Nombreux problemes, pubs intempestives, barres des taches étrange, son

Eltharion · le 16 février 2010

Pour jplbxga.dll :

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.50 2010.02.16 -

AhnLab-V3 5.0.0.2 2010.02.16 -

AntiVir 8.2.1.170 2010.02.16 TR/Trash.Gen

Antiy-AVL 2.0.3.7 2010.02.16 -

Authentium 5.2.0.5 2010.02.16 -

Avast 4.8.1351.0 2010.02.16 -

AVG 9.0.0.730 2010.02.16 -

BitDefender 7.2 2010.02.16 -

CAT-QuickHeal 10.00 2010.02.16 -

ClamAV 0.96.0.0-git 2010.02.16 -

Comodo 3958 2010.02.16 -

DrWeb 5.0.1.12222 2010.02.16 -

eSafe 7.0.17.0 2010.02.16 -

eTrust-Vet 35.2.7307 2010.02.16 -

F-Prot 4.5.1.85 2010.02.16 -

F-Secure 9.0.15370.0 2010.02.16 -

Fortinet 4.0.14.0 2010.02.15 -

GData 19 2010.02.16 -

Ikarus T3.1.1.80.0 2010.02.16 -

Jiangmin 13.0.900 2010.02.16 -

K7AntiVirus 7.10.974 2010.02.15 -

Kaspersky 7.0.0.125 2010.02.16 -

McAfee 5894 2010.02.16 -

McAfee+Artemis 5894 2010.02.16 -

Microsoft 1.5406 2010.02.16 -

NOD32 4872 2010.02.16 -

Norman 6.04.08 2010.02.16 -

nProtect 2009.1.8.0 2010.02.16 -

Panda 10.0.2.2 2010.02.16 -

PCTools 7.0.3.5 2010.02.16 -

Prevx 3.0 2010.02.16 -

Rising 22.34.01.03 2010.02.11 -

Sophos 4.50.0 2010.02.16 -

Sunbelt 5681 2010.02.16 -

Symantec 20091.2.0.41 2010.02.16 -

TheHacker 6.5.1.4.196 2010.02.16 -

TrendMicro 9.120.0.1004 2010.02.16 -

VBA32 3.12.12.2 2010.02.16 -

ViRobot 2010.2.16.2188 2010.02.16 -

VirusBuster 5.0.21.0 2010.02.16 -

Information additionnelle

File size: 103936 bytes

MD5...: 513ef6092e778c6bec117ebc4116a2f7

SHA1..: 03bc0bafaffcd1ef7ed05dc681d81ff62dc26cd2

SHA256: cb66fb15f53793228ece29a6ae6c0ec86e68ad6b0634fd04c6a51525c798acd5

ssdeep: 3072:l3rkoh5vRnoPSgYs4wk6yMMK9LAfN0AtEmKGKYWCI5:ioHvRno644XpMJ9L

mjKcI

PEiD..: -

PEInfo: -

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Autodesk FLIC Image File (extensions: flc, fli, cel) (100.0%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

pour SIntfNT.dll :

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.50 2010.02.16 -

AhnLab-V3 5.0.0.2 2010.02.16 -

AntiVir 8.2.1.170 2010.02.16 -

Antiy-AVL 2.0.3.7 2010.02.16 -

Authentium 5.2.0.5 2010.02.16 -

Avast 4.8.1351.0 2010.02.16 -

AVG 9.0.0.730 2010.02.16 -

BitDefender 7.2 2010.02.16 -

CAT-QuickHeal 10.00 2010.02.16 -

ClamAV 0.96.0.0-git 2010.02.16 -

Comodo 3958 2010.02.16 -

DrWeb 5.0.1.12222 2010.02.16 -

eSafe 7.0.17.0 2010.02.16 -

eTrust-Vet 35.2.7307 2010.02.16 -

F-Prot 4.5.1.85 2010.02.16 -

F-Secure 9.0.15370.0 2010.02.16 -

Fortinet 4.0.14.0 2010.02.15 -

GData 19 2010.02.16 -

Ikarus T3.1.1.80.0 2010.02.16 -

Jiangmin 13.0.900 2010.02.16 -

K7AntiVirus 7.10.974 2010.02.15 -

Kaspersky 7.0.0.125 2010.02.16 -

McAfee 5894 2010.02.16 -

McAfee+Artemis 5894 2010.02.16 -

Microsoft 1.5406 2010.02.16 -

NOD32 4872 2010.02.16 -

Norman 6.04.08 2010.02.16 -

nProtect 2009.1.8.0 2010.02.16 -

Panda 10.0.2.2 2010.02.16 -

PCTools 7.0.3.5 2010.02.16 -

Prevx 3.0 2010.02.16 -

Rising 22.34.01.03 2010.02.11 -

Sophos 4.50.0 2010.02.16 -

Sunbelt 5681 2010.02.16 -

Symantec 20091.2.0.41 2010.02.16 -

TheHacker 6.5.1.4.196 2010.02.16 -

TrendMicro 9.120.0.1004 2010.02.16 -

VBA32 3.12.12.2 2010.02.16 -

ViRobot 2010.2.16.2188 2010.02.16 -

VirusBuster 5.0.21.0 2010.02.16 -

Information additionnelle

File size: 21840 bytes

MD5...: 222810667d9fc2fab1bef82a8e510a1b

SHA1..: 663000df604807aac920620cc76840ef4f1411c8

SHA256: 21d5c5740e44807bc1da355ae1decff08f9412b3364d37feeb8ee5e379166e86

ssdeep: 384:s/iiye8zdTyBsyqAIZhgEwJodqA0oclPYnYFoZ5MKcuk/cNeUM6DF+bRSf8F

:LWsyqAggLyUA0ocCYI5MKPNRp44S

PEiD..: -

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x910b

timedatestamp.....: 0x383909ec (Mon Nov 22 09:16:28 1999)

machinetype.......: 0x14c (I386)

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x8000 0x3750 7.98 60afa73e3ee534a28512b1514f88f5ec

.petite 0x9000 0x1863 0x1a00 6.23 304c9fc835e4f88e9bc961b7f6a88f83

0xb000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 2 imports )

> KERNEL32.dll: ExitProcess, LoadLibraryA, GetProcAddress, GlobalAlloc

> user32.dll: MessageBoxA, wsprintfA

( 17 exports )

ADI32, ATI32, C32, FGDM32, GCDL32, GDS32, GFP32, GGDM32, GNOCD32, INQ32, LD32, LOH32, MSEL32, RLOS32, STS32, TC32, TUR32

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

packers (F-Prot): Petite

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

packers (Kaspersky): Petite

pour SIntf32.dll :

Antivirus Version Dernière mise à jour Résultat

a-squared 4.5.0.50 2010.02.16 -

AhnLab-V3 5.0.0.2 2010.02.16 -

AntiVir 8.2.1.170 2010.02.16 -

Antiy-AVL 2.0.3.7 2010.02.16 -

Authentium 5.2.0.5 2010.02.16 -

Avast 4.8.1351.0 2010.02.16 -

AVG 9.0.0.730 2010.02.16 -

BitDefender 7.2 2010.02.16 -

CAT-QuickHeal 10.00 2010.02.16 -

ClamAV 0.96.0.0-git 2010.02.16 -

Comodo 3958 2010.02.16 -

DrWeb 5.0.1.12222 2010.02.16 -

eSafe 7.0.17.0 2010.02.16 -

eTrust-Vet 35.2.7307 2010.02.16 -

F-Prot 4.5.1.85 2010.02.16 -

F-Secure 9.0.15370.0 2010.02.16 -

Fortinet 4.0.14.0 2010.02.15 -

GData 19 2010.02.16 -

Ikarus T3.1.1.80.0 2010.02.16 -

Jiangmin 13.0.900 2010.02.16 -

K7AntiVirus 7.10.974 2010.02.15 -

Kaspersky 7.0.0.125 2010.02.16 -

McAfee 5894 2010.02.16 -

McAfee+Artemis 5894 2010.02.16 -

Microsoft 1.5406 2010.02.16 -

NOD32 4872 2010.02.16 -

Norman 6.04.08 2010.02.16 -

nProtect 2009.1.8.0 2010.02.16 -

Panda 10.0.2.2 2010.02.16 -

PCTools 7.0.3.5 2010.02.16 -

Prevx 3.0 2010.02.16 -

Rising 22.34.01.03 2010.02.11 -

Sophos 4.50.0 2010.02.16 -

Sunbelt 5681 2010.02.16 -

Symantec 20091.2.0.41 2010.02.16 -

TheHacker 6.5.1.4.196 2010.02.16 -

TrendMicro 9.120.0.1004 2010.02.16 -

VBA32 3.12.12.2 2010.02.16 -

ViRobot 2010.2.16.2188 2010.02.16 -

VirusBuster 5.0.21.0 2010.02.16 -

Information additionnelle

File size: 17212 bytes

MD5...: 9a7a95e48e629a075c6d883d0ee524c8

SHA1..: 8dd7c09354a5b9396ceb5ceefb11dde9aee1f2dc

SHA256: 48f7be0521aad955fbc9af57608a76d0c0222d5cf628b2448b9a04071e2d77a3

ssdeep: 384:g/iwCe8zdTyBsyqAIZhgJYGRPOdhHDOjPDpFycsHni3UUj6xc:JWsyqAggJ1

Od1Gzytn3xc

PEiD..: -

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x710b

timedatestamp.....: 0x383909f8 (Mon Nov 22 09:16:40 1999)

machinetype.......: 0x14c (I386)

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x6000 0x253c 7.98 ff03a803806f5fb778ca56586c77df23

.petite 0x7000 0x184c 0x1a00 6.21 358fc1182ddc173909407b9e5bde7b85

0x9000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 2 imports )

> KERNEL32.dll: ExitProcess, LoadLibraryA, GetProcAddress, GlobalAlloc

> user32.dll: MessageBoxA, wsprintfA

( 15 exports )

ADI32, ATI32, C32, FGDM32, GCDL32, GDS32, GFP32, GGDM32, GNOCD32, LD32, LOH32, RLOS32, STS32, TC32, thk_ThunkData32

RDS...: NSRL Reference Data Set

-

pdfid.: -

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

trid..: Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

packers (Kaspersky): Petite

packers (F-Prot): Petite

Voila voila, et puis depuis le passage de combofix le pc freeze de temps en temps, l'écran et le son se figent pendant une 30aine de secondes puis tout repart normalement, c'est grave docteur ? :/

pear · le 17 février 2010

Bonjour,

Combo, Nettoyage

Déconnectez-vous du net et désactivez l'antivirus (juste le temps de la procédure !)

Connecter tous les disques amovibles (disque dur externe, clé USB…).

Dans certaines circonstances , le Mode sans échec peut être nécessaire

Vérifiez que l'antivirus soit bien désactivé car un redémarrage le réactive

Ouvrez Combofix

# Dans le bloc-note ,copiez-collez ces lignes :

KillAll::

Driver::

npggsvc

File::

c:\windows\system32\GameMon.des -service

c:\windows\system32\SET51.tmp

c:\windows\system32\SET52.tmp

c:\windows\system32\SET54.tmp

c:\windows\system32\SET55.tmp

c:\windows\system32\SET56.tmp

c:\windows\system32\SET59.tmp

c:\windows\system32\SET5B.tmp

c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"npggsvc"=-

* Attention, ce code a été rédigé spécialement pour cet utilisateur, il serait dangereux de le réutiliser dans d'autres cas !

Enregistrez-le en lui donnant le nom CFScript.txt

* Faire un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Au message qui apparait dans une fenêtre bleue ( Type 1 to continue, or 2 to abort) , taper 1 puis valider.

* Patienter le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne toucher à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poster son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

Modifié le 17 février 2010 par pear

Eltharion · le 18 février 2010

Bonjour,

voila le rapport :

ComboFix 10-02-12.01 - Propriétaire 18/02/2010 15:34:30.3.1 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.696 [GMT 1:00]

Lancé depuis: c:\documents and settings\Propriétaire\Bureau\49474-CF.exe

Commutateurs utilisés :: c:\documents and settings\Propriétaire\Bureau\CFScript.txt

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FILE ::

"c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat"

"c:\windows\system32\GameMon.des -service"

"c:\windows\system32\SET51.tmp"

"c:\windows\system32\SET52.tmp"

"c:\windows\system32\SET54.tmp"

"c:\windows\system32\SET55.tmp"

"c:\windows\system32\SET56.tmp"

"c:\windows\system32\SET59.tmp"

"c:\windows\system32\SET5B.tmp"

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat

c:\windows\system32\SET51.tmp

c:\windows\system32\SET52.tmp

c:\windows\system32\SET54.tmp

c:\windows\system32\SET55.tmp

c:\windows\system32\SET56.tmp

c:\windows\system32\SET59.tmp

c:\windows\system32\SET5B.tmp

Une copie infectée de c:\windows\system32\drivers\cdrom.sys a été trouvée et désinfectée

Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\cdrom.sys

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_npggsvc

((((((((((((((((((((((((((((( Fichiers créés du 2010-01-18 au 2010-02-18 ))))))))))))))))))))))))))))))))))))

.

2010-02-18 14:29 . 2010-02-18 14:30 -------- d-----w- C:\32788R22FWJFW

2010-02-18 13:58 . 2010-02-18 13:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-02-16 16:50 . 2010-02-16 16:50 42531 ----a-w- c:\windows\system32\SyncMan.exe

2010-02-16 16:50 . 2010-02-16 16:50 42531 ----a-w- c:\documents and settings\NetworkService\SyncMan.exe

2010-02-16 16:39 . 2010-02-16 16:53 -------- d-----w- C:\37670-CF

2010-02-16 10:54 . 2010-02-16 10:54 -------- d--h--w- c:\documents and settings\NetworkService\Application Data\AVDir

2010-02-13 18:06 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-13 18:06 . 2010-02-13 18:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-13 18:06 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-13 15:36 . 2010-02-13 16:14 -------- d-----w- c:\program files\ZHPDiag

2010-02-13 10:38 . 2010-02-13 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

2010-02-13 10:36 . 2010-02-13 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller

2010-02-12 13:57 . 2010-02-13 11:34 -------- d-----w- C:\HiJackThis

2010-02-06 14:22 . 2010-02-06 14:22 -------- d-----w- c:\windows\Internet Logs

2010-02-05 17:35 . 2010-02-05 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo

2010-02-05 17:35 . 2010-02-05 17:35 87104 ----a-w- c:\windows\system32\drivers\inspect.sys

2010-02-05 17:35 . 2010-02-05 17:35 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2010-02-05 17:35 . 2010-02-05 17:35 171552 ----a-w- c:\windows\system32\guard32.dll

2010-02-05 17:35 . 2010-02-05 17:35 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2010-01-31 10:47 . 2010-01-31 11:02 -------- d-----w- c:\program files\Navilog1

2010-01-30 14:20 . 2010-02-05 17:30 -------- d-----w- c:\program files\CheckPoint

2010-01-30 14:20 . 2010-01-30 14:20 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2010-01-30 14:19 . 2009-12-04 15:35 46472 ----a-w- c:\windows\system32\vsutil_loc040c.dll

2010-01-29 17:48 . 2010-01-29 17:48 -------- d-----w- c:\program files\CCleaner

2010-01-25 19:18 . 2010-02-05 10:16 -------- d-----w- c:\program files\WinClamAVShield

2010-01-25 19:14 . 2010-01-25 19:14 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2010-01-25 19:14 . 2010-02-16 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator

2010-01-25 19:14 . 2010-02-16 20:17 -------- d-----w- c:\program files\Spyware Terminator

2010-01-24 19:43 . 2010-02-16 10:57 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-01-24 18:59 . 2010-01-24 20:55 -------- d-----w- c:\program files\Fichiers communs\PC Tools

2010-01-24 18:58 . 2010-01-24 19:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-01-22 14:03 . 2009-12-21 19:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-01-22 14:03 . 2009-12-21 19:06 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-01-22 14:03 . 2009-12-21 19:06 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-01-22 14:03 . 2009-12-21 19:06 184320 -c--a-w- c:\windows\system32\dllcache\iepeers.dll

2010-01-22 14:03 . 2009-12-21 19:06 25600 -c----w- c:\windows\system32\dllcache\jsproxy.dll

2010-01-22 14:03 . 2009-12-21 19:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-01-22 14:03 . 2009-12-21 19:07 916480 -c----w- c:\windows\system32\dllcache\wininet.dll

2010-01-22 14:03 . 2009-12-21 19:07 206848 -c--a-w- c:\windows\system32\dllcache\occache.dll

2010-01-22 14:02 . 2009-12-21 19:07 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-01-22 14:02 . 2009-12-21 13:20 173056 -c--a-w- c:\windows\system32\dllcache\ie4uinit.exe

2010-01-22 14:02 . 2009-12-21 19:06 387584 -c--a-w- c:\windows\system32\dllcache\iedkcs32.dll

2010-01-22 14:02 . 2009-12-21 19:06 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-16 17:18 . 2003-02-12 19:51 103936 ----a-w- c:\windows\system32\jplbxga.dll

2010-02-16 10:57 . 2008-06-16 11:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-02-13 10:38 . 2003-01-21 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2010-02-05 17:35 . 2009-12-21 11:55 -------- d-----w- c:\program files\COMODO

2010-02-05 14:30 . 2009-04-11 00:43 -------- d-----w- c:\program files\World of Warcraft

2010-01-26 17:40 . 2003-01-21 18:43 -------- d-----w- c:\program files\Fichiers communs\Adobe

2010-01-26 15:55 . 2003-12-26 11:25 54100 ----a-w- c:\windows\system32\perfc040.dat

2010-01-26 15:55 . 2003-12-26 11:25 425824 ----a-w- c:\windows\system32\perfh040.dat

2010-01-26 15:55 . 2003-01-22 01:22 82162 ----a-w- c:\windows\system32\perfc00C.dat

2010-01-26 15:55 . 2003-01-22 01:22 505100 ----a-w- c:\windows\system32\perfh00C.dat

2010-01-25 19:14 . 2010-01-25 19:14 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe

2010-01-25 19:14 . 2010-01-25 19:14 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys

2010-01-25 19:05 . 2003-01-21 18:18 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-01-23 12:35 . 2007-12-20 20:45 -------- d-----w- c:\program files\Dofus

2010-01-21 17:50 . 2008-07-02 22:14 -------- d-----w- c:\program files\Microsoft Silverlight

2010-01-14 10:12 . 2009-12-21 11:52 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-06 21:31 . 2009-11-15 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ae4ea01

2009-12-31 16:50 . 2003-02-12 19:51 353792 ----a-w- c:\windows\system32\drivers\srv.sys

2009-12-21 19:07 . 2004-08-23 19:35 916480 ------w- c:\windows\system32\wininet.dll

2009-12-21 11:31 . 2009-12-20 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2009-12-17 07:41 . 2003-02-12 19:50 347648 ----a-w- c:\windows\system32\mspaint.exe

2009-12-14 07:09 . 2003-02-12 20:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

2009-12-05 14:00 . 2003-07-16 17:56 21840 ----atw- c:\windows\system32\SIntfNT.dll

2009-12-05 14:00 . 2003-07-16 17:56 17212 ----atw- c:\windows\system32\SIntf32.dll

2009-12-04 18:22 . 2003-02-12 20:50 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2009-12-03 21:31 . 2009-02-07 17:03 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-11-29 14:47 . 2009-07-14 16:16 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-11-29 14:46 . 2009-07-14 16:15 107832 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-11-29 14:46 . 2009-07-14 16:15 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-11-29 14:46 . 2009-07-14 16:15 2250024 ----a-w- c:\windows\system32\pbsvc.exe

2009-11-27 17:13 . 2004-11-30 15:58 17920 ----a-w- c:\windows\system32\msyuv.dll

2009-11-27 17:13 . 2004-11-30 15:58 1297920 ----a-w- c:\windows\system32\quartz.dll

2009-11-27 16:08 . 2003-02-12 20:48 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-11-27 16:08 . 2003-02-12 19:51 28672 ----a-w- c:\windows\system32\msvidc32.dll

2009-11-27 16:08 . 2003-02-12 19:50 11264 ----a-w- c:\windows\system32\msrle32.dll

2009-11-27 16:08 . 2001-08-24 07:47 8704 ----a-w- c:\windows\system32\tsbyuv.dll

2009-11-27 16:08 . 2001-08-24 07:47 48128 ----a-w- c:\windows\system32\iyuv_32.dll

2009-11-21 15:58 . 2003-02-12 19:50 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2004-04-02 09:39 . 2004-04-02 09:39 0 --sha-w- c:\windows\SMINST\HPCD.sys

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"SyncMan"="c:\documents and settings\Propriétaire\SyncMan.exe" [bU]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LXDCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-22 102400]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-10-16 114688]

"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-01-25 2166784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-05 1800464]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-10-16 155648]

"SyncMan"="c:\windows\system32\SyncMan.exe" [2010-02-16 42531]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\AutorunsDisabled

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-1-14 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp center.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\hp center.lnk

backup=c:\windows\pss\hp center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KYE_Showicon]

c:\program files\USB Storage RW\shwicon.exe -tKYE\USB Storage RW [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]

2005-12-06 12:08 20480 ----a-w- c:\windows\CameraFixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 02:33 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]

2007-06-13 13:58 176177 ----a-w- c:\program files\Securitoo\av_fw\Common\FSM32.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]

2007-06-13 13:57 733184 ----a-w- c:\program files\Securitoo\av_fw\FSGUI\tnbutil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

1998-05-07 22:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdcamon]

2007-02-05 23:32 20480 ----a-w- c:\program files\Lexmark 1300 Series\lxdcamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

2003-07-08 04:48 50688 ----a-w- c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

2002-07-17 09:00 204863 ----a-w- c:\program files\Microsoft Money\System\mnyexpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2002-12-12 08:00 4472832 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]

2002-12-12 08:00 798789 ----a-w- c:\windows\system32\nview.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2002-12-12 08:00 319488 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]

2007-09-25 17:10 102400 ----a-w- c:\program files\Orange\SessionManager\SessionManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-03-28 21:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2002-09-14 03:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]

2005-10-11 12:54 339968 ----a-w- c:\windows\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

2002-06-18 13:01 155648 ----a-w- c:\program files\VERITAS Software\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-06-10 02:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]

2007-09-25 18:08 94208 ----a-w- c:\program files\Orange\Systray\SystrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"FSMA"=2 (0x2)

"FSAUA"=3 (0x3)

"lxdc_device"=2 (0x2)

"LexBceS"=2 (0x2)

"idsvc"=3 (0x3)

"Fax"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [25/07/2008 12:31 149376]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [05/02/2010 18:35 134344]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [05/02/2010 18:35 25160]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [25/01/2010 20:14 142592]

R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [25/12/2004 11:14 78848]

S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys --> c:\windows\system32\Drivers\Ca533av.sys [?]

S2 LXDCCustomerConnect;LXDCCustomerConnect;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [13/02/2007 00:56 91056]

S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\DRIVERS\RTL8187B.sys --> c:\windows\system32\DRIVERS\RTL8187B.sys [?]

S4 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contenu du dossier 'Tâches planifiées'

2008-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2008-06-10 c:\windows\Tasks\Connexion facile à Internet.job

- c:\program files\Hewlett-Packard\EZ Internet Signup\HPSdpApp.exe [2003-01-21 03:10]

2004-04-03 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-01-21 05:07]

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.wanadoo.fr/

uInternet Connection Wizard,ShellNext = iexplore

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\35ue9dm5.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-18 15:53

Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXDCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F68170]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbf28

\Driver\ACPI -> ACPI.sys @ 0xf743dcb8

\Driver\atapi -> atapi.sys @ 0xf73f5852

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e

ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1

SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e

ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1

SecurityProcedure -> ntoskrnl.exe @ 0x805d96a1

user & kernel MBR OK

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-3397653276-2532711441-1306443915-1003\Software\SecuROM\License information*]

"datasecu"=hex:75,66,ba,6c,33,35,ad,d1,04,94,72,6d,f6,1b,0a,5f,ab,63,40,41,8f,

96,49,7e,f1,91,0b,d2,37,e5,a8,5a,0d,59,96,f7,0c,5e,1b,f0,ad,69,bf,ac,09,80,\

"rkeysecu"=hex:3d,47,5a,42,17,21,d8,e1,26,66,ed,32,c5,19,61,6b

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(260)

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

c:\windows\System32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\System32\snmp.exe

c:\program files\Spyware Terminator\sp_rsser.exe

c:\program files\Windows Live\Toolbar\wltuser.exe

.

**************************************************************************

.

Heure de fin: 2010-02-18 16:04:47 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-02-18 15:04

ComboFix2.txt 2010-02-16 18:33

Avant-CF: 11 052 380 160 octets libres

Après-CF: 11 021 590 528 octets libres

- - End Of File - - F2EC395A07331965511B68825E90FDE1

pear · le 19 février 2010

Bonjour,

Comment va la machine ?

Eltharion · le 19 février 2010

Bonjour,

le problème lié a la barre des taches et au son a apparemment disparu, mais il arrive encore de temps en temps que des pages non désirées s'ouvrent sans que je n'aie rien demandé

pear · le 19 février 2010

Bonsoir,

Avez vous installé le plugin adblock+ de Firefox?

ou bloqué les fenêtres publicitaires dans les propriétés Internet , onglet confidentialité?

Java n'est pas à jour,donc vulnérable.

Téléchargez Javara

ou là:

Javara

clic sur Download Windows binary.zip vers le bureau.

Dézippez.

lancez Javara.exe

clic sur mise à jour via jucheck

clic sur installer

Revenez dans JavaRa

Cliquez Effacer les anciennes versions

Puis..... Autres Options ->Cocher Effacer les fichiers JRE Inutiles ->Exécuter

Télécharger gmer

- Cliquer sur le bouton "Download EXE"

- Sauvegardez-le sur ton Bureau.

- Collez et sauvegardez ces instructions dans un fichier texte ou imprimez-les, car il faudra fermer le navigateur.

Avant toute utilisation de GMER, veuillez désactiver votre antivirus, antispyware sous peine de crash.

- Fermez les fenêtres de navigateur ouvertes.

- Lancez le fichier téléchargé par double clic(le nom comporte 8 chiffres/lettres aléatoires) ;

- Si l'outil lance un warning d'activité de rootkit et demande de faire un scan ; cliquez "NO"

- Dans la section de droite de la fenêtre de l'outil, Vérifiez que soient décochées les options suivantes :

Sections

Show All

- Cliquez sur le bouton "Scan" et patientez (cela peut prendre 10 minutes ou +)

Il peut arriver que GMER plante sans raison apparente.

Vous pouvez essayer ceci : décocher "Devices" dans un premier temps et repasser l'outil ;

si ça coince toujours, décocher en plus "Files" et ré-essayez un scan.

Lorsque les informations sur le scan s'affichent , les éléments détectés comme rootkit apparaissent en rouge dans chaque section.

Le bouton Copy permet de récupérer le résultat pour effectuer un copier/coller.

Le bouton Save permet l'enregistrement du rapport sur votre disque au format texte.

Modifié le 19 février 2010 par pear

Eltharion · le 19 février 2010

EDIT: ce sont les rapports pour RSIT je n'ai vu qu'apres que vos instructions avaient changé, je reprends avec gmer

Logfile of random's system information tool 1.06 (written by random/random)

Run by Propriétaire at 2010-02-19 19:13:50

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 10 GB (9%) free of 110 GB

Total RAM: 1023 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:14:51, on 19/02/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\snmp.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Windows Live\Messenger\wlcsdk.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\TEMP\dgqf.tmp\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Documents and Settings\Propriétaire\Bureau\RSIT.exe

C:\HiJackThis\Propriétaire.exe

C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [syncMan] C:\WINDOWS\system32\SyncMan.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [syncMan] C:\Documents and Settings\Propriétaire\SyncMan.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - Global Startup: AutorunsDisabled

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LXDCCustomerConnect - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXDCserv.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O24 - Desktop Component 0: (no name) - (no file)

--

End of file - 8618 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Connexion facile à Internet.job

C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]

C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"LXDCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16 []

"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2002-10-16 114688]

"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-01-25 2166784]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-02-05 1800464]

"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2002-10-16 155648]

"SyncMan"=C:\WINDOWS\system32\SyncMan.exe [2010-02-16 42531]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-02-19 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

"SyncMan"=C:\Documents and Settings\Propriétaire\SyncMan.exe []

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]

C:\WINDOWS\CameraFixer.exe [2005-12-06 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]

C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE [2007-06-13 176177]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]

C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe [2007-06-13 733184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]

c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KYE_Showicon]

C:\Program Files\USB Storage RW\shwicon.exe [2002-10-25 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdcamon]

C:\Program Files\Lexmark 1300 Series\lxdcamon.exe [2007-02-06 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe [2003-07-08 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

C:\Program Files\Microsoft Money\System\mnyexpr.exe [2002-07-17 204863]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\WINDOWS\System32\NvCpl.dll [2002-12-12 4472832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]

nview.dll,nViewLoadHook []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

nwiz.exe /installquiet /keeploaded []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]

C:\Program Files\Orange\SessionManager\SessionManager.exe [2007-09-25 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]

C:\WINDOWS\vsnpstd.exe [2005-10-11 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

C:\Program Files\VERITAS Software\Update Manager\sgtray.exe [2002-06-18 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]

C:\Program Files\Orange\Systray\SystrayApp.exe [2007-09-25 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]

C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp center.lnk]

C:\PROGRA~1\HPCENT~1\137903\Program\BACKWE~1.EXE [2003-01-21 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"FSMA"=2

"FSAUA"=3

"lxdc_device"=2

"LexBceS"=2

"idsvc"=3

"Fax"=3

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

AutorunsDisabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxsrvc.dll [2002-10-16 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

""=

"NoDriveTypeAutoRun"=

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-19 19:13:50 ----D---- C:\rsit

2010-02-19 19:08:39 ----A---- C:\WINDOWS\system32\javaws.exe

2010-02-19 19:08:39 ----A---- C:\WINDOWS\system32\javaw.exe

2010-02-19 19:08:39 ----A---- C:\WINDOWS\system32\java.exe

2010-02-19 19:08:39 ----A---- C:\WINDOWS\system32\deploytk.dll

2010-02-18 16:04:52 ----A---- C:\ComboFix.txt

2010-02-18 15:49:52 ----D---- C:\WINDOWS\temp

2010-02-18 15:29:24 ----D---- C:\32788R22FWJFW

2010-02-18 15:16:38 ----A---- C:\WINDOWS\ntbtlog.txt

2010-02-16 17:54:53 ----A---- C:\WINDOWS\NIRCMD.exe

2010-02-16 17:50:24 ----A---- C:\WINDOWS\system32\SyncMan.exe

2010-02-16 17:47:26 ----A---- C:\Boot.bak

2010-02-16 17:47:14 ----RASHD---- C:\cmdcons

2010-02-16 17:41:04 ----A---- C:\WINDOWS\zip.exe

2010-02-16 17:41:04 ----A---- C:\WINDOWS\SWXCACLS.exe

2010-02-16 17:41:04 ----A---- C:\WINDOWS\SWSC.exe

2010-02-16 17:41:04 ----A---- C:\WINDOWS\SWREG.exe

2010-02-16 17:41:04 ----A---- C:\WINDOWS\sed.exe

2010-02-16 17:41:04 ----A---- C:\WINDOWS\PEV.exe

2010-02-16 17:41:04 ----A---- C:\WINDOWS\MBR.exe

2010-02-16 17:41:04 ----A---- C:\WINDOWS\grep.exe

2010-02-16 17:39:37 ----D---- C:\WINDOWS\ERDNT

2010-02-16 17:39:24 ----D---- C:\37670-CF

2010-02-16 17:37:37 ----AD---- C:\Qoobox

2010-02-13 21:34:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$

2010-02-13 21:33:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$

2010-02-13 21:31:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$

2010-02-13 21:30:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$

2010-02-13 19:06:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-02-13 16:36:58 ----D---- C:\Program Files\ZHPDiag

2010-02-13 15:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$

2010-02-13 11:38:03 ----D---- C:\Documents and Settings\All Users\Application Data\Norton

2010-02-13 11:36:20 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller

2010-02-13 11:32:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$

2010-02-12 23:52:06 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$

2010-02-12 23:51:44 ----A---- C:\WINDOWS\imsins.BAK

2010-02-12 23:51:37 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$

2010-02-12 17:50:05 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-02-12 14:57:06 ----D---- C:\HiJackThis

2010-02-06 15:22:13 ----D---- C:\WINDOWS\Internet Logs

2010-02-05 18:35:21 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo

2010-02-05 18:35:15 ----A---- C:\WINDOWS\system32\guard32.dll

2010-01-31 11:48:31 ----A---- C:\cleannavi.txt

2010-01-31 11:47:39 ----D---- C:\Program Files\Navilog1

2010-01-30 15:49:32 ----D---- C:\Documents and Settings\Propriétaire\Application Data\Facebook

2010-01-30 15:21:12 ----D---- C:\Documents and Settings\Propriétaire\Application Data\CheckPoint

2010-01-30 15:20:43 ----D---- C:\Program Files\CheckPoint

2010-01-30 15:19:58 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll

2010-01-29 18:48:23 ----D---- C:\Program Files\CCleaner

2010-01-26 18:39:38 ----D---- C:\Program Files\Adobe

2010-01-25 20:18:08 ----D---- C:\Program Files\WinClamAVShield

2010-01-25 20:14:06 ----D---- C:\Documents and Settings\Propriétaire\Application Data\Spyware Terminator

2010-01-25 20:14:02 ----D---- C:\Program Files\Spyware Terminator

2010-01-25 20:14:02 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator

2010-01-24 20:43:14 ----D---- C:\Program Files\Spybot - Search & Destroy

2010-01-24 19:59:02 ----D---- C:\Program Files\Fichiers communs\PC Tools

2010-01-24 19:58:32 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2010-01-22 15:03:11 ----A---- C:\WINDOWS\system32\iepeers.dll

2010-01-22 15:03:00 ----A---- C:\WINDOWS\system32\occache.dll

2010-01-22 15:02:51 ----N---- C:\WINDOWS\system32\ie4uinit.exe

2010-01-22 15:02:50 ----N---- C:\WINDOWS\system32\iedkcs32.dll

======List of files/folders modified in the last 1 months======

2010-02-19 19:12:42 ----D---- C:\WINDOWS\system32

2010-02-19 19:09:44 ----D---- C:\Program Files\Java

2010-02-19 19:08:59 ----SHD---- C:\WINDOWS\Installer

2010-02-19 19:08:50 ----D---- C:\Config.Msi

2010-02-19 18:54:59 ----D---- C:\Program Files\Mozilla Firefox

2010-02-19 14:03:28 ----D---- C:\WINDOWS\system32\CatRoot2

2010-02-18 21:53:45 ----SHD---- C:\RECYCLER

2010-02-18 16:05:01 ----D---- C:\WINDOWS\system32\drivers

2010-02-18 15:54:25 ----D---- C:\WINDOWS

2010-02-18 15:54:25 ----A---- C:\WINDOWS\system.ini

2010-02-18 15:50:41 ----D---- C:\WINDOWS\system32\config

2010-02-18 15:49:38 ----RASHDC---- C:\WINDOWS\system32\dllcache

2010-02-18 15:43:44 ----D---- C:\WINDOWS\AppPatch

2010-02-18 15:43:39 ----D---- C:\Program Files\Fichiers communs

2010-02-16 18:43:17 ----SHD---- C:\System Volume Information

2010-02-16 18:43:17 ----D---- C:\WINDOWS\system32\Restore

2010-02-16 18:18:55 ----RAD---- C:\Program Files

2010-02-16 18:18:16 ----A---- C:\WINDOWS\system32\jplbxga.dll

2010-02-16 17:47:27 ----RASH---- C:\boot.ini

2010-02-16 17:37:49 ----D---- C:\WINDOWS\Prefetch

2010-02-16 11:57:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-02-15 00:48:26 ----D---- C:\WINDOWS\Sun

2010-02-14 23:22:22 ----D---- C:\WINDOWS\I386

2010-02-14 20:00:22 ----D---- C:\WINDOWS\Debug

2010-02-13 21:34:32 ----HD---- C:\WINDOWS\inf

2010-02-13 21:33:52 ----HD---- C:\WINDOWS\$hf_mig$

2010-02-13 21:29:03 ----D---- C:\WINDOWS\system32\CatRoot

2010-02-13 11:41:10 ----SD---- C:\WINDOWS\Tasks

2010-02-13 11:38:02 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec

2010-02-10 21:17:19 ----D---- C:\Documents and Settings\Propriétaire\Application Data\LimeWire

2010-02-06 15:38:55 ----A---- C:\WINDOWS\win.ini

2010-02-05 18:35:11 ----D---- C:\Program Files\COMODO

2010-02-05 15:30:35 ----D---- C:\Program Files\World of Warcraft

2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe

2010-01-26 18:40:11 ----D---- C:\Program Files\Fichiers communs\Adobe

2010-01-26 18:40:10 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2010-01-26 16:55:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-01-25 20:05:40 ----HD---- C:\Program Files\InstallShield Installation Information

2010-01-25 20:01:48 ----D---- C:\WINDOWS\WinSxS

2010-01-25 19:26:40 ----D---- C:\WINDOWS\Registration

2010-01-23 13:35:43 ----D---- C:\Program Files\Dofus

2010-01-23 01:36:31 ----D---- C:\Program Files\Internet Explorer

2010-01-23 01:31:16 ----D---- C:\WINDOWS\ie8updates

2010-01-21 18:50:11 ----D---- C:\Program Files\Microsoft Silverlight

2010-01-20 20:34:48 ----D---- C:\Documents and Settings\Propriétaire\Application Data\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-02-05 134344]

R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-02-05 25160]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []

R1 SSHDRV85;SSHDRV85; \??\C:\WINDOWS\System32\drivers\SSHDRV85.sys []

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-10-30 12032]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-08-19 278984]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-08-19 25416]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-22 9855]

R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-12-13 732492]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2002-08-07 1175504]

R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2002-08-07 169779]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-12-12 1209370]

R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-11-21 9856]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-10-30 5888]

R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]

R3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-23 6912]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-08-07 604272]

S1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-10-25 91774]

S1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]

S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys []

S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-10-25 71514]

S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600]

S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688]

S3 Bridge;Pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]

S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]

S3 catchme;catchme; \??\C:\49474-CF\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-03-16 25280]

S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2002-10-25 80283]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []

S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []

S3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]

S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle; C:\WINDOWS\system32\DRIVERS\RTL8187B.sys []

S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 snpstd;USB PC Camera (SN9C102); C:\WINDOWS\system32\DRIVERS\snpstd.sys [2005-11-18 390656]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]

S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys []

S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]

S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]

S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 60800]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-02-05 723632]

R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-19 153376]

R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-12-12 65536]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-29 66872]

R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-11-29 107832]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R2 SNMP;Service SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-25 488960]

S2 LXDCCustomerConnect;LXDCCustomerConnect; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXDCserv.exe [2007-02-13 91056]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 LPDSVC;Serveur d'impression TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2002-10-31 19456]

S3 SNMPTRAP;Service d'interruption SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]

S4 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe [2007-06-13 450560]

S4 FSMA;FSMA; C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE [2007-06-13 106546]

S4 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S4 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-10-14 303104]

S4 lxdc_device;lxdc_device; C:\WINDOWS\system32\lxdccoms.exe [2007-02-13 537520]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-02-19 19:15:04

======Uninstall list======

-->"C:\Program Files\Securitoo\av_fw\FSGUI\PostInstall.exe" /tUnInstall

-->"C:\Program Files\Securitoo\av_fw\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"

-->"C:\Program Files\Securitoo\av_fw\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"

-->"C:\Program Files\Securitoo\av_fw\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"

-->"C:\Program Files\Securitoo\av_fw\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"

-->"C:\Program Files\Securitoo\av_fw\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"

-->"C:\Program Files\Securitoo\av_fw\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"

-->"C:\Program Files\Securitoo\av_fw\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"

-->"C:\Program Files\Securitoo\av_fw\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"

-->"C:\Program Files\Securitoo\av_fw\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"

-->"C:\Program Files\Securitoo\av_fw\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"

-->"C:\Program Files\Securitoo\av_fw\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"

-->"C:\Program Files\Securitoo\av_fw\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"

-->C:\WINDOWS\IsUn040c.exe -f"C:\Sierra\Le Retour du Prof Tim\Uninst.isu"

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}

-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65}\setup.exe" -l0x40c -L0x40canything

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 9.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}

Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"

Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}\setup.exe" -l0x40c -uninst

ArcSoft VideoImpression 1.6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEF2E5A3-0317-4822-B930-8B721EB483E4}\setup.exe" -l0x40c -uninst

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45}

Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u

Complément Microsoft Word pour Microsoft Works Suite-->MsiExec.exe /I{F6B1CD0F-DB2D-4666-A168-C46390AD8C4A}

Connexion facile à Internet-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B5DDB2C-0807-47FD-9C11-80EA761902C0}\setup.exe" -l0x40c

Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}

Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"

Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat

Digital Camera-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1205500-2179-11D7-B0B9-0000E24D4B29}\setup.exe"

DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Dofus 1.24.0-->C:\Program Files\Dofus\uninstall.exe

Dofus 1.26.0-->C:\Program Files\Dofus\uninstall.exe

Dofus-Arena-->C:\Program Files\DofusArena2\uninstall.exe

DofusCalc 1.5.1052-->"C:\Program Files\DofusCalc\unins000.exe"

Dungeon Siege-->"C:\Program Files\Microsoft Games\Dungeon Siege\UNINSTAL.EXE" /runtemp /addremove

Empire Earth-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe" -l0x40c

Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}

Extension Système de Microsoft Money-->MsiExec.exe /I{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}

EZface ActiveX 207-->C:\PROGRA~1\EZFace\ActiveX\uninst.bat 207 C:\PROGRA~1\EZFace\ActiveX

HijackThis 2.0.2-->"C:\HiJackThis\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HouseCall 6.6-->"C:\Documents and Settings\Propriétaire\Application Data\HouseCall 6.6\uninstaller.exe"

hp center-->C:\WINDOWS\BWUnin-6.1.0.153.exe -AppId 137903

HPD_404_Patch-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E21F0BCA-12DD-493C-862E-6546C242EA74}\Setup.exe" -l0x40c -L0x40c

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

Intel® Extreme Graphics Driver Software-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562

InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL

Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

Kingdom Under Fire-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B04B831-98F2-4E8B-A711-255F237AB2F0}\setup.exe"

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Lexmark 1300 Series-->C:\Program Files\Lexmark 1300 Series\Install\x86\Uninst.exe

LG PC Suite III-->C:\Program Files\InstallShield Installation Information\{C0E18DC4-C74A-4889-AE3A-933471023787}\setup.exe -runfromtemp -l0x040c -removeonly

LG USB Modem Drivers-->MsiExec.exe /I{FA02ACAC-9E14-4878-A257-92A22A647C2C}

LimeWire 5.3.6-->"C:\Program Files\LimeWire\uninstall.exe"

livebox-->C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly

LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE

LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U

Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x40c UNINSTALL

Macromedia Flash 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C93C363-414E-11D4-9756-00C04F8EEB39}\Setup.exe" UNINSTALL

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Maple 11-->"C:\Program Files\Maple 11\Uninstall_Maple 11\Uninstall Maple 11.exe"

Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}

Microsoft .NET Framework (French) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1036)

Microsoft .NET Framework (French)-->MsiExec.exe /X{6B908BF7-A583-4962-B068-69657D87CD56}

Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M9283671036\M9283671036Uninstall.msp"

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf

Microsoft Money-->MsiExec.exe /I{01A2E33A-8ADA-42D1-9173-8F65149E952F}

Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}

Microsoft Picture It! Express 9-->C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0901}

Microsoft Picture It! Photo 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}

Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}

Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"

Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}

Morrowind-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x40c

Mozilla Firefox (3.5.-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}

MyDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\Setup.exe" -l0x40c -L0x40c /SMAINT

Neverwinter Nights-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\Setup.exe" -l0x40c

NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf

OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585}

OpenOffice.org 2.3-->MsiExec.exe /I{B087B0C3-F595-485A-B86B-73326BA8693A}

Orange - Logiciels Internet-->C:\Program Files\Orange\installation\core\Installgui.exe -u

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Pangya_Eu (GOA)-->C:\Program Files\GOA\Pangya_Eu\uninstall.exe

Pharaon-->C:\WINDOWS\IsUn040c.exe -fC:\SIERRA\Pharaon\Uninst.isu

PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u

Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log

Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG

QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE

QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}

RecordNow Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}

RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}

RTPatch Update-->"C:\Program Files\Fichiers communs\PocketSoft\RTPatch\AutoRTP\unins000.exe"

Sacred-->"C:\Program Files\Ascaron Entertainment\Sacred\unins000.exe"

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Sélecteur d'installation de Microsoft Works Suite 2003-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\

SereneScreen Marine Aquarium 2.6-->"C:\Program Files\SereneScreen\Marine Aquarium 2.6\unins000.exe"

Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l040c -Control_Panel

Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"

Studio 8-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53EF6570-21A4-47ED-A40A-E6470A5677A3}\Setup.exe" -l0x40c UNINSTALL-L0x40c -c

Studio Content CD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C643986-DE3C-4737-8472-CCEC36CCC267}\setup.exe" -l0x40c

TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"

TES Construction Set-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x40c

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

USB PC Camera (SN9C102)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57383270-6F61-4DC8-A9B8-C1745FC29F38}\Setup.exe" -l0x9

USB Storage RW-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DCFC7D5-8608-478C-8082-1FF848B978AF}\setup.exe" UNINSTALL

VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Warhammer 40,000: Dawn Of War - Gold Edition-->MsiExec.exe /X{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}

Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}

Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe

ZHPDiag 1.25-->"C:\Program Files\ZHPDiag\unins000.exe"

=====HijackThis Backups=====

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2010-02-13]

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E6E4151-5759-4F9C-A735-A46B3AA63E50}: NameServer = 156.154.70.25,156.154.71.25 [2010-02-13]

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) [2010-02-13]

O20 - Winlogon Notify: cbssreg - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll (file missing) [2010-02-13]

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) [2010-02-13]

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx [2010-02-13]

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2010-02-13]

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - (no file) [2010-02-13]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr7.hpwis.com/ [2010-02-13]

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr7.hpwis.com/ [2010-02-13]

O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm [2010-02-13]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr7.hpwis.com/ [2010-02-13]

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8FB0-B921F5DBF922} - (no file) [2010-02-13]

O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm [2010-02-13]

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll [2010-02-13]

O2 - BHO: (no name) - {0CE4992F-34F7-473D-8FD2-664D345269B5} - C:\WINDOWS\system32\mqzejlkv.dll [2010-02-13]

O20 - Winlogon Notify: kleupxow - C:\WINDOWS\SYSTEM32\dquziuq.dll [2010-02-13]

======Security center information======

FW: COMODO Firewall

======System event log======

Computer Name: NOM-0JYRSEOY3SO

Event Code: 116

Message: Le suivi de la Restauration système a été désactivé sur tous les lecteurs.

Record Number: 5

Source Name: SRService

Time Written: 20100204194245.000000+060

Event Type: Informations

User:

Computer Name: NOM-0JYRSEOY3SO

Event Code: 49

Message: Échec de la configuration du fichier d'échange pour le vidage sur incident.

Assurez-vous qu'un fichier d'échange est présent sur la partition d'amorçage

et qu'il est suffisamment grand pour contenir toute la mémoire physique.

Record Number: 4

Source Name: Ftdisk

Time Written: 20100204194202.000000+060

Event Type: erreur

User:

Computer Name: NOM-0JYRSEOY3SO

Event Code: 45

Message: Le système n'a pas pu charger le pilote du fichier de vidage sur incident.

Record Number: 3

Source Name: Ftdisk

Time Written: 20100204194202.000000+060

Event Type: erreur

User:

Computer Name: NOM-0JYRSEOY3SO

Event Code: 6005

Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 2

Source Name: EventLog

Time Written: 20100204194138.000000+060

Event Type: Informations

User:

Computer Name: NOM-0JYRSEOY3SO

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 1

Source Name: EventLog

Time Written: 20100204194138.000000+060

Event Type: Informations

User:

=====Application event log=====

Computer Name: NOM-0JYRSEOY3SO

Event Code: 1

Message:

Record Number: 5884

Source Name: avg8emc

Time Written: 20090809133842.000000+120

Event Type: Informations

User:

Computer Name: NOM-0JYRSEOY3SO

Event Code: 1800

Message: Le service Centre de sécurité Windows a démarré.

Record Number: 5883

Source Name: SecurityCenter

Time Written: 20090809133822.000000+120

Event Type: Informations

User:

Computer Name: NOM-0JYRSEOY3SO

Event Code: 101

Message: msnmsgr (568) Le moteur de base de données est arrêté.

Record Number: 5882

Source Name: ESENT

Time Written: 20090809133628.000000+120

Event Type: Informations

User:

Computer Name: NOM-0JYRSEOY3SO

Event Code: 103

Message: msnmsgr (568) \\.\C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\ronron-11@hotmail.fr\SharingMetadata\Working\database_A034_98E6_3498_C128\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 5881

Source Name: ESENT

Time Written: 20090809133628.000000+120

Event Type: Informations

User:

Computer Name: NOM-0JYRSEOY3SO

Event Code: 102

Message: msnmsgr (568) \\.\C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\ronron-11@hotmail.fr\SharingMetadata\Working\database_A034_98E6_3498_C128\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 5880

Source Name: ESENT

Time Written: 20090809133129.000000+120

Event Type: Informations

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\watcom-1.3\binnt;C:\watcom-1.3\binw;c:\Python22;C:\Program Files\Sonic\MyDVD;C:\Program Files\QuickTime\QTSystem

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel

"PROCESSOR_REVISION"=0207

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

"KMP_DUPLICATE_LIB_OK"=TRUE

"WATCOM"=C:\watcom-1.3

"tvdumpflags"=8

-----------------EOF-----------------

Modifié le 19 février 2010 par Eltharion

Eltharion · le 19 février 2010

pear · le 20 février 2010

Bonjour,

Vous êtes réinfecté!

Avant toute utilisation de GMER, veuillez désactiver votre antivirus, antispyware sous peine de BSOD.

Clic droit de souris sur le bureau > Nouveau > Document Texte, et y copier/coller les lignes suivantes en vert.

echo off

cls

gmer -killall

gmer -del service yyzzrykqjnmrrr

gmer -del reg "HKLM\SYSTEM\CurrentControlSet\Services\yyzzrykqjnmrrr"

gmer -del file "C:\WINDOWS\TEMP\axacxlkjnk.sys"

echo APPUYEZ SUR UNE TOUCHE POUR REDEMARRER

pause

gmer -reboot

Dans le menu du bloc notes, clic sur "Fichier" >> Enregistrer sous.

Choisir le bureau comme lieu d'enregistrement, puis dans:

Type -> choisir "tous les fichiers"

Nom du fichier -> taper rootkit.bat.

Clic sur enregistrer.

- Double clic sur le fichier pour le lancer.

Relancez Rkill et Mbam

Eltharion · le 20 février 2010

Euhm,

quand je lance la fenêtre de commande ca me dit que gmer n'est pas une commande interne externe ou un programme exécutable ou un fichier de commande, je me suis dit qu'il fallait peut être remplacer "gmer" par le nom aléatoire du .exe téléchargé mais dans le doute j'ai rien touché ...

voilou

Connexion

Pas encore inscrit ?

Nombreux problemes, pubs intempestives, barres des taches étrange, son

Messages recommandés

Eltharion

pear

Eltharion

pear

Eltharion

pear

Eltharion

Eltharion

pear

Eltharion

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer