD.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Orange Web Server 2.1 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\osx panther 10.3 for Mac.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\PCAdresszz Enterprise v6.06 German WinALL Incl Keygen by ViRiLiTY.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\PDArt Forty Thieves Mania Pro v1.0.6 for Pocket PC 2002.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\PerfectDisk VMware 10 Build 104 crack.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Photo2VCD Professional v2.69.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Picture Publisher 5.0 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Plato DVD Ripper 1.13.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\pod2go 1.0 for Mac.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Popup Ad Stopper v9.98.09 WinALL by CHiCNCREAM.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\PositionWeaver Pro 3.05 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\PrimaSoft Software Organizer v3.6.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\ProJPEG 4.0 for Mac (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\ProtectX 1.0 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Protools LE 6.9 for Mac.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Qualcomm Eudora Pro v5.0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Qualcomm Eudora v6.0 by CRACKDIGIT.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\QuicKeys 4.0 for Mac.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\RagTime 4 for Mac.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\RioDVD Region Free Player v1.11.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\RS P2P Share Spy v2.4 Cracked by PirateK.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\SCO Open Server 4.21.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\SecretsSaver Corporate Pro 4.2-key.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\SEGA Football Manager Quiz v0.1.0 Retail for SymbianOS S60v3 JAVA 352x416 by RLYEH.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Selteco Bannershop GIF Animator v5.1.1 by SnD.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Set Me Up 3.53.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Settlers 3 [FRENCH] CD-Copy.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\SignImage2 v2.03 Incl KeygenRSS.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\SIGuardian v1.6 build 252 Multilanguage.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Skip Manager v1.50 WinALL ReggedFAiTH.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Smartphoneware Best VideoRingtones v1.03 for SymbianOS S60.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\SnagIt v6.2.2 by EVC.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\SocksCap v2.35 by NiTROUS.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Sonic Heroes MEMORY EDITOR.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Sothink SWF Decompiler v4.0 build 80225 by FFF.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\SourCer 6.09 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Spaceforce Captains v1.0 +2 TRAINER.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Spices.Decompiler 5.4.6.0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Spider 1.5.6 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\SPLASH Meet Manager v2002.73.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\SplashPhoto Desktop v4.02.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\SPSS DATA ENTRY V4.0 by Lz0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\SQLite Expert Professional v2.0.43 by Lz0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\SSW Exchange Reporter 10.15.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\StayOnline! 9.0.1.1.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Subject Search Scanner 6.0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Synapse Audio Orion Platinum v7.10 Incl Keymaker by AGAiN.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Tale of a Hero v1.0 [FRENCH] No-DVD-Fixed EXE.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Talking E-mail v3.0 by EViDENCE.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\The Jewish Calendar 1.1 by Elila.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\The Movies StarMaker v1.0 [GERMAN] +1 TRAINER.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Time Value of Money v3.3 Serial.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\TinyTERM WebServer Edition 4.21.1541 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Tracks Cleaner 1.60.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Troll Trapper v1.0 by DBZ.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Tunbit Audio Converter 2.0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Turbo Photo v2.8 by Desperate.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\UDB Workbench 3.2.5.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Ulead VideoStudio v8.0 Retail 8 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Ultimate Debt Manager Pro 2009 0.7.0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Ultra Edit 7.10 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Ultra Video Splitter v2.8.6 by ViRiLiTY.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Understand for C Plus Plus v1.4.288 by EMBRACE.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\UniDream Photo Watermark 1.1.0.9.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\UnlimitedFTP Professional 2.8.5.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Venus for Delphi 5 Incl Full Source 6.0d Retail (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Versata Studio v5.5.17 Weblogic Edition.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Virtual CD 4.3.2.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Visual IT Tube Hong Kong v1.02 for SymbianOS S60.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\VisualEffectBlossom v2004.06.06.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\VueScan Pro v8.3.59 Linux by diGERATi.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\VuPic 3.2 (Serial).zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Walker Effects Pro 2.0.2.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Wallpaper Slideshow Pro 2.4.2.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Web Page Maker v2.3.1.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Web Replay Password Manager 1.8 Regged by iNViSiBLE.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\WebKit Plus Enterprise Edition v1.0 DATACODE 20040530 by Lz0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Win Control v6.202.0.0 Incl Keygen by TBE.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Winamp v5.x.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Word Solitaire v1.0.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Wtools32.1.6.4.114ME.zip

c:\documents and settings\Thrasher2007\Application Data\m\shared\Yummy Puzzle v1.06 Unlocker WORKING by TNT.zip

c:\documents and settings\Thrasher2007\Application Data\m\srvlist.oct

c:\windows\system32\SHELLLNK.TLB

c:\windows\system32\srosa2.sys

c:\windows\system32\tmp.reg

c:\windows\system32\wfsintwq.sys

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_SROSA

-------\Legacy_SROSA

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-11 au 2010-02-11 ))))))))))))))))))))))))))))))))))))

.

 

2010-02-11 22:41 . 2010-02-11 22:41 -------- d-----w- c:\program files\trend micro

2010-02-11 22:40 . 2010-02-11 22:41 -------- d-----w- C:\rsit

2010-02-11 22:10 . 2010-02-11 22:10 -------- d-----w- c:\program files\Kaspersky Lab

2010-02-11 22:10 . 2010-02-11 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-02-11 22:08 . 2010-02-11 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files

2010-02-11 22:06 . 2010-02-11 22:06 -------- d-----w- c:\program files\ZZZTest

2010-02-11 22:00 . 2010-02-11 22:00 -------- d-----w- c:\documents and settings\Thrasher2007\Application Data\Malwarebytes

2010-02-11 22:00 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-11 22:00 . 2010-02-11 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-02-11 21:51 . 2010-02-11 22:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-11 21:51 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-11 21:46 . 2010-02-11 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-02-11 21:46 . 2010-02-11 21:46 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-02-10 23:20 . 2010-02-11 23:17 -------- d--h--w- c:\documents and settings\Thrasher2007\Application Data\drivers

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-11 07:22 . 2008-08-18 08:21 -------- d-----w- c:\documents and settings\Thrasher2007\Application Data\Apple Computer

2010-02-10 23:23 . 2010-01-10 17:32 -------- d-----w- c:\documents and settings\Thrasher2007\Application Data\MobileSyncBrowser

2010-02-10 23:22 . 2010-01-10 17:32 -------- d-----w- c:\program files\MobileSyncBrowser

2010-01-23 16:01 . 2007-05-19 13:34 -------- d-----w- c:\documents and settings\Thrasher2007\Application Data\Corel

2010-01-23 16:00 . 2007-05-19 13:34 3192 --sha-w- c:\windows\system32\KGyGaAvL.sys

2010-01-15 07:44 . 2009-10-03 10:58 -------- d-----w- c:\documents and settings\Thrasher2007\Application Data\vlc

2009-12-27 11:37 . 2009-12-27 11:37 -------- d-----w- c:\program files\2K Games

2009-12-27 10:54 . 2009-10-03 17:26 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard

2009-12-27 10:53 . 2009-10-03 17:26 -------- d-----w- c:\program files\AGEIA Technologies

2009-12-27 10:47 . 2009-09-14 18:02 -------- d-----w- c:\program files\CAPCOM

2009-12-25 17:39 . 2009-12-25 17:39 -------- d-----w- c:\program files\OpenAL

2009-12-25 17:39 . 2009-12-25 17:39 409600 ----a-w- c:\windows\system32\wrap_oal.dll

2009-12-25 17:39 . 2009-12-25 17:39 114688 ----a-w- c:\windows\system32\OpenAL32.dll

2009-12-25 17:39 . 2008-06-01 09:22 -------- d-----w- c:\program files\Puzzle Quest

2009-12-25 16:54 . 2009-12-25 16:54 -------- d-----w- c:\program files\TomTom DesktopSuite

2009-12-18 18:21 . 2008-12-21 18:22 -------- d-----w- c:\documents and settings\Thrasher2007\Application Data\dvdcss

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll

2009-02-08 19:24 . 2009-02-08 19:24 0 --sh--w- c:\windows\SCACFA619.tmp

2007-05-19 13:34 . 2007-05-19 13:34 88 --sh--r- c:\windows\system32\CB63D637F2.sys

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\J:\0autocheck autochk *

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

 

R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [26/01/2009 08:09 17264]

R0 tiamobus;vcdrom Bus;c:\windows\system32\drivers\tiamobus.sys [25/07/2007 09:45 6784]

R0 tiamoport;cxlmo Miniport;c:\windows\system32\drivers\tiamominiport.sys [25/07/2007 09:45 18304]

R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Fichiers communs\MAGIX Services\Database\bin\FABS.exe [27/08/2009 17:09 1253376]

R2 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [19/05/2007 11:45 280644]

S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [19/05/2007 10:41 5824]

S3 btTool;btTool;\??\g:\logiciels\2\Reg tool borg\WINDRVR.SYS --> g:\logiciels\2\Reg tool borg\WINDRVR.SYS [?]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Fichiers communs\MAGIX Services\Database\bin\fbserver.exe [07/08/2008 11:10 3276800]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [19/05/2007 10:52 169472]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19/05/2007 18:18 639224]

.

.

------- Examen supplémentaire -------

.

uInternet Settings,ProxyOverride = *.local

IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

FF - ProfilePath - c:\documents and settings\Thrasher2007\Application Data\Mozilla\Firefox\Profiles\148ix0be.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

.

- - - - ORPHELINS SUPPRIMES - - - -

 

Notify-ckpNotify - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-12 00:18

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySql]

"ImagePath"="C:/MYAPHP/MYSQL/bin/mysqld-opt.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MySql]

"ImagePath"="C:/MYAPHP/MYSQL/bin/mysqld-opt.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\S-1-5-21-1220945662-1614895754-839522115-1003\Software\SecuROM\License information*]

"datasecu"=hex:b2,60,ca,7c,45,c2,0e,14,4a,62,b4,d0,d5,a9,65,98,dc,00,ac,47,0c,

65,fe,60,e9,2c,89,f4,b0,22,ad,73,89,ec,bb,6d,60,f6,7b,71,ce,90,66,25,b2,9c,\

"rkeysecu"=hex:cf,7a,67,06,6a,2b,0c,28,0a,73,02,27,ae,e0,e4,3c

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'winlogon.exe'(972)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'lsass.exe'(1028)

c:\windows\system32\relog_ap.dll

c:\windows\system32\nvappfilter.dll

.

Heure de fin: 2010-02-12 00:20:42

ComboFix-quarantined-files.txt 2010-02-11 23:20

 

Avant-CF: 13 325 348 864 octets libres

Après-CF: 13 576 007 680 octets libres

 

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 08DA49B6CA4072DA5B77E5181096D902

 

 

Apperemment il a trouvé plein de choses!

[Falkra]

IL a fait du ménage oui.

Cette procédure doit néanmoins rester exceptionnelle.

 

Ton virus est Bagle, ça s'attrape par des cracks, donc ça peut s'éviter. Plus de 9 cracks sur 10 sont infectés (et ne crackent rien : ils se content d'infecter la machine).

 

Tu dois pouvoir télécharger HIjackThis maintenant, fais un test.

 

Clique sur ce lien pour télécharger HijackThis 2.0.2 :

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

Cette version est sans installateur ou Zip à décompresser, choisis de l'enregistrer sur le bureau.

 

Double-clique sur l'icône HijackThis :

 

HijackThis démarre, c'est le premier bouton qui nous intéresse "Do a system scan and save a logfile" (le fichier "log" est le rapport).

Clique dessus.

 

Copie-colle le contenu du rapport qui va s'afficher dans le Bloc-notes dans ta prochaine réponse.