[RESOLU]Infection par cheval de Troie TR/Rootkit.Gen

[OPH03]

Bonjour,

je me permets de solliciter votre aide car depuis que j'ai allumé mon PC, Antivir ne cesse de m'indiquer (environ toutes les 10 secondes) qu'il a détecté le cheval de Troie TR/Rootkit.Gen.

De plus, l'alerte revient quelque soit la fonction que je coche (déplacer en quarantaine, refuser l'accès...)

J'espère avoir été claire dans mes explications

Ci-joint, le rapport Hijackthis.

Merci de votre aide.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:59:24, on 13/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\PROGRA~1\MICROS~4\wcescomm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\SFR\Kit\9props.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\documents and settings\pc\local settings\application data\hyzsdew.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN

C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE

C:\Documents and Settings\PC\Bureau\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TM1D.tmp

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe

O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon

O4 - HKCU\..\Run: [hyzsdew] "c:\documents and settings\pc\local settings\application data\hyzsdew.exe" hyzsdew

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe

O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\pwinkodv.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe

O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE

O4 - Global Startup: REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://mm.tf1.fr/superdistribution/installer2.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...etup1.0.1.1.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140804194625

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Service Google Update (gupdate1c9dfd3458a3c2) (gupdate1c9dfd3458a3c2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/PC/Mes%20documents/oph%E9lie/traineau1.gif

O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/PC/Mes%20documents/oph%E9lie/sapin60.gif

 

--

End of file - 13642 bytes

Modifié le 19 avril 2010 par OPH03

[Thanos]

salut

 

Une revenante Le pc est effectivement infecté au vu de ton rapport.

On va procéder ainsi (dans l'ordre) =>

 

1°) Un petit scan supplémentaire avec un programme que tu vas pouvoir conserver: si tu le possède déjà, passe l'étape de l'installation et va directement à la mise à jour >>

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

Branche tous les supports amovibles que tu possèdes avant de faire ce scan (clé usb/disque dur externe etc)

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen complêt"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

 

2°) Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit
  

Poste les 3 rapports stp.

[OPH03]

Salut,

et oui une revenante!!! Merci pour ton aide.

Voici donc le rapport Mbam:

 

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

 

Version de la base de données: 3990

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

15/04/2010 19:03:21

mbam-log-2010-04-15 (19-03-21).txt

 

Type d'examen: Examen complet (C:\|)

Elément(s) analysé(s): 237947

Temps écoulé: 1 heure(s), 0 minute(s), 6 seconde(s)

 

Processus mémoire infecté(s): 1

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 50

Valeur(s) du Registre infectée(s): 3

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 16

Fichier(s) infecté(s): 95

 

Processus mémoire infecté(s):

C:\documents and settings\PC\local settings\application data\hyzsdew.exe (Adware.Navipromo.H) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5015bf9d-173c-474b-9af3-77d4d23a4135} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{85e0b171-04fa-11d1-b7da-00a0c90348d7} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{92c3f342-45da-4511-853a-b3836aaff5f5} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5ed7d3de-6dbe-4516-8712-01b1b64b7057} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b5141620-c2b2-4d95-9f0f-134d99c87ab0} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\SmartShopper (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fis.amo (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fis.amo.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fis.momo (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fis.momo.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fis.ohb (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\fis.ohb.1 (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Enhanced Ads by Think-Adz (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Think-Adz Search Assistant (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fopn (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hyzsdew (Adware.Navipromo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\bootstera (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Documents and Settings\PC\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Application Data\FunWebProducts\Data\PC (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Documents and Settings\PC\Local Settings\Application Data\hyzsdew_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Local Settings\Application Data\hyzsdew_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Local Settings\Application Data\hyzsdew.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Local Settings\Application Data\hyzsdew.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.

C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012234.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012241.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012248.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012257.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012264.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012271.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012278.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012285.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012215.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012292.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012299.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012306.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012313.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012320.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012335.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012381.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012392.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012405.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012420.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012427.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012434.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012442.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012451.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012458.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012468.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012475.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012487.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012494.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012506.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012513.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012519.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012526.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012534.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012541.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012548.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012555.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012562.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012569.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012583.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP86\A0012590.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012597.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012635.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012646.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012654.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012659.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012666.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012673.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012680.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012687.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012694.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012701.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012708.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012715.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012720.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012725.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012732.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012739.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012746.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012753.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP87\A0012761.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP88\A0012832.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP89\A0012962.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP89\A0012983.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP89\A0012988.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP89\A0012997.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP89\A0013960.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{FB047EF1-F9F5-4AA5-A041-AE6F9FB996FD}\RP89\A0014959.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\rxwttm.sys (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\system32\drivers\dot4.sys.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\pzcwoc.sys (Rootkit.Agent) -> Delete on reboot.

C:\Documents and Settings\PC\Application Data\FunWebProducts\Data\PC\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Application Data\WinAntiVirus Pro 2006\PGE.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Application Data\WinAntiVirus Pro 2006\Logs\update.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Application Data\WinAntiVirus Pro 2006\Logs\winav.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\err.log (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\WinAntiVirus Pro 2006\msvcp71.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Program Files\WinAntiVirus Pro 2006\msvcr71.dll (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Menu Démarrer\Programmes\Démarrage\TA_Start.lnk (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Menu Démarrer\Programmes\Démarrage\Think-Adz.lnk (Rogue.Link) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\stera.job (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\PC\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\LocalService\Application Data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.

[OPH03]

Et voici les 2 autres rapports:

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by PC at 2010-04-15 19:17:38

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 91 GB (73%) free of 125 GB

Total RAM: 511 MB (13% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:17:45, on 15/04/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\PROGRA~1\MICROS~4\wcescomm.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SFR\Kit\9props.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN

C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\PC\Bureau\RSIT.exe

C:\Documents and Settings\PC\Bureau\PC.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\SearchSettings.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKCU\..\Run: [Configuration de la C-BOX] C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe

O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe

O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE

O4 - Global Startup: REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://mm.tf1.fr/superdistribution/installer2.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1140804194625

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Service Google Update (gupdate1c9dfd3458a3c2) (gupdate1c9dfd3458a3c2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/PC/Mes%20documents/oph%E9lie/traineau1.gif

O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/PC/Mes%20documents/oph%E9lie/sapin60.gif

 

--

End of file - 13201 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\EasyShare Registration Task.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]

Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2010-01-08 700416]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]

Objet d'aide à la navigation SFR - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll [2009-10-15 165184]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]

ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-31 279664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-01-31 812528]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll [2006-01-17 282624]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

SearchSettings Class - C:\Program Files\Search Settings\SearchSettings.dll [2010-01-08 1109504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll [2006-01-17 282624]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll [2010-01-08 700416]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-01-31 279664]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-11-11 7311360]

"nwiz"=nwiz.exe /install []

"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2005-12-08 35328]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2004-11-26 1349120]

"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2006-01-07 81920]

"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-11-11 86016]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-02-18 248040]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2010-01-08 974848]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Configuration de la C-BOX"=C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe [2004-12-21 395264]

"Wallpaper"=C:\Program Files\Wallpaper\Wallpaper.exe Starter []

"MessengerPlus3"=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2006-05-29 190024]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

"H/PC Connection Agent"=C:\PROGRA~1\MICROS~4\wcescomm.exe [2005-11-15 1204224]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-28 68856]

"WINSOS VERIFY"=C:\Program Files\Winsos\WINSOS.EXE MINI []

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"Connexion SFR 9props.exe"=C:\Program Files\SFR\Kit\9props.exe [2009-10-15 959808]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Contrôleur de calendrier Ulead.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

HPAiODevice(hp psc 700 series) - 1.lnk - C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe

Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

Pense-bête.lnk - C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE

REALTEK 11n USB Wireless LAN Utility.lnk - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe

 

C:\Documents and Settings\PC\Menu Démarrer\Programmes\Démarrage

OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2006-09-28 73728]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Program Files\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger"

"C:\Program Files\Player Video TF1\tf1.exe"="C:\Program Files\Player Video TF1\tf1.exe:*:Enabled:OneClick"

"C:\Program Files\PeerTV\PeerCast.exe"="C:\Program Files\PeerTV\PeerCast.exe:*:Enabled:PeerCast"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"

"C:\Program Files\Media Player Classic\mplayerc.exe"="C:\Program Files\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"

"C:\Program Files\Firefly Studios\CivCity Rome\CivCity Rome.exe"="C:\Program Files\Firefly Studios\CivCity Rome\CivCity Rome.exe:*:Enabled:CivCity Rome"

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

"C:\Program Files\Microsoft Office\Office\WINWORD.EXE"="C:\Program Files\Microsoft Office\Office\WINWORD.EXE:*:Enabled:Microsoft Word for Windows"

"C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe"="C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Disabled:eMule"

"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Disabled:Shareaza"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

shell\AutoRun\command - E:\setupSNK.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c19b3c20-f441-11dc-b9c2-0013d4fa6482}]

shell\Auto\command - cmd /C launch.bat

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c93078be-b383-11da-af32-0013d4fa6482}]

shell\Auto\command - F:\AdobeR.exe e

shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1bb9ff9-a2c4-11da-9e38-806d6172696f}]

shell\AutoRun\command - D:\ASUSACPI.exe

 

 

======List of files/folders created in the last 1 months======

 

2010-04-15 19:17:38 ----D---- C:\rsit

2010-04-15 16:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$

2010-04-15 16:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$

2010-04-15 16:38:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$

2010-04-15 16:38:53 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$

2010-04-14 12:56:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$

2010-04-14 12:56:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

2010-04-14 11:01:16 ----D---- C:\Documents and Settings\PC\Application Data\Malwarebytes

2010-04-14 11:00:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-04-14 11:00:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-03-31 18:30:39 ----D---- C:\Documents and Settings\All Users\Application Data\Sun

2010-03-31 18:30:01 ----A---- C:\WINDOWS\system32\javaws.exe

2010-03-31 18:30:01 ----A---- C:\WINDOWS\system32\javaw.exe

2010-03-31 18:30:01 ----A---- C:\WINDOWS\system32\java.exe

 

======List of files/folders modified in the last 1 months======

 

2010-04-15 19:17:46 ----D---- C:\WINDOWS\system32\drivers

2010-04-15 19:17:45 ----D---- C:\WINDOWS\Prefetch

2010-04-15 19:15:34 ----D---- C:\WINDOWS\Temp

2010-04-15 19:14:00 ----D---- C:\WINDOWS\system32\CatRoot2

2010-04-15 19:13:48 ----D---- C:\Documents and Settings\PC\Application Data\OpenOffice.org2

2010-04-15 19:13:31 ----D---- C:\WINDOWS

2010-04-15 19:13:31 ----A---- C:\WINDOWS\RTacDbg.txt

2010-04-15 19:04:49 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-04-15 19:03:20 ----RD---- C:\Program Files

2010-04-15 19:03:20 ----D---- C:\WINDOWS\system32

2010-04-15 19:03:20 ----D---- C:\Program Files\Fichiers communs

2010-04-15 18:03:13 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-04-15 16:52:49 ----D---- C:\CORPSH6

2010-04-15 16:49:42 ----A---- C:\WINDOWS\NeroDigital.ini

2010-04-15 16:41:39 ----HD---- C:\WINDOWS\inf

2010-04-15 16:41:26 ----HD---- C:\WINDOWS\$hf_mig$

2010-04-15 16:41:24 ----A---- C:\WINDOWS\imsins.BAK

2010-04-15 16:38:42 ----D---- C:\WINDOWS\ie8updates

2010-04-11 18:22:42 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat

2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe

2010-03-31 20:17:49 ----D---- C:\Program Files\Internet Explorer

2010-03-31 18:30:39 ----SHD---- C:\WINDOWS\Installer

2010-03-31 18:30:37 ----D---- C:\Program Files\Fichiers communs\Java

2010-03-31 18:29:57 ----D---- C:\Program Files\Java

2010-03-30 15:08:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-03-18 12:28:29 ----A---- C:\WINDOWS\Ulead32.ini

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2004-10-14 4962]

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []

R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-12-02 28520]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-02-07 21361]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]

R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-11-11 3532928]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\WINDOWS\system32\DRIVERS\RTL8192su.sys [2009-10-12 591488]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]

S1 vspf;vspf; \??\C:\WINDOWS\system32\drivers\vspf5.sys []

S1 vspf_hk;vspf_hk; \??\C:\WINDOWS\system32\drivers\vspf_hk5.sys []

S2 Ca533av;Cam 3200, WDM Video Capture; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803]

S2 Ca536av;DV 3500(Video); C:\WINDOWS\System32\Drivers\Ca536av.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 dot4;Pilote MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]

S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]

S3 Dot4Scan;Pilote de classe Scanneur pour IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]

S3 dot4usb;Filtre Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-23 24064]

S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys []

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 USBCamera;DSC Still Image Capture (CA100); C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-12-04 11144]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-12-30 104576]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-12-02 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-12-02 185089]

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]

R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2006-09-28 204800]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-11-11 131139]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

S2 gupdate1c9dfd3458a3c2;Service Google Update (gupdate1c9dfd3458a3c2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-28 133104]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-16 182768]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]

S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]

S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe [2006-01-06 69632]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

 

 

info.txt logfile of random's system information tool 1.06 2010-04-15 19:17:52

 

======Uninstall list======

 

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\NuNInst.exe /UNINSTALL

-->Dummy

-->MsiExec.exe /X{DEBEA68F-45AA-4707-A9A7-DBD6DB4FBE89}

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x40c UNINSTALL

-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

550SH Bluetooth-Handset Manager-->MsiExec.exe /X{E3541EEC-132B-4FDF-B30D-9877ACC5F30C}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}

Ask.com Search Assistant 1.0.2-->C:\Program Files\Ask Search Assistant\uninst.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}

AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

Barre d'outils MSN-->C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\mtbs.exe c

BSPlayer-->"C:\Program Files\Webteh\BSPlayer\uninstall.exe"

Cam 3200 Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3606BA17-5D3C-41F1-9F46-729E0301CDE2}\Setup.exe"

CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}

CivCity-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{994E24A6-EC47-4201-8D0B-D4563B7AD66B}\setup.exe" -l0x40c -removeonly

Codec Pack - All In 1 6.0.0.4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"

CommAid-->C:\WINDOWS\system32\CAUnst.exe

Companion wizard-->C:\Program Files\Common Files\Companion Wizard\compwiz.exe -u

Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

Dealio Toolbar v4.0.2-->MsiExec.exe /X{C878CD69-85DB-426B-81A3-E71175AAEB91}

Destinator Console Installation-->C:\DESTIN~1\COLLEC~1\UNWISE.EXE C:\DESTIN~1\COLLEC~1\INSTALL.LOG

eMule-->"C:\Program Files\eMule\Uninstall.exe"

ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}

ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}

ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}

ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}

ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}

ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}

ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}

ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}

ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}

essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}

Favorit-->"c:\documents and settings\pc\local settings\application data\hyzsdew.exe" -uninstall

fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}

Free Mp3 Wma Converter V 1.81-->"C:\Program Files\Free Audio Pack\unins000.exe"

Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}

Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.1.249.1045\Installer\setup.exe" --uninstall --system-level

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

HijackThis 2.0.2-->"C:\Documents and Settings\PC\Bureau\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

HP Image Zone Express-->MsiExec.exe /X{B314F1F2-49DF-41DD-A1B4-DC4192EC1021}

hp psc 700 series-->C:\WINDOWS\system32\hpocon09.exe /u 1141119282 /d "hp psc 700 series"

Installation de la C-BOX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6B7E3A6-0BA7-478D-A5AB-8DED8FC62D80}\setup.exe" -l0x40c -eth

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}

J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}

Java 6 Update 19-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}

Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}

Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe

kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}

kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}

kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}

kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}

kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}

kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}

kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}

kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}

Kptic-->MsiExec.exe /X{4312AB5F-7C43-461E-B48B-EDFA6B9CD3D6}

Le corps humain 6.0-->C:\WINDOWS\bw6uinst.exe

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

L'Encyclopédie Médicale Pratique-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Encyclopédie Médicale Française\Médical\DeIsL1.isu"

Les Sims : Entre Chiens et Chats-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C32C567-DC0F-4C80-B06C-7873850A2E06}\setup.exe" -l040c

Logiciel Kodak EasyShare-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_5b230\Setup.exe /APR-REMOVE

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Micrografx Windows Draw 6 LE-->C:\WINDOWS\MGXCLEAN.EXE DRAWLE.APP FONTS.APP

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{9084040C-6000-11D3-8CFE-0150048383C9}

Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall

Microsoft Word 2000-->MsiExec.exe /I{0017040C-78E1-11D2-B60F-006097C998E7}

Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour le Codeur Windows Media (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"

Mise à jour pour Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Nero Suite-->C:\Program Files\Fichiers communs\Ahead\Uninstall\setupx.exe /uninstall ExtraUninstallID=""

netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}

NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI

OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}

OpenMG Limited Patch 4.4-06-13-19-01-->C:\Program Files\Fichiers communs\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u

OpenMG Secure Module 4.4.00-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL

OpenOffice.org 2.0-->MsiExec.exe /I{3869903C-0EF4-48D9-A12F-145AD549BA12}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

PC Probe II-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9

PeerTV 0.4-->"C:\Program Files\PeerTV\uninstall.exe"

PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"

Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"

Pixie 1.4.1-->"C:\Program Files\Pixie\unins000.exe"

PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

PrintMaster® Deluxe 8.0-->C:\WINDOWS\UNIN040C.EXE -f"C:\PROGRA~1\BRODER~1\PRINTM~1\DeIsL1.isu" -c"C:\PROGRA~1\BRODER~1\PRINTM~1\psfinst.dll"

QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE

QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}

Radio Media Player-->C:\Program Files\Windows Media Player\Plugins\Radios Media Player\uninst.exe

Real Alternative 1.30-->"C:\Program Files\Real Alternative\unins000.exe"

Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE

REALTEK Wireless LAN Driver and Utility-->C:\Program Files\InstallShield Installation Information\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}\Install.exe -uninst -l0x40C

Recettes de Cuisine-->"C:\Program Files\LudoSoft\Recettes de Cuisine\unins000.exe"

Search Enhancer-->C:\WINDOWS\system32\SearchTool\uninstallSE.exe

Search Settings v1.2.3-->MsiExec.exe /X{5F05C28D-DEA9-4AD6-A73A-064175988EAB}

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Serif DrawPlus 3.0-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Serif\dp30\DrawPlus_uninst.isu"

SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe

SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}

Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"

SHARP 3G/GSM USB Driver Ver6.1.0-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{EC57B49E-9116-409C-9E46-487D945CBD03} /l1036

SHARP 3G/GSM Wizard Ver3.1.0-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BF50539C-672A-47EF-8322-B17FDA0673B7} /l1036

SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}

skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}

SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}

Smart Shopper-->C:\WINDOWS\system32\SmartShopper\uninstallSE.exe

SonicStage 3.4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x40c UNINSTALL -removeonly

Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}

tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}

TV sur PC-->C:\Program Files\Neuf\TV_PC\uninstall.exe

Ulead DVD PictureShow SE Basic-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAAD3C25-8664-11D5-BEAF-0010B5557565}\SETUP.EXE" -l0x40c

Ulead Photo Explorer 7.0 SE Platinum-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C6D8763-EEB7-433E-A75E-2AB44892FCA2}\Setup.exe" -l0x40c

Ulead Photo Express 4.0 SE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\setup.exe" -l0x40c

Ulead VideoStudio 7 SE VCD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\SETUP.EXE" -l0x40c

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe

VideoLive Mail 4.0-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\CyberLink\VideoLiveMail\Uninst.isu"

VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}

Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Contrôle parental-->MsiExec.exe /X{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}

Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}

Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}

Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}

Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

 

======Security center information======

 

AV: AntiVir Desktop

 

======System event log======

 

Computer Name: PC-DDAB81E294D0

Event Code: 2

Message: Device identified.

 

Record Number: 57394

Source Name: nvata

Time Written: 20100323105451.000000+060

Event Type: Informations

User:

 

Computer Name: PC-DDAB81E294D0

Event Code: 2

Message: Device identified.

 

Record Number: 57393

Source Name: nvata

Time Written: 20100323105451.000000+060

Event Type: Informations

User:

 

Computer Name: PC-DDAB81E294D0

Event Code: 6005

Message: Le service d'Enregistrement d'événement a démarré.

 

Record Number: 57392

Source Name: EventLog

Time Written: 20100323105443.000000+060

Event Type: Informations

User:

 

Computer Name: PC-DDAB81E294D0

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Uniprocessor Free.

 

Record Number: 57391

Source Name: EventLog

Time Written: 20100323105443.000000+060

Event Type: Informations

User:

 

Computer Name: PC-DDAB81E294D0

Event Code: 6006

Message: Le service d'Enregistrement d'événement a été arrêté.

 

Record Number: 57390

Source Name: EventLog

Time Written: 20100322225317.000000+060

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: PC-DDAB81E294D0

Event Code: 0

Message:

Record Number: 13128

Source Name: gupdate1c9dfd3458a3c2

Time Written: 20091120104006.000000+060

Event Type: Informations

User:

 

Computer Name: PC-DDAB81E294D0

Event Code: 0

Message:

Record Number: 13127

Source Name: gusvc

Time Written: 20091119230510.000000+060

Event Type: Informations

User:

 

Computer Name: PC-DDAB81E294D0

Event Code: 0

Message:

Record Number: 13126

Source Name: gusvc

Time Written: 20091119230457.000000+060

Event Type: Informations

User:

 

Computer Name: PC-DDAB81E294D0

Event Code: 0

Message:

Record Number: 13125

Source Name: gusvc

Time Written: 20091119153058.000000+060

Event Type: Informations

User:

 

Computer Name: PC-DDAB81E294D0

Event Code: 0

Message: Service stopped successfully.

 

Record Number: 13124

Source Name: idsvc

Time Written: 20091119143737.000000+060

Event Type: Informations

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\Fichiers communs\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem\;%PIXIEHOME%\bin

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=2f02

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

"PIXIEHOME"=C:\Program Files\Pixie

"SHADERS"=%PIXIEHOME%\shaders

 

-----------------EOF-----------------

 

 

Voilà!

[Thanos]

salut

 

Beau nettoyage de la part de MBAM

Une petite trace d'infection à nettoyer et ca devrait être bon =>

 

1°) Désinstalle les programmes suivants si tu trouves =>

Ask.com Search Assistant 1.0.2

Dealio Toolbar v4.0.2

Search Enhancer

Search Settings v1.2.3

2°) Télécharge OTM par OldTimer et enregistre ce fichier sur le Bureau.

• Fais un double clic sur OTM.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  
• Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
  

  :first
  
  :services
  vspf
  vspf_hk
  
  :files
  C:\WINDOWS\system32\fjhdyfhsn.bat
  C:\WINDOWS\system32\drivers\vspf5.sys
  C:\WINDOWS\system32\drivers\vspf_hk5.sys
  C:\WINDOWS\system32\drivers\rxwttm.sys 
  C:\WINDOWS\system32\drivers\pzcwoc.sys
  C:\WINDOWS\system32\dwdsregt.exe
  C:\WINDOWS\system32\pwinkodv.exe
  C:\Program Files\Dealio Toolbar
  C:\Program Files\Search Settings
  C:\Program Files\Winsos
  
  :reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}"=-
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "SearchSettings"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "Wallpaper"=-
  "WINSOS VERIFY"=-
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c19b3c20-f441-11dc-b9c2-0013d4fa6482}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c93078be-b383-11da-af32-0013d4fa6482}]
  
  :commands
  [emptytemp]

  
  

• Retourne dans la fenêtre de OTMoveIt3, fais un clic droit dans la zone de gauche intitulée puis choisis Coller.
  
• Clique sur le bouton rouge
  
• Ferme OTM
  
• Poste dans ta prochaine réponse le rapport de OTM (contenu du fichier C:\_OTM\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
  

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

 

3°) Par précaution, poste aussi ce rapport stp =>

 

Télecharge et installe UsbFix de C_XX & Chiquitine29

 

• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, carte mémoire APN etc...) susceptibles d avoir été infectées sans les ouvrir
  
• Double clique sur le raccourci UsbFix présent sur ton bureau .
  
• Choisis option 1 ( Recherche ) et laisse travailler l outil.
  
• Ensuite poste le rapport UsbFix.txt qui apparaitra.
  

 

Notes :

 

- Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

- Le processus "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.

Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

[OPH03]

Salut

Je n'ai trouvé aucuns des programme que tu me demandes de désinstaller

 

Voici le rapport OTM:

 

All processes killed

Error: Unable to interpret <:first> in the current context!

========== SERVICES/DRIVERS ==========

Service vspf stopped successfully!

Service vspf deleted successfully!

Service vspf_hk stopped successfully!

Service vspf_hk deleted successfully!

========== FILES ==========

C:\WINDOWS\system32\fjhdyfhsn.bat moved successfully.

File/Folder C:\WINDOWS\system32\drivers\vspf5.sys not found.

File/Folder C:\WINDOWS\system32\drivers\vspf_hk5.sys not found.

File move failed. C:\WINDOWS\system32\drivers\rxwttm.sys scheduled to be moved on reboot.

File/Folder C:\WINDOWS\system32\drivers\pzcwoc.sys not found.

File/Folder C:\WINDOWS\system32\dwdsregt.exe not found.

File/Folder C:\WINDOWS\system32\pwinkodv.exe not found.

C:\Program Files\Dealio Toolbar\Res folder moved successfully.

C:\Program Files\Dealio Toolbar\IE\4.0.2 folder moved successfully.

C:\Program Files\Dealio Toolbar\IE folder moved successfully.

C:\Program Files\Dealio Toolbar folder moved successfully.

C:\Program Files\Search Settings\temp folder moved successfully.

C:\Program Files\Search Settings\res folder moved successfully.

C:\Program Files\Search Settings\kb128 folder moved successfully.

C:\Program Files\Search Settings folder moved successfully.

File/Folder C:\Program Files\Winsos not found.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Wallpaper deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WINSOS VERIFY deleted successfully.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c19b3c20-f441-11dc-b9c2-0013d4fa6482}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c19b3c20-f441-11dc-b9c2-0013d4fa6482}\ not found.

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c93078be-b383-11da-af32-0013d4fa6482}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c93078be-b383-11da-af32-0013d4fa6482}\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 115616 bytes

->Temporary Internet Files folder emptied: 10966631 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: PC

->Temp folder emptied: 1804152155 bytes

->Temporary Internet Files folder emptied: 263833383 bytes

->Java cache emptied: 47009444 bytes

->FireFox cache emptied: 3863426 bytes

->Google Chrome cache emptied: 6209024 bytes

->Flash cache emptied: 104448 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 33748435 bytes

%systemroot%\System32 .tmp files removed: 3433472 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 468682338 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13489980 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 2735278878 bytes

 

Total Files Cleaned = 5 141,00 mb

 

 

OTM by OldTimer - Version 3.1.10.1 log created on 04162010_163455

 

Files moved on Reboot...

File move failed. C:\WINDOWS\system32\drivers\rxwttm.sys scheduled to be moved on reboot.

C:\Documents and Settings\PC\Local Settings\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.

File C:\Documents and Settings\PC\Local Settings\Temp\~DFB8AB.tmp not found!

File C:\Documents and Settings\PC\Local Settings\Temp\~DFB8C8.tmp not found!

File C:\Documents and Settings\PC\Local Settings\Temp\~DFB9DC.tmp not found!

File C:\Documents and Settings\PC\Local Settings\Temp\~DFBAB8.tmp not found!

File C:\Documents and Settings\PC\Local Settings\Temp\~DFBBE5.tmp not found!

File C:\Documents and Settings\PC\Local Settings\Temp\~DFBC52.tmp not found!

C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\WY793UBM\img[9].htm moved successfully.

C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\WY793UBM\rectangle_300x250[1].htm moved successfully.

C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\PA182AYE\infection-par-cheval-de-troie-tr-rootkitgen-t175772[1].htm moved successfully.

C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\I6HUT0QG\signin[1].htm moved successfully.

C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\ECIUV4ES\ban_728x90[2].htm moved successfully.

C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\ECIUV4ES\povh[1].htm moved successfully.

C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\AP8I4UEU\img[5].htm moved successfully.

C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\9OZEOXN6\iframe[1].htm moved successfully.

C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\7R8QYQI6\hp[1].htm moved successfully.

C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\7R8QYQI6\iframe[1].htm moved successfully.

C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\6W8NNKP5\ads[5].htm moved successfully.

C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

 

Registry entries deleted on Reboot...

 

ET le rapport UsbFix:

 

 

############################## | UsbFix V6.104 |

 

User : PC (Administrateurs) # PC-DDAB81E294D0

Update on 14/04/2010 by El Desaparecido , C_XX & Chimay8

Start at: 16:58:56 | 16/04/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

AMD Athlon 64 Processor 3000+

Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

 

A:\ -> Lecteur de disquettes 3 ½ pouces

C:\ -> Disque fixe local # 122,08 Go (93,69 Go free) [sYSTEM] # NTFS

D:\ -> Disque CD-ROM

E:\ -> Disque fixe local # 110,81 Go (110,73 Go free) [DATA] # NTFS

G:\ -> Disque amovible # 975,88 Mo (500,84 Mo free) [Koon-Memup] # FAT32

H:\ -> Disque amovible

 

################## | Elements infectieux |

 

C:\log.txt

E:\autorun.inf

G:\autorun.inf

 

################## | Registre |

 

 

################## | Mountpoints2 |

 

HKCU\..\..\Explorer\MountPoints2\E

Shell\AutoRun\command =E:\setupSNK.exe

 

HKCU\..\..\Explorer\MountPoints2\{5226d7c1-e96c-11dd-9cba-806d6172696f}

Shell\AutoRun\command =E:\setupSNK.exe

 

HKCU\..\..\Explorer\MountPoints2\{d1bb9ff9-a2c4-11da-9e38-806d6172696f}

Shell\AutoRun\command =D:\ASUSACPI.exe

 

################## | Vaccin |

 

 

################## | ! Fin du rapport # UsbFix V6.104 ! |

[Thanos]

re!

 

Ok: on a un résistant manifestement!

Continue comme ceci =>

 

1°) Il faut que tu désactives le bouclier d'Antivir: Fais un clic droit sur l'icône d'Antivir dans la barre des tâches et décoche Activer Antivir Guard. Le parapluie rouge doit être plié après ca.

 

2°) Utilisation de ComboFix =>

 

• Fais un clic sur le bouton droit de ta souris ICI
  
• Choisis Enregistrer la cible (du lien) sous > une fenêtre s'ouvre >>
  
• Dans le champs à droite de "Nom du Fichier" en bas de page, modifie le nom présent (ComboFix.exe) et met ceci >> OPH03.exe
  
• Enregistre-le fichier sur le Bureau: pour cela clique sur le bouton Enregistrer.
  
• Assure toi que tous les programmes soient fermés avant de lancer le fix!
  
• Fait un double clique sur OPH03.exe.
  
• Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  
• Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur ton PC avant toute suppression de nuisibles. Elle te permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de t'aider plus facilement si jamais ton ordinateur rencontre un problème après une tentative de nettoyage.
  
• Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela t'est demandé, accepte le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.
  

 

**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

 

Une fois que la Console de récupération Microsoft Windows est installée via ComboFix, tu dois voir le message suivant:

• Tape sur la touche Y (Yes) pour poursuivre avec la recherche de nuisibles.
  
• Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
  
• Si le rapport est trop long, poste le en deux fois.
  
• Si tu ne vois pas le rapport, tu le trouveras ici > C:\ComboFix.txt
  

[OPH03]

Roo la poisse

 

Voilà le rapport, en 2 fois:

 

ComboFix 10-04-15.05 - PC 16/04/2010 21:18:23.1.1 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.283 [GMT 2:00]

Lancé depuis: c:\documents and settings\PC\Bureau\OPH03.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\PC\Recent\Thumbs.db

C:\WA6P

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf

c:\windows\system32\_000111_.tmp.dll

c:\windows\system32\drivers\lvusbsta.sys

c:\windows\system32\SmartShopper

c:\windows\system32\SmartShopper\js.dll

c:\windows\system32\SmartShopper\msvcr71d.dll

c:\windows\system32\winpfz32.sys

E:\Autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_FOPN

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-03-16 au 2010-04-16 ))))))))))))))))))))))))))))))))))))

.

 

2010-04-16 14:57 . 2010-04-16 15:00 -------- d-----w- C:\UsbFix

2010-04-16 14:34 . 2010-04-16 14:34 -------- d-----w- C:\_OTM

2010-04-15 17:17 . 2010-04-15 17:17 -------- d-----w- C:\rsit

2010-04-15 17:04 . 2010-04-15 17:04 54016 ----a-w- c:\windows\system32\drivers\ugwvh.sys

2010-04-14 09:01 . 2010-04-14 09:01 -------- d-----w- c:\documents and settings\PC\Application Data\Malwarebytes

2010-04-14 09:01 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-14 09:00 . 2010-04-14 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-04-14 09:00 . 2010-04-14 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-14 09:00 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-08 16:30 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys

2010-04-08 16:30 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2010-04-08 14:20 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-04-08 14:20 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-04-08 14:17 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys

2010-04-08 14:17 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\Changer.sys

2010-03-31 16:30 . 2010-03-31 16:30 503808 ----a-w- c:\documents and settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4a92362f-n\msvcp71.dll

2010-03-31 16:30 . 2010-03-31 16:30 499712 ----a-w- c:\documents and settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4a92362f-n\jmc.dll

2010-03-31 16:30 . 2010-03-31 16:30 348160 ----a-w- c:\documents and settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4a92362f-n\msvcr71.dll

2010-03-31 16:30 . 2010-03-31 16:30 61440 ----a-w- c:\documents and settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-24f99b79-n\decora-sse.dll

2010-03-31 16:30 . 2010-03-31 16:30 12800 ----a-w- c:\documents and settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-24f99b79-n\decora-d3d.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-16 19:33 . 2010-04-16 19:33 586240 ----a-w- c:\windows\system32\drivers\iytkb.sys

2010-04-16 19:33 . 2009-12-16 16:51 802304 ----a-w- c:\windows\system32\drivers\rxwttm.sys

2010-04-16 19:30 . 2006-02-22 14:13 -------- d-----w- c:\documents and settings\PC\Application Data\OpenOffice.org2

2010-03-31 16:30 . 2007-01-06 11:11 -------- d-----w- c:\program files\Fichiers communs\Java

2010-03-31 16:29 . 2007-01-06 11:14 -------- d-----w- c:\program files\Java

2010-03-30 13:08 . 2004-08-05 12:00 80856 ----a-w- c:\windows\system32\perfc00C.dat

2010-03-30 13:08 . 2004-08-05 12:00 500814 ----a-w- c:\windows\system32\perfh00C.dat

2010-03-10 06:16 . 2004-08-05 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-09 02:28 . 2009-06-13 13:01 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-25 06:17 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2004-08-05 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-17 12:07 . 2004-08-05 12:00 2192000 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:07 . 2004-08-04 00:48 2068864 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 10:03 . 2010-03-05 17:12 293376 ------w- c:\windows\system32\browserchoice.exe

2010-02-12 04:34 . 2004-08-05 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-05 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2010-02-07 08:02 . 2010-02-07 08:02 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-02-06 16:29 . 2006-02-21 09:59 65600 ----a-w- c:\documents and settings\PC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2007-03-09 15:27 . 2007-03-09 15:27 17929072 ----a-w- c:\program files\Install_Messenger.exe

2006-08-12 11:47 . 2006-08-12 11:47 5632 --sha-w- c:\program files\Thumbs.db

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]

2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Configuration de la C-BOX"="c:\program files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [2004-12-21 395264]

"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-05-29 190024]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]

"Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]

"nwiz"="nwiz.exe" [2005-11-11 1519616]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2005-12-08 35328]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-11-26 1349120]

"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

 

c:\documents and settings\PC\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Contr“leur de calendrier Ulead.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2006-3-11 69632]

HPAiODevice(hp psc 700 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [2002-4-30 487484]

Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

Pense-bˆte.lnk - c:\program files\Broderbund\PrintMaster\PMREMIND.EXE [2006-6-28 335872]

REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe [2010-2-7 933888]

 

 

 

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0stera

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\PeerTV\\PeerCast.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\Media Player Classic\\mplayerc.exe"=

"c:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=

"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Shareaza\\Shareaza.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot

"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot

"53:UDP"= 53:UDP:Realtek AP UDP Prot

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [02/12/2009 12:56 108289]

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [07/02/2010 10:01 591488]

S2 Ca533av;Cam 3200, WDM Video Capture;c:\windows\system32\drivers\ca533av.sys [08/04/2006 19:11 515803]

S2 Ca536av;DV 3500(Video);c:\windows\system32\Drivers\Ca536av.sys --> c:\windows\system32\Drivers\Ca536av.sys [?]

S2 gupdate1c9dfd3458a3c2;Service Google Update (gupdate1c9dfd3458a3c2);c:\program files\Google\Update\GoogleUpdate.exe [28/05/2009 22:29 133104]

 

--- Autres Services/Pilotes en mémoire ---

 

*NewlyCreated* - IYTKB

*Deregistered* - iytkb

*Deregistered* - rxwttm

.

Contenu du dossier 'Tâches planifiées'

 

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 20:29]

 

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 20:29]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.sfr.fr/kit/adsl/

uInternet Settings,ProxyOverride = localhost

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://mm.tf1.fr/superdistribution/installer2.cab

.

- - - - ORPHELINS SUPPRIMES - - - -

 

AddRemove-CompanionWizard - c:\program files\Common Files\Companion Wizard\compwiz.exe

AddRemove-hyzsdew - c:\documents and settings\pc\local settings\application data\hyzsdew.exe

AddRemove-SearchEnhancer - c:\windows\system32\SearchTool\uninstallSE.exe

AddRemove-SmartShopper - c:\windows\system32\SmartShopper\uninstallSE.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-16 21:28

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iytkb]

 

--

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rxwttm]

 

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(2712)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\SOUNDMAN.EXE

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\RUNDLL32.EXE

c:\progra~1\MICROS~4\wcescomm.exe

c:\progra~1\MICROS~4\rapimgr.exe

c:\progra~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

c:\program files\OpenOffice.org 2.0\program\soffice.exe

c:\program files\OpenOffice.org 2.0\program\soffice.BIN

c:\windows\system32\hpoipm07.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2010-04-16 21:35:58 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-04-16 19:35

 

Avant-CF: 100 454 866 944 octets libres

Après-CF: 100 376 629 248 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

 

- - End Of File - - 39EA14A44EF802F8654A104B1F6A6D85

[Thanos]

on nettoie le reste avec ce script =>

1°) Rends toi sur cette page afin de télécharger le fichier CFScript > http://senduit.com/1ee048

Patiente une seconde: le téléchargement va se lancer automatiquement.

• Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
  
  
• Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!
  Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt
  

Note: Le script proposé est adapté au cas de OPH03 : Vous ne devez en aucun cas l'utiliser sur votre pc!

2°) J'aimerai que tu m'expédie un fichier stp >>

• Fais un clic droit sur le dossier C:\Qoobox
  
• Dans la liste qui se déroule, choisis > Envoyer vers > Dossier compressé
  
• Un fichier nommé QooBox.zip doit apparaitre dans le même répertoire (C:\)
  
• Rend toi ensuite sur cette page > http://www.sendspace.com
  
• Clique sur le bouton "Parcourir": une fenêtre s'ouvre=> copie/colle ceci dans le champs à droite de "Nom du Fichier" en bas de page >> C:\QooBox.zip
  
• Clique maintenant sur "ouvrir" en bas de la fenêtre.
  
• Coche la case "I have read and agree to the terms of service."
  
• Clique enfin sur le bouton Upload File .
  
• Une nouvelle fenêtre va s'ouvrir et te donner le lien d'upload : envoie le moi par MP stp
  

[OPH03]

ComboFix 10-04-15.05 - PC 16/04/2010 22:10:33.2.1 - x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.219 [GMT 2:00]

Lancé depuis: c:\documents and settings\PC\Bureau\OPH03.exe

Commutateurs utilisés :: c:\documents and settings\PC\Bureau\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_iytkb

-------\Legacy_rxwttm

-------\Service_iytkb

-------\Service_rxwttm

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2010-03-16 au 2010-04-16 ))))))))))))))))))))))))))))))))))))

.

 

2010-04-16 19:14 . 2010-04-16 19:36 -------- d-----w- C:\OPH03

2010-04-16 14:57 . 2010-04-16 15:00 -------- d-----w- C:\UsbFix

2010-04-16 14:34 . 2010-04-16 14:34 -------- d-----w- C:\_OTM

2010-04-15 17:17 . 2010-04-15 17:17 -------- d-----w- C:\rsit

2010-04-14 09:01 . 2010-04-14 09:01 -------- d-----w- c:\documents and settings\PC\Application Data\Malwarebytes

2010-04-14 09:01 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-14 09:00 . 2010-04-14 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-04-14 09:00 . 2010-04-14 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-14 09:00 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-08 16:30 . 2008-04-13 18:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys

2010-04-08 16:30 . 2008-04-13 18:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2010-04-08 14:20 . 2008-04-13 18:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-04-08 14:20 . 2008-04-13 18:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-04-08 14:17 . 2008-04-13 18:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys

2010-04-08 14:17 . 2008-04-13 18:40 8192 ----a-w- c:\windows\system32\drivers\Changer.sys

2010-03-31 16:30 . 2010-03-31 16:30 503808 ----a-w- c:\documents and settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4a92362f-n\msvcp71.dll

2010-03-31 16:30 . 2010-03-31 16:30 499712 ----a-w- c:\documents and settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4a92362f-n\jmc.dll

2010-03-31 16:30 . 2010-03-31 16:30 348160 ----a-w- c:\documents and settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4a92362f-n\msvcr71.dll

2010-03-31 16:30 . 2010-03-31 16:30 61440 ----a-w- c:\documents and settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-24f99b79-n\decora-sse.dll

2010-03-31 16:30 . 2010-03-31 16:30 12800 ----a-w- c:\documents and settings\PC\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-24f99b79-n\decora-d3d.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-16 20:21 . 2006-02-22 14:13 -------- d-----w- c:\documents and settings\PC\Application Data\OpenOffice.org2

2010-03-31 16:30 . 2007-01-06 11:11 -------- d-----w- c:\program files\Fichiers communs\Java

2010-03-31 16:29 . 2007-01-06 11:14 -------- d-----w- c:\program files\Java

2010-03-30 13:08 . 2004-08-05 12:00 80856 ----a-w- c:\windows\system32\perfc00C.dat

2010-03-30 13:08 . 2004-08-05 12:00 500814 ----a-w- c:\windows\system32\perfh00C.dat

2010-03-10 06:16 . 2004-08-05 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-09 02:28 . 2009-06-13 13:01 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-25 06:17 . 2004-08-05 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2004-08-05 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-17 12:07 . 2004-08-05 12:00 2192000 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:07 . 2004-08-04 00:48 2068864 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 10:03 . 2010-03-05 17:12 293376 ------w- c:\windows\system32\browserchoice.exe

2010-02-12 04:34 . 2004-08-05 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2004-08-05 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2010-02-07 08:02 . 2010-02-07 08:02 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys

2010-02-06 16:29 . 2006-02-21 09:59 65600 ----a-w- c:\documents and settings\PC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2007-03-09 15:27 . 2007-03-09 15:27 17929072 ----a-w- c:\program files\Install_Messenger.exe

2006-08-12 11:47 . 2006-08-12 11:47 5632 --sha-w- c:\program files\Thumbs.db

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]

2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Configuration de la C-BOX"="c:\program files\Cegetel\C-BOX\Wizard\QuickAccess.exe" [2004-12-21 395264]

"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-05-29 190024]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]

"Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-04-15 77824]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-11-11 7311360]

"nwiz"="nwiz.exe" [2005-11-11 1519616]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2005-12-08 35328]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2004-11-26 1349120]

"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-11-11 86016]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

 

c:\documents and settings\PC\Menu D‚marrer\Programmes\D‚marrage\

OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-12-14 61440]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Contr“leur de calendrier Ulead.lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2006-3-11 69632]

HPAiODevice(hp psc 700 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [2002-4-30 487484]

Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

Pense-bˆte.lnk - c:\program files\Broderbund\PrintMaster\PMREMIND.EXE [2006-6-28 335872]

REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe [2010-2-7 933888]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0stera

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\PeerTV\\PeerCast.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\Media Player Classic\\mplayerc.exe"=

"c:\\Program Files\\Firefly Studios\\CivCity Rome\\CivCity Rome.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=

"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Shareaza\\Shareaza.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot

"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot

"53:UDP"= 53:UDP:Realtek AP UDP Prot

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [02/12/2009 12:56 108289]

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08/01/2010 01:51 380928]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [07/02/2010 10:01 591488]

S2 Ca533av;Cam 3200, WDM Video Capture;c:\windows\system32\drivers\ca533av.sys [08/04/2006 19:11 515803]

S2 Ca536av;DV 3500(Video);c:\windows\system32\Drivers\Ca536av.sys --> c:\windows\system32\Drivers\Ca536av.sys [?]

S2 gupdate1c9dfd3458a3c2;Service Google Update (gupdate1c9dfd3458a3c2);c:\program files\Google\Update\GoogleUpdate.exe [28/05/2009 22:29 133104]

.

Contenu du dossier 'Tâches planifiées'

 

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 20:29]

 

2010-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 20:29]

.

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://www.sfr.fr/kit/adsl/

uInternet Settings,ProxyOverride = localhost

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://mm.tf1.fr/superdistribution/installer2.cab

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-16 22:19

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'explorer.exe'(732)

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\SOUNDMAN.EXE

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\wbem\wmiapsrv.exe

c:\progra~1\MICROS~4\wcescomm.exe

c:\progra~1\MICROS~4\rapimgr.exe

c:\program files\OpenOffice.org 2.0\program\soffice.exe

c:\program files\OpenOffice.org 2.0\program\soffice.BIN

c:\progra~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

c:\windows\system32\hpoipm07.exe

.

**************************************************************************

.

Heure de fin: 2010-04-16 22:26:17 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-04-16 20:26

ComboFix2.txt 2010-04-16 19:35

 

Avant-CF: 100 380 643 328 octets libres

Après-CF: 100 347 805 696 octets libres

 

- - End Of File - - 75C062DB54D6E74DDF9C05B657B5A922