Sujet Précédent Sujet Suivant

Infection Bagle...aidez-moi

morbih44 Messages postés 17 Statut Membre -  
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,

J'ai à mon tour chopé un virus Bagle suite à un téléchargement e-mule (ça me servira de leçon !).
J'ai regardé pas mal de post et essayé de "puger" les fichiers à l'aide de Elibagla mais au bout de 200 fichiers analysés, le programme s'arrête. J'ai beau le relancer, le résultat est systématiquement le même. Je n'obtiens donc pas de rapport d'analyse.
N'ayant que des connaissances moyennes en informatique, j'ai lancé l'analyse avec findykill mais je m'en remets à une âme charitable pour aller plus loin.
Voici le rapport d'analyse Findykill, merci de votre aide pour me dire quoi faire maintenant.

----------------- FindyKill V4.711 ------------------

* User : HAMON - HAMON-C259627D4
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 10:12:49 le 11/01/2009
* Windows XP - Internet Explorer 7.0.5730.11

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\drivers\esentutl.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

Found ! [11/01/2009 10:08] - C:\InfoSat.txt

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\193859.EXE-13E62064.pf
Found ! - C:\WINDOWS\prefetch\195843.EXE-088A5B70.pf
Found ! - C:\WINDOWS\prefetch\248734.EXE-328C1FAD.pf
Found ! - C:\WINDOWS\prefetch\265500.EXE-320867F3.pf
Found ! - C:\WINDOWS\prefetch\269031.EXE-325AD223.pf
Found ! - C:\WINDOWS\prefetch\30766968.EXE-088CEB2E.pf
Found ! - C:\WINDOWS\prefetch\30901109.EXE-01606CC0.pf
Found ! - C:\WINDOWS\prefetch\31050218.EXE-32E682EC.pf
Found ! - C:\WINDOWS\prefetch\31069578.EXE-20F82849.pf
Found ! - C:\WINDOWS\prefetch\345500.EXE-1A044007.pf
Found ! - C:\WINDOWS\prefetch\366625.EXE-31D639CD.pf
Found ! - C:\WINDOWS\prefetch\390609.EXE-1C2E54A5.pf
Found ! - C:\WINDOWS\prefetch\413234.EXE-1701DBCE.pf
Found ! - C:\WINDOWS\prefetch\FLEC006.EXE-283746DD.pf
Found ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Found ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Found ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-01684A29.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

Found ! [10/01/2009 17:51] - C:\WINDOWS\system32\mdelk.exe
Found ! [10/01/2009 17:51] - C:\WINDOWS\system32\wintems.exe

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans C:\Documents and Settings\HAMON\Application Data

Found ! [10/01/2009 17:52] - "C:\Documents and Settings\HAMON\Application Data\m\flec006.exe"
Found ! [11/01/2009 10:06] - "C:\Documents and Settings\HAMON\Application Data\m\shared"
Found ! [11/01/2009 10:08] - "C:\Documents and Settings\HAMON\Application Data\m"
Found ! [10/01/2009 18:10] - "C:\Documents and Settings\HAMON\Application Data\drivers"
Found ! [10/01/2009 17:51] - "C:\Documents and Settings\HAMON\Application Data\drivers\srosa.sys"
Found ! [10/01/2009 18:16] - "C:\Documents and Settings\HAMON\Application Data\drivers\downld"

»»»» Presence des fichiers dans C:\DOCUME~1\HAMON\LOCALS~1\Temp

»»»» Presence des fichiers dans C:\Documents and Settings\HAMON\Local Settings\Temporary Internet Files\Content.IE5

Found ! [12/01/2008 12:38] - C:\Documents and Settings\HAMON\Application Data\Adobe\XMP\FileInfoLibPrefs.txt
Found ! [06/10/2006 09:36] - C:\Documents and Settings\HAMON\Local Settings\Application Data\Adobe\Flash CS3\fr\Configuration\filelist.txt
Found ! [11/01/2009 10:04] - C:\Documents and Settings\HAMON\Local Settings\Temporary Internet Files\Content.IE5\5F00YVNE\file[1].txt
Found ! [06/10/2006 09:36] - C:\Program Files\Adobe\Adobe Flash CS3\fr\First Run\filelist.txt

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WD Button Manager=WDBtnMgr.exe
USBToolTip="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
USB2Check=RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
SigmatelSysTrayApp=sttray.exe
RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
nwiz=nwiz.exe /installquiet
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
IntelAudioStudio="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
HP Software Update="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
HP Component Manager="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ISUSPM="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
PinnacleDriverCheck=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
Acrobat Assistant 8.0="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
<NO NAME>=
DWQueuedReporting="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_CURRENT_USER\software\local appwizard-generated applications\DestComp]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\GoogleToolbarNotifier]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\hpqptc08]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Registrar]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\run]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro]

--------------- [ Registre / Clés infectieuses ] ----------------

Found ! - HKEY_USERS\S-1-5-21-1606980848-113007714-1801674531-1003\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_USERS\S-1-5-21-1606980848-113007714-1801674531-1003\Software\FFC
Found ! - HKEY_USERS\S-1-5-21-1606980848-113007714-1801674531-1003\Software\FirtR
Found ! - HKEY_USERS\S-1-5-21-1606980848-113007714-1801674531-1003\Software\MuleAppData
Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s
Found ! - HKEY_CURRENT_USER\Software\FirtR

/!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1
/!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

/!\ Ndisuio - Type de démarrage = 4

EapHost - Type de démarrage = 3

/!\ Ip6Fw - Type de démarrage = 4

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

/!\ wscsvc - Type de démarrage = 4

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

E: - Lecteur de CD-ROM

J: - Lecteur fixe

+- Contenu de l'autorun : E:\autorun.inf

[autorun]
open=autorun.exe
icon=autorun.exe

+- presence des fichiers :

Found ! [30/05/2008 07:54][-r-------] - E:\autorun.inf

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

33 réponses

  • 1
  • 2
Réponse 1 / 33
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Salut,

--> Supprime tes cracks et keygens.

--> Double-clique sur le raccourci FindyKill sur ton Bureau.

--> Au menu principal, choisis l'option 2 (Suppression).

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

--> Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
0
Réponse 2 / 33
morbih44 Messages postés 17 Statut Membre
 
Je suis donc passé à l'étape 2 et voici le rapport.
Pensez-vous que tout est OK maintenant ?

----------------- FindyKill V4.711 ------------------

* User : HAMON - HAMON-C259627D4
* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 12:29:06 the 11/01/2009
* Windows XP - Internet Explorer 7.0.5730.11

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

Deleted ! - C:\InfoSat.txt

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\193859.EXE-13E62064.pf
Deleted ! - C:\WINDOWS\prefetch\195843.EXE-088A5B70.pf
Deleted ! - C:\WINDOWS\prefetch\248734.EXE-328C1FAD.pf
Deleted ! - C:\WINDOWS\prefetch\265500.EXE-320867F3.pf
Deleted ! - C:\WINDOWS\prefetch\269031.EXE-325AD223.pf
Deleted ! - C:\WINDOWS\prefetch\30766968.EXE-088CEB2E.pf
Deleted ! - C:\WINDOWS\prefetch\30901109.EXE-01606CC0.pf
Deleted ! - C:\WINDOWS\prefetch\31050218.EXE-32E682EC.pf
Deleted ! - C:\WINDOWS\prefetch\31069578.EXE-20F82849.pf
Deleted ! - C:\WINDOWS\prefetch\345500.EXE-1A044007.pf
Deleted ! - C:\WINDOWS\prefetch\366625.EXE-31D639CD.pf
Deleted ! - C:\WINDOWS\prefetch\390609.EXE-1C2E54A5.pf
Deleted ! - C:\WINDOWS\prefetch\413234.EXE-1701DBCE.pf
Deleted ! - C:\WINDOWS\prefetch\FLEC006.EXE-283746DD.pf
Deleted ! - C:\WINDOWS\prefetch\MDELK.EXE-1D176F91.pf
Deleted ! - C:\WINDOWS\prefetch\WINTEMS.EXE-2A563F9B.pf
Deleted ! - C:\WINDOWS\prefetch\WINUPGRO.EXE-01684A29.pf

»»»» Supression files in C:\WINDOWS\system32

Deleted ! - C:\WINDOWS\system32\mdelk.exe
Deleted ! - C:\WINDOWS\system32\wintems.exe
Deleted ! - C:\WINDOWS\system32\ban_list.txt

»»»» Supression files in C:\WINDOWS\system32\drivers

»»»» Supression files in C:\Documents and Settings\HAMON\Application Data

Deleted ! - "C:\Documents and Settings\HAMON\Application Data\m\flec006.exe"
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\2.Avp.Kaspersky.Antivirus.4.5.Kav.Keyfiles.(26-10-2007).zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\3dsviewer 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\4Musics WMA to OGG Converter 4.2.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\AC3 Delay Corrector 2.1 beta 1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\AccuSplit 4.5.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\AcidDreamer.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Across The DeskTop 1.3.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\ActivePatch 1.2.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Actual Luscher 1.1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\AddReg 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Adventnet SNMP API .NET 4.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Age of Empires 2 DeLuxe Edition Mobile v2.0.33.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Air Messenger Pro 8.2.2.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\AmeriLib 0.1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\AmoK DVD Shrinker 1.3.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\anda_1960.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Attachment Auto Saver for Outlook 1.2.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Audio Music Editor 2.3.6.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Awave Audio 10.2.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Aztec Font 2.0.1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\BackPage Reader 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Bassett Hounds 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\C++ Server Pages 1.5.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Capture Solution 9.2.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\CD Slide Show Generator 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Cheetah Database System.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Chromium Picolinate Fat Loss 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Contact Container 1.0.2.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Cool IPod Converter 2.2.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Cute Reminder Enterprise Edition 2.6.317.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\DirectSkin 5.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Draughts Maker 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Dyro Pop Maker 1.601.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Easter & Whit Calculator 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\EasyQuery.NET (WebForms) 2.3.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\EpNamer 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\F-Prot.AntiVirus.v3.16f.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\FilmUP 0.1.0.340.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Flash Vertical Menu 1.0.1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Flean 0.10.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\FolderIcon 2.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\foo removefromqueue 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Fractangles Screensaver 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\FreePicGrabber 3.2.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\GETPUBAPP 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Golf Handicapper 7.7.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\HAL-9000 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Insert iTunes Currently Playing Plugin 1.0.1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Kaspersky.Antivirus.Personal.5.0.372.(espaÇñol).zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Kiwi Application Monitor 1.1.3.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\LBE Synchronizer for MS Outlook 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Light Note 2.1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\LingvoSoft Talking Dictionary 2008 Spanish - Chinese Traditional 4.1.29.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\LinPro 2.7.2..zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\MapKeyboard 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\McAfee.VirusScan.Mobile.v1.11.S60.SymbianOS7.Cracked20060530111621.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\McAfee.VirusScan.Professional.2006.10.0.25-setup-crack.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Me Speaking 3.02.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Meta Tags Retriever 1.1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Microsoft Dynamics CRM SDK 4.0.6.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Moyea SWF to Video Converter Pro 3.2.1.1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Murphy's laws 1.0.0.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Music 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\MusiCat 1.03.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\MZL & Novatech Traffic Statistics 1.2.0.1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\NepTune 0.12.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\NetOp Remote Control 9.21 Build 2008316.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Network Probe 2.7.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Netxpression 3.7.5.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\No Smoke 4.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\NOD32.Antivirus.System.2.51.26.(NT2000XP2003x64).en.espaÇñol.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Ocean Sunsets Photo Screensaver 2.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\OfficeAssistor 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\OLEJA 1.01.09.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\PDF417 Java Barcode.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Phpmole 1.3.1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\PIMHelper 1.20.002.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\PLIEP 1.35.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Postscript to Text Converter 2.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Power Quotes of The Bible.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Princess Caculator 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Quote Vision 1.15.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\RapidSpell Desktop Java 2.2.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\RE
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Reasonable Archiver 1.1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Remind-Me 4.7.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Renamer Pro 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Sacred Heart Screen Saver 1.01.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Science Database 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\ScrollBar Styler 5.5.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Serial Port Monitoring Control 1.03.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\SimpleDivX 1.40.25.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\SkinCalc 3.5.9.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\SmartReplace 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Smith Lottery 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Smooth Operators 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Snappy PhotoCard Creator Advanced 2.00.2181.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Softener 1.30.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\specialwarrior_nokia_n95.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Stars Channel Gadget 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Steam Calculator 2.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\SurfBook 1.2.1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Symantec.AntiVirus.Corporate.Edition.v10.1.5.5000-DVT.part2.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Syndication Studio 2004 1.1.0.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\System Center Virtual Machine Manager 2008.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\System Guard 5.0.18.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Taverna 1.7.0.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\TIFF Image Printer 7.0.022.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Total Text Container 0.A068.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\TParadoxDSNCreator 1.002.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Tsarist Russia in Color 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Ultralingua French - English MEDICAL Dictionary 5.03.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Unixtime 2 Date 1.02.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Vector Visuals 2006.12.02.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Video and Music to iPhone Converter 4.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Vista Nature 1.1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Web Page Archiver 1.2.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\WebMail Alert 1.56.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\WinDiff 5.1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\WinFront
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\WM Recorder 12.2.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Wooden Web 1.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\WS Matrix Screensaver 1.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\XPClock Plus 1.74.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Yaldex Colored ScrollBars 2.0.zip
Deleted ! - C:\Documents and Settings\HAMON\Application Data\m\shared\Zoom Search Engine 5.1 Build 1011.zip
Deleted ! - "C:\Documents and Settings\HAMON\Application Data\m\shared"
Deleted ! - "C:\Documents and Settings\HAMON\Application Data\m"
Deleted ! - "C:\Documents and Settings\HAMON\Application Data\drivers\srosa.sys"
Deleted ! - "C:\Documents and Settings\HAMON\Application Data\drivers\downld"
Deleted ! - "C:\Documents and Settings\HAMON\Application Data\drivers"

»»»» Supression files in C:\DOCUME~1\HAMON\LOCALS~1\Temp

»»»» Supression files in C:\Documents and Settings\HAMON\Local Settings\Temporary Internet Files\Content.IE5

Deleted ! - C:\Documents and Settings\HAMON\Local Settings\Temporary Internet Files\Content.IE5\5F00YVNE\file[1].txt

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
Deleted ! - HKEY_CURRENT_USER\Software\FirtR
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe
Deleted ! - HKEY_USERS\S-1-5-21-1606980848-113007714-1801674531-1003\Software\Local AppWizard-Generated Applications\winupgro
Deleted ! - HKEY_USERS\S-1-5-21-1606980848-113007714-1801674531-1003\Software\FFC
Deleted ! - HKEY_USERS\S-1-5-21-1606980848-113007714-1801674531-1003\Software\MuleAppData

--------------- [ States / Restarting of services ] ----------------

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

E: - Lecteur de CD-ROM

J: - Lecteur fixe

+- deleting files :

Not deleted !! - E:\autorun.inf

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Other Infections ] ----------------

Références de comparaison Bagle MD5 :

113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\mdelk.exe
113ac36b77630a2f67dd6cb7844406a4 C:\WINDOWS\system32\wintems.exe

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\HAMON\Mes documents\Musique\Shockwave sound\Demos\Demo Mid-tempo Background Music\Mid-tempo Background Music\Cracking the Code - preview.mp3

---------------- ! End of report ! ------------------
0
Réponse 3 / 33
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Réinstalle les applications qui ont été infectées (Antivirus...).

---> Puis fais ceci :

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 4 / 33
morbih44 Messages postés 17 Statut Membre
 
Ci-dessous le fichier log.txt :
Logfile of random's system information tool 1.05 (written by random/random)
Run by HAMON at 2009-01-11 13:18:20
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 73 GB (24%) free of 305 GB
Total RAM: 3326 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:37, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\HAMON\Bureau\RSIT.exe
C:\Program Files\trend micro\HAMON.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://e-mageconcept.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\System\mqtgsvc.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\HAMON\Application Data\drivers\winupgro.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\HAMON\Application Data\m\flec006.exe
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\WINDOWS\System32\drivers\esentutl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\HAMON\LOCALS~1\Temp\spoolsv.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\HAMON\LOCALS~1\Temp\dllhst3g.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\HAMON\LOCALS~1\Temp\dllhst3g.exe /waitservice (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553563000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 33
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
0
Réponse 6 / 33
morbih44 Messages postés 17 Statut Membre
 
Voilà le rapport de combofix.
Que faut-il en déduire en penser ?

ComboFix 09-01-10.03 - HAMON 2009-01-11 14:32:33.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3326.2689 [GMT 1:00]
Lancé depuis: c:\documents and settings\HAMON\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HAMON\Application Data\Microsoft\ieudinit.exe
c:\windows\system\mqtgsvc.exe
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.

2009-01-11 13:18 . 2009-01-11 13:18 <REP> d-------- C:\rsit
2009-01-11 13:18 . 2009-01-11 13:18 <REP> d-------- c:\program files\trend micro
2009-01-11 10:12 . 2009-01-11 12:39 <REP> d-------- c:\program files\FindyKill
2009-01-10 18:55 . 2009-01-10 18:55 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-01-10 17:41 . 2008-12-22 09:29 81,920 --a------ c:\windows\mstsc.exe
2009-01-09 10:50 . 2009-01-09 10:50 <REP> d-------- c:\program files\Kate's Video Converter
2009-01-09 10:50 . 2009-01-09 10:50 <REP> d-------- c:\program files\Fichiers communs\wsm
2009-01-06 11:07 . 2009-01-06 11:07 <REP> d-------- c:\documents and settings\All Users\Application Data\MemeoCommon
2009-01-06 11:06 . 2009-01-06 11:06 <REP> d-------- c:\documents and settings\HAMON\Application Data\Memeo
2009-01-06 11:05 . 2009-01-06 11:05 <REP> d-------- c:\program files\Fichiers communs\eSellerate
2009-01-03 15:12 . 2002-12-17 16:23 33,340 --------- c:\windows\system32\dbmsqlgc.dll
2009-01-03 15:12 . 2002-10-20 14:05 24,576 --------- c:\windows\system32\dbmsgnet.dll
2009-01-03 15:10 . 2009-01-03 15:10 <REP> d-------- c:\documents and settings\HAMON\Application Data\Sony
2009-01-03 15:08 . 2009-01-04 11:51 <REP> d-------- c:\program files\Sony
2009-01-03 15:07 . 2009-01-03 15:07 <REP> d-------- c:\program files\Sony Setup
2009-01-03 14:31 . 2008-04-13 20:46 49,024 --a------ c:\windows\system32\drivers\mstape.sys
2009-01-03 14:31 . 2008-04-13 20:46 49,024 --a--c--- c:\windows\system32\dllcache\mstape.sys
2009-01-03 14:31 . 2008-04-13 20:46 13,696 --a------ c:\windows\system32\drivers\avcstrm.sys
2009-01-03 14:31 . 2008-04-13 20:46 13,696 --a--c--- c:\windows\system32\dllcache\avcstrm.sys
2009-01-01 18:52 . 2009-01-01 18:52 <REP> d-------- c:\program files\ToniArts
2008-12-22 14:34 . 2008-12-24 16:28 <REP> d-------- c:\documents and settings\HAMON\Application Data\LimeWire
2008-12-22 14:33 . 2009-01-04 11:36 <REP> d-------- c:\program files\LimeWire
2008-12-22 09:29 . 2008-12-22 09:29 81,920 --a------ c:\windows\system32\drivers\esentutl.exe
2008-12-21 14:43 . 2008-12-21 14:43 <REP> d-------- c:\program files\Xara
2008-12-17 08:50 . 2008-12-17 09:23 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-17 08:49 . 2008-12-17 09:12 <REP> d-------- C:\Fraps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 08:58 --------- d-----w c:\program files\Google
2009-01-10 11:48 --------- d-----w c:\program files\eMule
2009-01-06 10:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 10:05 --------- d-----w c:\program files\Memeo
2009-01-06 09:33 --------- d-----w c:\documents and settings\HAMON\Application Data\VSO
2009-01-04 10:36 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-03 14:10 --------- d-----w c:\program files\Microsoft SQL Server
2008-12-22 09:31 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-21 13:43 --------- d-----w c:\program files\Common Files
2008-12-12 05:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-09 18:40 --------- d-----w c:\program files\Media Player Classic
2008-12-09 18:40 --------- d-----w c:\program files\Intel Audio Studio
2008-12-09 18:40 --------- d-----w c:\program files\Avanquest update
2008-12-09 18:40 --------- d-----w c:\program files\AdorageI-SAL
2008-12-07 11:29 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-07 11:29 --------- d-----w c:\program files\Java
2008-11-28 16:08 --------- d-----w c:\documents and settings\HAMON\Application Data\dvdcss
2008-11-27 15:55 --------- d-----w c:\program files\VSO
2008-11-17 16:58 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-11 08:19 --------- d-----w c:\program files\NOS
2008-11-11 08:19 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-17 17:37 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-01-05 18:03 36,868 ----a-w c:\program files\uninst-Particular.exe
2007-10-10 13:52 10,147,620 ----a-w c:\program files\QuicktracksInstaller3027.exe
2007-08-21 16:00 92,064 -c--a-w c:\documents and settings\HAMON\mqdmmdm.sys
2007-08-21 16:00 9,232 -c--a-w c:\documents and settings\HAMON\mqdmmdfl.sys
2007-08-21 16:00 79,328 -c--a-w c:\documents and settings\HAMON\mqdmserd.sys
2007-08-21 16:00 66,656 -c--a-w c:\documents and settings\HAMON\mqdmbus.sys
2007-08-21 16:00 6,208 -c--a-w c:\documents and settings\HAMON\mqdmcmnt.sys
2007-08-21 16:00 5,936 -c--a-w c:\documents and settings\HAMON\mqdmwhnt.sys
2007-08-21 16:00 4,048 -c--a-w c:\documents and settings\HAMON\mqdmcr.sys
2007-08-21 16:00 25,600 -c--a-w c:\documents and settings\HAMON\usbsermptxp.sys
2007-08-21 16:00 22,768 -c--a-w c:\documents and settings\HAMON\usbsermpt.sys
2002-07-26 15:02 153,088 ----a-w c:\program files\UNWISE.EXE
2008-09-19 03:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091920080920\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-09-21 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-21 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-21 8466432]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-08-02 9134080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"WD Button Manager"="WDBtnMgr.exe" [2008-05-23 c:\windows\system32\WDBtnMgr.exe]
"nwiz"="nwiz.exe" [2007-07-21 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Esent Utl"="c:\windows\System32\drivers\esentutl.exe" [2008-12-22 81920]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
Memeo AutoBackup Launcher.lnk - c:\windows\Installer\{17FE46DF-24DC-4888-BA8B-1C918A2E79ED}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2009-01-06 73728]
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2008-05-23 98304]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Adobe\\Adobe Premiere Pro CS3\\Adobe Premiere Pro.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 OxFWLF;OxFWLF;c:\windows\system32\drivers\OxFWLF.sys [2008-05-14 12616]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_X32.sys [2008-05-14 17664]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2008-04-17 25824]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be7f58ff-48c3-11dd-8272-00173f8c80f6}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cac9364f-6a6c-11dc-8204-00173f8c80f6}]
\Shell\AutoRun\command - j:\jdlightning\Windows\JDLightning.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-10 c:\windows\Tasks\SyncBack Sauvegarde e-mc.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe []

2009-01-10 c:\windows\Tasks\User_Feed_Synchronization-{C3113414-58F4-4923-A531-375B3E2F0CBC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-SigmatelSysTrayApp - sttray.exe
SafeBoot-sglfb.sys
SafeBoot-tga.sys
SafeBoot-wd.sys
SafeBoot-sacsvr

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.e-mageconcept.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: www.cic.fr
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 14:33:20
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,1d,f0,4c,ec,42,
92,54,33,e2,63,26,f1,3f,c8,ff,68,49,a2,a1,51,a3,11,09,4f,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,4b,aa,e1,72,cb,
86,3c,85,6a,9c,d6,61,af,45,84,18,98,32,35,99,0c,fe,c3,e7,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,af,3a,79,97,fa,
14,08,8c,ff,7c,85,e0,43,d4,0e,fe,e5,47,8a,92,48,aa,82,39,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,c7,06,4e,7e,23,
ab,91,1e,86,8c,21,01,be,91,eb,e7,b9,68,79,00,2f,3b,67,62,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,78,33,20,1c,14,
63,36,24,f5,1d,4d,73,a8,13,5c,05,23,80,13,b6,09,4f,d2,d7,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,25,ec,4c,d7,a6,
92,08,86,df,20,58,62,78,6b,cf,c8,3c,c3,ed,f9,1f,66,35,e3,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,19,9b,cc,88,f6,
0a,16,4e,fb,a7,78,e6,12,2f,9a,ea,ca,45,74,ea,b0,1c,66,21,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:fd,a3,96,b1,28,33,97,25,13,57,c7,2d,51,6c,ee,f2,a1,52,c5,d8,a8,
be,30,b6,07,ab,b1,2b,ea,1e,b6,ab,cf,9d,dd,d6,48,a7,9f,1e,fa,c3,5d,1e,b0,9f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,7e,fe,7d,82,41,
57,c5,2c,01,3a,48,fc,e8,04,4a,f1,5d,b2,ec,44,ba,fc,6f,a4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,08,05,ca,92,54,
d4,11,8d,f6,0f,4e,58,98,5b,89,c9,cd,8b,aa,58,02,c1,82,73,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,f6,ad,b0,aa,b8,
95,06,1e,3d,ce,ea,26,2d,45,aa,78,af,ad,51,a7,f9,a8,91,b5,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,09,07,da,55,30,
5f,c2,80,2a,b7,cc,b5,b9,7f,41,e7,7d,78,9e,54,e7,59,aa,e4,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,1e,28,4a,b0,0b,
61,62,7e,6c,43,2d,1e,aa,22,2f,9c,ad,a6,e5,32,7c,85,a9,2d,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:fd,a3,96,b1,28,33,97,25,13,57,c7,2d,51,6c,ee,f2,a1,52,c5,d8,a8,
be,30,b6,07,ab,b1,2b,ea,1e,b6,ab,cf,9d,dd,d6,48,a7,9f,1e,fa,c3,5d,1e,b0,9f,\
.
Heure de fin: 2009-01-11 14:34:44
ComboFix-quarantined-files.txt 2009-01-11 13:34:17

Avant-CF: 76 182 294 528 octets libres
Après-CF: 76,324,880,384 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

277 --- E O F --- 2008-12-18 09:02:18
0
Réponse 7 / 33
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
/!\ Seul morbih44, peut suivre cette procédure /!\

1/

---> Ouvre le Bloc-notes.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

KillAll::

Collect::[4]
c:\windows\System32\drivers\esentutl.exe

File::
c:\windows\Tasks\SyncBack Sauvegarde e-mc.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Esent Utl"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\HAMON\Application Data\m\flec006.exe"=-

FileLook::
C:\WINDOWS\mstsc.exe

---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes

2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix\Combofix.txt
0
Réponse 8 / 33
morbih44 Messages postés 17 Statut Membre
 
Suite à ton dernier message (et je te remercie vraiment beaucoup pour ton aide), voici le nouveau rapport :
Encore d'autres manips ??

ComboFix 09-01-10.03 - HAMON 2009-01-11 15:06:08.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.3326.2647 [GMT 1:00]
Lancé depuis: c:\documents and settings\HAMON\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\HAMON\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\Tasks\SyncBack Sauvegarde e-mc.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\drivers\esentutl.exe
c:\windows\Tasks\SyncBack Sauvegarde e-mc.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.

2009-01-11 13:18 . 2009-01-11 13:18 <REP> d-------- C:\rsit
2009-01-11 13:18 . 2009-01-11 13:18 <REP> d-------- c:\program files\trend micro
2009-01-11 10:12 . 2009-01-11 12:39 <REP> d-------- c:\program files\FindyKill
2009-01-10 18:55 . 2009-01-10 18:55 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-01-10 17:41 . 2008-12-22 09:29 81,920 --a------ c:\windows\mstsc.exe
2009-01-09 10:50 . 2009-01-09 10:50 <REP> d-------- c:\program files\Kate's Video Converter
2009-01-09 10:50 . 2009-01-09 10:50 <REP> d-------- c:\program files\Fichiers communs\wsm
2009-01-06 11:07 . 2009-01-06 11:07 <REP> d-------- c:\documents and settings\All Users\Application Data\MemeoCommon
2009-01-06 11:06 . 2009-01-06 11:06 <REP> d-------- c:\documents and settings\HAMON\Application Data\Memeo
2009-01-06 11:05 . 2009-01-06 11:05 <REP> d-------- c:\program files\Fichiers communs\eSellerate
2009-01-03 15:12 . 2002-12-17 16:23 33,340 --------- c:\windows\system32\dbmsqlgc.dll
2009-01-03 15:12 . 2002-10-20 14:05 24,576 --------- c:\windows\system32\dbmsgnet.dll
2009-01-03 15:10 . 2009-01-03 15:10 <REP> d-------- c:\documents and settings\HAMON\Application Data\Sony
2009-01-03 15:08 . 2009-01-04 11:51 <REP> d-------- c:\program files\Sony
2009-01-03 15:07 . 2009-01-03 15:07 <REP> d-------- c:\program files\Sony Setup
2009-01-03 14:31 . 2008-04-13 20:46 49,024 --a------ c:\windows\system32\drivers\mstape.sys
2009-01-03 14:31 . 2008-04-13 20:46 49,024 --a--c--- c:\windows\system32\dllcache\mstape.sys
2009-01-03 14:31 . 2008-04-13 20:46 13,696 --a------ c:\windows\system32\drivers\avcstrm.sys
2009-01-03 14:31 . 2008-04-13 20:46 13,696 --a--c--- c:\windows\system32\dllcache\avcstrm.sys
2009-01-01 18:52 . 2009-01-01 18:52 <REP> d-------- c:\program files\ToniArts
2008-12-22 14:34 . 2008-12-24 16:28 <REP> d-------- c:\documents and settings\HAMON\Application Data\LimeWire
2008-12-22 14:33 . 2009-01-04 11:36 <REP> d-------- c:\program files\LimeWire
2008-12-21 14:43 . 2008-12-21 14:43 <REP> d-------- c:\program files\Xara
2008-12-17 08:50 . 2008-12-17 09:23 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-17 08:49 . 2008-12-17 09:12 <REP> d-------- C:\Fraps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 08:58 --------- d-----w c:\program files\Google
2009-01-10 11:48 --------- d-----w c:\program files\eMule
2009-01-06 10:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 10:05 --------- d-----w c:\program files\Memeo
2009-01-06 09:33 --------- d-----w c:\documents and settings\HAMON\Application Data\VSO
2009-01-04 10:36 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-03 14:10 --------- d-----w c:\program files\Microsoft SQL Server
2008-12-22 09:31 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-12-21 13:43 --------- d-----w c:\program files\Common Files
2008-12-12 05:15 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-09 18:40 --------- d-----w c:\program files\Media Player Classic
2008-12-09 18:40 --------- d-----w c:\program files\Intel Audio Studio
2008-12-09 18:40 --------- d-----w c:\program files\Avanquest update
2008-12-09 18:40 --------- d-----w c:\program files\AdorageI-SAL
2008-12-07 11:29 --------- d-----w c:\program files\Java
2008-11-28 16:08 --------- d-----w c:\documents and settings\HAMON\Application Data\dvdcss
2008-11-27 15:55 --------- d-----w c:\program files\VSO
2008-11-17 16:58 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-11 08:19 --------- d-----w c:\program files\NOS
2008-11-11 08:19 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-01-05 18:03 36,868 ----a-w c:\program files\uninst-Particular.exe
2007-10-10 13:52 10,147,620 ----a-w c:\program files\QuicktracksInstaller3027.exe
2007-08-21 16:00 92,064 -c--a-w c:\documents and settings\HAMON\mqdmmdm.sys
2007-08-21 16:00 9,232 -c--a-w c:\documents and settings\HAMON\mqdmmdfl.sys
2007-08-21 16:00 79,328 -c--a-w c:\documents and settings\HAMON\mqdmserd.sys
2007-08-21 16:00 66,656 -c--a-w c:\documents and settings\HAMON\mqdmbus.sys
2007-08-21 16:00 6,208 -c--a-w c:\documents and settings\HAMON\mqdmcmnt.sys
2007-08-21 16:00 5,936 -c--a-w c:\documents and settings\HAMON\mqdmwhnt.sys
2007-08-21 16:00 4,048 -c--a-w c:\documents and settings\HAMON\mqdmcr.sys
2007-08-21 16:00 25,600 -c--a-w c:\documents and settings\HAMON\usbsermptxp.sys
2007-08-21 16:00 22,768 -c--a-w c:\documents and settings\HAMON\usbsermpt.sys
2002-07-26 15:02 153,088 ----a-w c:\program files\UNWISE.EXE
2008-09-19 03:57 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008091920080920\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\mstsc.exe -- Unable to find Resource table header.
MD5: 57a0cf8b7b765e9309f8af266badc4ff

((((((((((((((((((((((((((((( snapshot@2009-01-11_14.33.35,14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-11 14:09:05 16,384 ----atw c:\windows\temp\Perflib_Perfdata_4ac.dat
+ 2009-01-11 14:09:17 16,384 ----atw c:\windows\temp\Perflib_Perfdata_66c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-09-21 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-21 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-21 8466432]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-08-02 9134080]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"WD Button Manager"="WDBtnMgr.exe" [2008-05-23 c:\windows\system32\WDBtnMgr.exe]
"nwiz"="nwiz.exe" [2007-07-21 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2004-05-28 53248]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
Memeo AutoBackup Launcher.lnk - c:\windows\Installer\{17FE46DF-24DC-4888-BA8B-1C918A2E79ED}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2009-01-06 73728]
WD Backup Monitor.lnk - c:\program files\My Book\WD Backup\uBBMonitor.exe [2008-05-23 98304]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=
"c:\\Program Files\\Adobe\\Adobe Premiere Pro CS3\\Adobe Premiere Pro.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 OxFWLF;OxFWLF;c:\windows\system32\drivers\OxFWLF.sys [2008-05-14 12616]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_X32.sys [2008-05-14 17664]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2008-04-17 25824]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be7f58ff-48c3-11dd-8272-00173f8c80f6}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cac9364f-6a6c-11dc-8204-00173f8c80f6}]
\Shell\AutoRun\command - j:\jdlightning\Windows\JDLightning.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-10 c:\windows\Tasks\User_Feed_Synchronization-{C3113414-58F4-4923-A531-375B3E2F0CBC}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.e-mageconcept.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: www.cic.fr
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 15:11:20
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,1d,f0,4c,ec,42,
92,54,33,e2,63,26,f1,3f,c8,ff,68,49,a2,a1,51,a3,11,09,4f,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,4b,aa,e1,72,cb,
86,3c,85,6a,9c,d6,61,af,45,84,18,98,32,35,99,0c,fe,c3,e7,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,af,3a,79,97,fa,
14,08,8c,ff,7c,85,e0,43,d4,0e,fe,e5,47,8a,92,48,aa,82,39,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,c7,06,4e,7e,23,
ab,91,1e,86,8c,21,01,be,91,eb,e7,b9,68,79,00,2f,3b,67,62,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,78,33,20,1c,14,
63,36,24,f5,1d,4d,73,a8,13,5c,05,23,80,13,b6,09,4f,d2,d7,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,25,ec,4c,d7,a6,
92,08,86,df,20,58,62,78,6b,cf,c8,3c,c3,ed,f9,1f,66,35,e3,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,19,9b,cc,88,f6,
0a,16,4e,fb,a7,78,e6,12,2f,9a,ea,ca,45,74,ea,b0,1c,66,21,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:fd,a3,96,b1,28,33,97,25,13,57,c7,2d,51,6c,ee,f2,a1,52,c5,d8,a8,
be,30,b6,07,ab,b1,2b,ea,1e,b6,ab,cf,9d,dd,d6,48,a7,9f,1e,fa,c3,5d,1e,b0,9f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,7e,fe,7d,82,41,
57,c5,2c,01,3a,48,fc,e8,04,4a,f1,5d,b2,ec,44,ba,fc,6f,a4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,08,05,ca,92,54,
d4,11,8d,f6,0f,4e,58,98,5b,89,c9,cd,8b,aa,58,02,c1,82,73,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,f6,ad,b0,aa,b8,
95,06,1e,3d,ce,ea,26,2d,45,aa,78,af,ad,51,a7,f9,a8,91,b5,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,09,07,da,55,30,
5f,c2,80,2a,b7,cc,b5,b9,7f,41,e7,7d,78,9e,54,e7,59,aa,e4,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,1e,28,4a,b0,0b,
61,62,7e,6c,43,2d,1e,aa,22,2f,9c,ad,a6,e5,32,7c,85,a9,2d,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:fd,a3,96,b1,28,33,97,25,13,57,c7,2d,51,6c,ee,f2,a1,52,c5,d8,a8,
be,30,b6,07,ab,b1,2b,ea,1e,b6,ab,cf,9d,dd,d6,48,a7,9f,1e,fa,c3,5d,1e,b0,9f,\
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hp\Digital Imaging\bin\hpqgalry.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\msiexec.exe
c:\program files\Memeo\AutoBackup\MemeoBackup.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Heure de fin: 2009-01-11 15:16:42 - La machine a redémarré [HAMON]
ComboFix-quarantined-files.txt 2009-01-11 14:16:39
ComboFix2.txt 2009-01-11 13:34:44

Avant-CF: 76 302 487 552 octets libres
Après-CF: 76,279,713,792 octets libres

280 --- E O F --- 2008-12-18 09:02:18
0
Réponse 9 / 33
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
"Encore d'autres manips ??"
---> Et oui.

---> Fais analyser ce fichier : c:\windows\mstsc.exe

---> Sur VirusTotal et poste le lien de l'analyse :
https://www.virustotal.com/gui/
0
Réponse 10 / 33
morbih44 Messages postés 17 Statut Membre
 
Quand tu me dis "Fais analyser ce fichier : c:\windows\mstsc.exe"
Il faut comprendre via la même manip que tout à l'heure (en copiant/collant le fichier sur l'icône combofix.exe) ?
0
Réponse 11 / 33
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Non.

Il faut que tu ailles sur ce site : https://www.virustotal.com/gui/

Tu cliques sur Parcourir et tu choisis ce fichier : c:\windows\mstsc.exe

Clique sur Envoyer, patiente et poste le lien de l'analyse.
0
Réponse 12 / 33
morbih44 Messages postés 17 Statut Membre
 
Désolé, des fois je suis un peu lourd...

voici le lien :
http://www.virustotal.com/fr/analisis/307725c266e0a6f52e65c439fff2cd37
0
Réponse 13 / 33
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
Pas de soucis.

--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau.

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Choisis l'option 1 (Nettoyage).

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
0
Réponse 14 / 33
morbih44 Messages postés 17 Statut Membre
 
Voila le rapport :
Qu'est-ce qu'on fait docteur ?

-------------- UsbFix V2.414 ---------------

* User : HAMON - HAMON-C259627D4
* Outils mis a jours le 09/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 15:57:59 le 11/01/2009
* Windows Xp - Internet Explorer 7.0.5730.11

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur de CD-ROM

E: - Lecteur de CD-ROM

J: - Lecteur fixe

+- Contenu de l'autorun : E:\autorun.inf

[autorun]
open=autorun.exe
icon=autorun.exe

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

+- Listing des fichiers présents :

[20/04/2007 13:12][--ahs----] C:\AUTOEXEC.BAT
[02/03/2006 13:00][-rahs----] C:\NTDETECT.COM
[11/01/2009 14:31][-rahs----] C:\boot.ini
[30/04/2007 10:39][--a------] C:\adorage-protocol.txt
[30/04/2007 10:39][--a------] C:\ASLog.txt
[30/04/2007 10:39][--a------] C:\ComboFix.txt
[30/04/2007 10:39][--a------] C:\DBS.TXT
[30/04/2007 10:39][--a------] C:\FindyKill.txt
[30/04/2007 10:39][--a------] C:\UsbFix.txt
[30/04/2007 10:39][--a------] C:\_Sid.txt
[20/04/2007 13:12][--ahs----] C:\CONFIG.SYS
[20/04/2007 13:12][--ahs----] C:\IO.SYS
[20/04/2007 13:12][--ahs----] C:\MSDOS.SYS
[20/04/2007 13:12][--ahs----] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur de CD-ROM

+- Listing des fichiers présents :

--------------- [ Lecteur E ] ----------------

E: - Lecteur de CD-ROM

+- Listing des fichiers présents :

[22/08/2008 06:57][-r-------] E:\autorun.exe
[22/08/2008 06:57][-r-------] E:\setup.exe
[30/05/2008 07:54][-r-------] E:\Autorun.inf

--------------- [ Lecteur J ] ----------------

J: - Lecteur fixe

+- Listing des fichiers présents :

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://e-mageconcept.fr/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
H/PC Connection Agent="C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WD Button Manager=WDBtnMgr.exe
USBToolTip="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
USB2Check=RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
nwiz=nwiz.exe /installquiet
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
IntelAudioStudio="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT
HP Software Update="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
HP Component Manager="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ISUSPM="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
PinnacleDriverCheck=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
Acrobat Assistant 8.0="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
DWQueuedReporting="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be7f58ff-48c3-11dd-8272-00173f8c80f6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cac9364f-6a6c-11dc-8204-00173f8c80f6}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Echec de la supression !! - [22/08/2008 06:57] E:\autorun.exe
Echec de la supression !! - [31/08/2008 04:04] E:\Setup.exe
Echec de la supression !! - [30/05/2008 07:54] E:\autorun.inf
Echec de la supression !! - [30/05/2008 07:54] E:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[20/04/2007 13:12][--ahs----] C:\AUTOEXEC.BAT
[02/03/2006 13:00][-rahs----] C:\NTDETECT.COM
[11/01/2009 14:31][-rahs----] C:\boot.ini
[22/08/2008 06:57][-r-------] E:\autorun.exe
[22/08/2008 06:57][-r-------] E:\setup.exe
[30/05/2008 07:54][-r-------] E:\Autorun.inf

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
J:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------
0
Réponse 15 / 33
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Désinstalle UsbFix.

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
Réponse 16 / 33
morbih44 Messages postés 17 Statut Membre
 
A priori, MBAM n'a rien trouvé.
Est-ce que ce serait bon signe ?

Je poste quand même le rapport :
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1643
Windows 5.1.2600 Service Pack 3

11/01/2009 16:40:07
mbam-log-2009-01-11 (16-40-07).txt

Type de recherche: Examen rapide
Eléments examinés: 58596
Temps écoulé: 3 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
morbih44 Messages postés 17 Statut Membre
 
Salut Destrio5,

Pas de confirmation de ta part que tout était maintenant OK mais ça semble bien être le cas.
Si ça ne l'était pas, merci de me prévenir...En tous cas, merci beaucoup pour ton aide et ta patience.

A bientôt
0
Réponse 17 / 33
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
c:\windows\mstsc.exe

:commands
[purity]
[emptytemp]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 18 / 33
morbih44
 
Salut Destrio5,

Ci-dessous le rapport OTMoveIt3 :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\mstsc.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HAMON\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HAMON\LOCALS~1\Temp\tmp2D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HAMON\LOCALS~1\Temp\tmp39.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HAMON\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HAMON\LOCALS~1\Temp\~DF555F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_54c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_8e8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01122009_204405
0
Réponse 19 / 33
Destrio5 Messages postés 99820 Statut Modérateur 10 305
 
1/

---> Désinstalle les programmes suivants :
- Java(TM) 6 Update 2
- Java(TM) 6 Update 3
- Java(TM) 6 Update 5
- Java(TM) 6 Update 7
- Java(TM) SE Runtime Environment 6 Update 1
- FindyKill
- UsbFix

---> Menu Démarrer > Exécuter > Tape combofix /u et valide.

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2/

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 20 / 33
morbih44 Messages postés 17 Statut Membre
 
Salut Destrio5,

Des obligations professionnelles m'ont élmoigné de mon ordi...
J'ai donc suivi tes dernières instructions.

Voic le rapport de Toolscleaner :

[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Combofix: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\HAMON\Bureau\OTMoveIt3.exe: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\HAMON\Bureau\OTMoveIt3.exe: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Combofix: supprimé !
C:\Rsit: supprimé !
C:\Program Files\UsbFix: supprimé !
C:\Program Files\FindyKill: supprimé !

Le fichioer log.txt suite au lancement de RSIT :

Logfile of random's system information tool 1.05 (written by random/random)
Run by HAMON at 2009-01-17 14:13:08
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 74 GB (24%) free of 305 GB
Total RAM: 3326 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:20, on 17/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\HAMON\Bureau\RSIT.exe
C:\Program Files\trend micro\HAMON.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://e-mageconcept.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

Et le fichier info.txt généré par RSIT :

info.txt logfile of random's system information tool 1.05 2009-01-17 14:13:22

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /X{57922B53-02D4-4DFC-AC24-A3519DC1F49A}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Production Premium-->C:\Program Files\Fichiers communs\Adobe\Installers\aefc483f26b23ab60cc5653016d5017\Setup.exe
Adobe Acrobat 8.1.3 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3 Template Projects & Footage-->MsiExec.exe /I{73E81E9B-7319-43AD-B7CC-1C61405E5089}
Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Fichiers communs\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Creative Suite 3 Production Premium-->MsiExec.exe /I{40F2BCF4-4EED-4AD4-BFB6-A58946C561A1}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3 Library-->MsiExec.exe /I{F1D93F5B-881F-49E3-BA56-B4B8FA991059}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Fichiers communs\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Glyphlet Creation Tool CS3-->MsiExec.exe /I{243DA072-8E39-424A-86A3-F63152021383}
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{6E08CE13-C2AB-4749-9335-5900B958929E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup-->MsiExec.exe /I{BA67E3E1-25EE-4481-857D-D3CA99DA71C8}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3 Scores-->MsiExec.exe /I{92A300C0-E97B-48CC-9702-AB1AAED167E1}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASUS Enhanced Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x40c -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AXIS Media Control SDK-->C:\PROGRA~1\AXISCO~1\AXISME~1\UNWISE.EXE C:\PROGRA~1\AXISCO~1\AXISME~1\INSTALL.LOG
AXIS Media Control-->rundll32 "C:\Program Files\Axis Communications\AXIS Media Control\AxisMediaControl.dll",UninstallMe
Barre de confiance CM-CIC-->"C:\Program Files\BarreConfCMCIC\Setup.exe" -u
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
EA SPORTS online 2008-->C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
FIFA 08-->MsiExec.exe /X{0A2A5039-B37F-489D-B1DC-A5258DF9E697}
FileZilla Client 3.0.7-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FM Screen Capture Codec (Remove Only)-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\fmcodec.inf
FRANCE PROSPECT-->MsiExec.exe /I{77C779EF-43B2-42E0-B2E4-0B1FAB5F0CC2}
Fraps-->"C:\Fraps\uninstall.exe"
G-Force-->C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
Google Earth-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hollywood FX 5.5 Additional Effects-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\unextralog
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Driver Diagnostics-->MsiExec.exe /X{6314D540-E3C1-4F30-AEEB-4154C93375C3}
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
Intel Audio Studio 2.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe" -l0x40c
Intel(R) Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel(R) PRO Network Connections-->MsiExec.exe /I{9628389F-8CDE-4D3E-9E06-27CC780E0A6E}
Intel(R) Viiv(TM) Technology Test Utility-->MsiExec.exe /X{6F56DE0C-39D6-4178-9654-E27E11A2518B}
InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x040c
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kaspersky On-line Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kate's Video Converter-->"C:\Program Files\Kate's Video Converter\unins000.exe"
Kit Raptor 2GK FIFA 08 Version 1.5-->C:\Program Files\EA SPORTS\FIFA 08\uninstall-kitraptor.exe
K-Lite Codec Pack 2.89 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
Memeo AutoBackup-->C:\Program Files\InstallShield Installation Information\{17FE46DF-24DC-4888-BA8B-1C918A2E79ED}\setup.exe -runfromtemp -l0x0409
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A4040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft SQL Server Native Client-->MsiExec.exe /I{9C7E944F-4502-40B8-A0AB-66B2FA9EE829}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\Setup.exe /uninstall ExtraUninstallID=""
Next Generation Visualisations-->MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
PDF Settings-->MsiExec.exe /I{DC017035-1939-425F-8F86-63B462C76C6A}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Pinnacle Hollywood FX for Studio
-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\5.5\uninstal.log
PIXELRULER-->C:\WINDOWS\system32\mioengine.exe "C:\Program Files\Mioplanet\PixelRuler\__maintenance.mio" "(>MAINTENANCE)"
Plug-in ma messagerie vocale Orange-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACBD0110-F243-11D4-BCEE-00104B1CB360}\Setup.exe" -l0x40c --AddRemove
Plugins Galaxy-->C:\WINDOWS\uninst.exe -f"c:\program files\adobe\adobe premiere pro cs3\plug-ins\DeIsL1.isu" -c"c:\program files\adobe\adobe premiere pro cs3\plug-ins\_ISREG32.DLL"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
proDAD Vitascene 1.0-->"C:\Program Files\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Ressources Windows Mobile-->C:\Program Files\Ressources Windows Mobile\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\Setup.exe" -l0x40c -remove -removeonly
SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Studio 9 Content CD/DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B67624DE-75CE-4FAD-9F29-5C115773CE61}\Setup.exe" -l0x40c UNINSTALL
Studio 9-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E491AB7-4589-48CA-9CBB-874CB2788391}\Setup.exe" -l0x40c UNINSTALL
TeleScreen-32 Pro 5.8.1-->MsiExec.exe /I{7C87BD0C-A683-4983-884D-A152FA2680BE}
Trapcode Shine Premiere Pro-->C:\WINDOWS\unvise32.exe C:\Program Files\Adobe\Common\Plug-ins\CS3\MediaCore\tcshineppro.log
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
ViaMichelin Navigation X-930-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47FF921C-E834-47A6-8CE4-F0A99CDE347F}\setup.exe" -l0x40c
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual DJ Home Edition - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VSO Image Resizer 2.1.3.5-->"C:\Program Files\VSO\Image Resizer\unins000.exe"
WD Backup-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A351224F-533A-4EED-89F4-0BF3417FD31D}\setup.exe" -l0x40c
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Firewire HID Driver-->MsiExec.exe /X{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}
WhiteCap-->C:\Program Files\SoundSpectrum\WhiteCap\Uninstall.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Desktop Search 3.01-->"C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xara3D6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3783869-5D14-4838-A042-910DF816D070}\setup.exe" -l0x9
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: Avira AntiVir PersonalEdition Classic

System event log

Computer Name: HAMON-C259627D4
Event Code: 7036
Message: Le service avast! Mail Scanner est entré dans l'état : en cours d'exécution.

Record Number: 40036
Source Name: Service Control Manager
Time Written: 20081217074823.000000+060
Event Type: Informations
User:

Computer Name: HAMON-C259627D4
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Mail Scanner.

Record Number: 40035
Source Name: Service Control Manager
Time Written: 20081217074822.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: HAMON-C259627D4
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

Record Number: 40034
Source Name: Service Control Manager
Time Written: 20081217074822.000000+060
Event Type: Informations
User:

Computer Name: HAMON-C259627D4
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

Record Number: 40033
Source Name: Service Control Manager
Time Written: 20081217074821.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: HAMON-C259627D4
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{ACE1EF08-55E3-49CF-B1CD-870CC4D9AB68} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 40032
Source Name: Tcpip
Time Written: 20081217074738.000000+060
Event Type: Informations
User:

Application event log

Computer Name: HAMON-C259627D4
Event Code: 32
Message: Le magasin C:\Documents and Settings\HAMON\Local Settings\Application Data\Microsoft\Outlook\e-mage concept.pst a détecté un point de contrôle.

Record Number: 22072
Source Name: Outlook
Time Written: 20081203201528.000000+060
Event Type: Informations
User:

Computer Name: HAMON-C259627D4
Event Code: 32
Message: Le magasin C:\Documents and Settings\HAMON\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst a détecté un point de contrôle.

Record Number: 22071
Source Name: Outlook
Time Written: 20081203201507.000000+060
Event Type: Informations
User:

Computer Name: HAMON-C259627D4
Event Code: 32
Message: Le magasin C:\Documents and Settings\HAMON\Local Settings\Application Data\Microsoft\Outlook\Perso.pst a détecté un point de contrôle.

Record Number: 22070
Source Name: Outlook
Time Written: 20081203201507.000000+060
Event Type: Informations
User:

Computer Name: HAMON-C259627D4
Event Code: 1000
Message: Application défaillante photoshop.exe, version 10.0.1.0, module défaillant unknown, version 0.0.0.0, adresse de défaillance 0x0721049c.

Record Number: 22069
Source Name: Application Error
Time Written: 20081203120157.000000+060
Event Type: erreur
User:

Computer Name: HAMON-C259627D4
Event Code: 11728
Message: Product: ProductContext -- La configuration s'est terminée correctement.

Record Number: 22068
Source Name: MsiInstaller
Time Written: 20081203094907.000000+060
Event Type: Informations
User: HAMON-C259627D4\HAMON

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Que faut-il faire maintenant ?
0

Discussions similaires

infection
gladiator1952 -
gladiator1952 -

6 réponses
aider moi infection par torjan dowlaoder.JKSI
RABIA -
archet9 -

1 réponse
Infection pc
Nanie24 -
Nanie24 -

22 réponses
[pnkbstra]infection
swazolie -
billou631 -

9 réponses
infection virus
Utilisateur anonyme -
Utilisateur anonyme -

3 réponses