Virus qui m'enpêche d'installer

Deriok -  
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,

J'ai beaucoup de problèmes a me débarasser d'un virus coriace. Il bloque tous les sites internet d'antivirus et bloque meme l'installation de quelque uns de ceux ci quand je réussi finallement a les télécharger. J'ai essayé de télécharger Combofix, smitfraudfix et malwarebytes mais sans succès quand je click sur l'icone rien ne se passe.

Quelqu'un peux m'aider?
A voir également:

27 réponses

  • 1
  • 2
Réponse 1 / 27
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Salut à vous deux,

Je me permets de te demander de faire la procédure suivante :

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) en prenant soin de le renommer en KillTibs avant de l'enregistrer sur le Bureau.
--> Double-clique sur KillTibs.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
2
Réponse 2 / 27
Utilisateur anonyme
 
Salut,

FindyKill de Chiquitine29

▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .

( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

▶ Laisse toi guider pour l'installer.

▶ Double clic sur " FindyKill." pour lancer l'outil .

▶ Choisis La langue:F pour français

▶ Choisis l'option 1 . Puis laisses travailler ...

▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

Les-risques-securitaires-du-peer-to-peer

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 3 / 27
Deriok
 
Salut V-X, Merci de ton aide ca fonctionnes. Voici le rapport.



----------------- FindyKill V4.712 ------------------

* User : Simon - HUTT
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 14/01/09 par Chiquitine29
* Recherche effectuée à 18:26:46 le Wed 01/14/2009
* Windows XP - Internet Explorer 7.0.5730.13

((((((((((((((((( *** Recherche *** ))))))))))))))))))


--------------- [ Processus actifs ] ----------------


C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\Explorer.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\windows\system32\drwtsn32.exe
C:\windows\system32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------


»»»» Presence des fichiers dans C:


»»»» Presence des fichiers dans C:\windows


»»»» Presence des fichiers dans C:\windows\Prefetch

Found ! - C:\windows\Prefetch\FLEXNET_PATCH_Q113020.EXE-26AE90E2.pf

»»»» Presence des fichiers dans C:\windows\system32


»»»» Presence des fichiers dans C:\windows\system32\drivers


»»»» Presence des fichiers dans C:\Documents and Settings\Simon.HUTT\Application Data


»»»» Presence des fichiers dans C:\DOCUME~1\SIMON~1.HUT\LOCALS~1\Temp


--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ctfmon.exe=C:\windows\system32\ctfmon.exe
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
BitTorrent DNA="C:\Program Files\DNA\btdna.exe"
SVCHOST.EXE=C:\windows\system32\drivers\svchost.exe
ISUSPM="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NvCplDaemon=RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
RTHDCPL=RTHDCPL.EXE
SkyTel=SkyTel.EXE
Alcmtr=ALCMTR.EXE
AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
Sony Ericsson PC Suite="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
wclock="C:\Documents and Settings\Simon.HUTT\Application Data\Google\yfijv17721328.exe" 2
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
BlackBerryAutoUpdate=C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
<NO NAME>=
RoxWatchTray="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=


--------------- [ Registre / Clés infectieuses ] ----------------


Found ! - HKEY_USERS\S-1-5-21-527237240-492894223-725345543-1004\Software\Ubisoft


--------------- [ Etat / Services ] ----------------



+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 3

Ip6Fw - Type de démarrage = 3

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2


--------------- [ Recherche dans supports amovibles] ----------------


+- Informations :

C: - Lecteur fixe

D: - Lecteur de CD-ROM


+- presence des fichiers :



--------------- [ Registre / Mountpoint2 ] ----------------


-> Not found !


------------------- ! Fin du rapport ! --------------------
0
Réponse 4 / 27
Utilisateur anonyme
 
Re,

Findykill de chiquitine29 option 2:

▶ Branche tes disques amovibles à ton PC ( (clefs USB, disque dur externe, etc...) sans les ouvrir

▶ Double-clique sur le raccourci FindyKill sur ton bureau

▶ Au menu principal, choisisl'option 2 (Suppression)

/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

▶ Ensuite, poste le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Deriok
 
J'ai quelques problèmes a poster mon rapport, rien n'apparait... j'essaie a nouveau.



----------------- FindyKill V4.712 ------------------

* User : Simon - HUTT
* executed from : C:\Program Files\FindyKill
* Update on 14/01/09 par Chiquitine29
* Start at 18:41:36 the Wed 01/14/2009
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\logonui.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\windows\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\windows


»»»» Supression files in C:\windows\Prefetch

Deleted ! - C:\windows\prefetch\FLEXNET_PATCH_Q113020.EXE-26AE90E2.pf

»»»» Supression files in C:\windows\system32


»»»» Supression files in C:\windows\system32\drivers


»»»» Supression files in C:\Documents and Settings\Simon.HUTT\Application Data


»»»» Supression files in C:\DOCUME~1\SIMON~1.HUT\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\Simon.HUTT\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_USERS\S-1-5-21-527237240-492894223-725345543-1004\Software\Ubisoft

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur de CD-ROM


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\Simon.HUTT\Application Data\BitTorrent\(PC Game) WarCraft III - Reign of Chaos - (Plus Serial & Crack).rar.torrent
C:\Documents and Settings\Simon.HUTT\Application Data\BitTorrent\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe.torrent
C:\Documents and Settings\Simon.HUTT\Application Data\BitTorrent\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK.torrent
C:\Documents and Settings\Simon.HUTT\Application Data\BitTorrent\GTA 4 - Crack Activation (Bugs Fix) - SGF.torrent
C:\Documents and Settings\Simon.HUTT\Application Data\BitTorrent\Heroes.of.Might.and.Magic.V WITH NoDVD Crack.torrent
C:\Documents and Settings\Simon.HUTT\Application Data\BitTorrent\MagicISO Maker 5.4 Build 248.with.working.Keygen.torrent
C:\Documents and Settings\Simon.HUTT\Bureau\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe [mininova].torrent
C:\Documents and Settings\Simon.HUTT\Bureau\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK [mininova].torrent
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GTA 4 - Crack Activation (Bugs Fix) - SGF
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\MagicISO Maker 5.4 Build 248.with.working.Keygen
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe\wurstsuppe-gta4crack.nfo
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe\wurstsuppe-gta4crack.rar
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe\wurstsuppe-gta4crack.sfv
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK\GTA.4.REAL.PROPER.Crack.ONLY-FCUKTHESCENE
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK\GTA.4.REAL.PROPER.Crack.ONLY-FCUKTHESCENE\fts-gta4crackrealproper.nfo
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK\GTA.4.REAL.PROPER.Crack.ONLY-FCUKTHESCENE\fts-gta4crack_realproper.rar
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK\GTA.4.REAL.PROPER.Crack.ONLY-FCUKTHESCENE\fts-gta4crack_realproper.sfv
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK\GTA.4.REAL.PROPER.Crack.ONLY-FCUKTHESCENE\Gratis Godis h„r.URL
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GTA 4 - Crack Activation (Bugs Fix) - SGF\GTA 4 - Crack Activation (Bugs Fix) - SGF.rar
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\MagicISO Maker 5.4 Build 248.with.working.Keygen\sdata.cab
C:\Documents and Settings\Simon.HUTT\Mes documents\Incomplete\T-126-Serials Et Cle Activation Crack Windows Xp Fr Pro Et Familiale Sp2 (Check & Rebulid 10.04.2005) Rar Infected.txt
C:\Documents and Settings\Simon.HUTT\Mes documents\Incomplete\T-5108999-Serials Et Cle Activation Crack Windows Xp Fr Pro Et Familiale SP2 updated-fixed 04-2006.(Ghost168 Wga Patch).rar
C:\Documents and Settings\Simon.HUTT\Mes documents\Incomplete\T3RM4T24FMR3KRIM5R73QYLPCZGVP4RU\.datHeroes.of.Might.and.Magic.V WITH NoDVD Crack
C:\Documents and Settings\Simon.HUTT\Mes documents\Incomplete\T3RM4T24FMR3KRIM5R73QYLPCZGVP4RU\Heroes.of.Might.and.Magic.V WITH NoDVD Crack
C:\Documents and Settings\Simon.HUTT\Mes documents\Incomplete\T3RM4T24FMR3KRIM5R73QYLPCZGVP4RU\Heroes.of.Might.and.Magic.V WITH NoDVD Crack\Heroes.of.Might.and.Magic.V.daa
C:\Documents and Settings\Simon.HUTT\Mes documents\Incomplete\T3RM4T24FMR3KRIM5R73QYLPCZGVP4RU\Heroes.of.Might.and.Magic.V WITH NoDVD Crack\Heroes.of.Might.and.Magic.V.txt
C:\Documents and Settings\Simon.HUTT\Mes documents\Incomplete\T3RM4T24FMR3KRIM5R73QYLPCZGVP4RU\Heroes.of.Might.and.Magic.V WITH NoDVD Crack\MANUAL.daa
C:\Documents and Settings\Simon.HUTT\Mes documents\Shared\Battle Net Bnet Blizzard Warcraft III Starcraft Diablo 2 Cd Key Keygen ONLINE (PVPGN).txt
C:\Documents and Settings\Simon.HUTT\Mes documents\Shared\Fraps v2.6.0 (cracked).zip
C:\Documents and Settings\Simon.HUTT\Mes documents\Shared\Nero 7.0.1.2 Ultra Edition with Keygen - English.zip
C:\Documents and Settings\Simon.HUTT\Mes documents\Shared\Ots Turntables Pro Crack 2.zip
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\DRIVER.CAB
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\hdaudres.dl_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HDWWIZ.CP_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HEADSP~1.WM_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HEART.WM_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HEIDELB.JP_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HEIDELBM.JP_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HELP.EX_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HELPCTR.EX_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HELPHOST.EX_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HELPSVC.EX_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HIVEUSD.INF
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HLINK.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HMMAPI.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HMOVE.CU_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HNDSHAKE.HT_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HNESW.CU_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HNETCFG.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\LANG
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NUSRMGRP.CH_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NV3.IN_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NV4.IN_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NV4_DISP.IN_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NVCT.IN_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NVDM.IN_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NVTS.IN_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NWDOCP.CH_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NWLNKFLT.SY_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NWLNKFWD.SY_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NWLNKIPX.SY_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NWLNKNB.SY_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NWLNKSPX.SY_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NWPROVAU.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\OAKLEY.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\OBEIP.DU_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\OBELOG.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\OBEMETAL.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\PER_SEG5.SW_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\SYSTEM32
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\SYSTRAY.EX_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\SYS_SRV.CH_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\T2EMBED.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TABLE.BM_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TADA.WA_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAHOMA.TT_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAHOMABD.TT_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAOFF.GI_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAOFFH.GI_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAON.GI_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAONH.GI_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAPE.IN_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAPE.SY_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAPI.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAPI.HL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAPI3.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\WIN9XMIG
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\LANG\IMJPNM.DI_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\SYSTEM32\SMSS.EXE
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\WIN9XMIG\MAPI
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\WIN9XMIG\MAPI\803
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\WIN9XMIG\MAPI\EX40SP3
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\WIN9XMIG\MAPI\803\803.CAB
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\WIN9XMIG\MAPI\EX40SP3\40SP3.CAB
C:\Documents and Settings\Simon.HUTT\Recent\Dead_Space_PC_crack.4465283.TPB.torrent.lnk
C:\Documents and Settings\Simon.HUTT\Recent\FALLOUT_3_CRACK-TRiViUM.rar.lnk
C:\Documents and Settings\Simon.HUTT\Recent\fts-gta4crack_realproper.rar.lnk
C:\Documents and Settings\Simon.HUTT\Recent\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe [mininova].torrent.lnk
C:\Documents and Settings\Simon.HUTT\Recent\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe.lnk
C:\Documents and Settings\Simon.HUTT\Recent\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK [mininova].torrent.lnk
C:\Documents and Settings\Simon.HUTT\Recent\GTA.4.REAL.PROPER.Crack.ONLY-FCUKTHESCENE.lnk
C:\Documents and Settings\Simon.HUTT\Recent\USB-SMART-FULLY-CRACKED.lnk
C:\Documents and Settings\Simon.HUTT\Recent\USB-SMART-FULLY-CRACKED.rar.lnk
C:\Documents and Settings\Simon.HUTT\Recent\wurstsuppe-gta4crack.rar.lnk


---------------- ! End of report ! ------------------
0
Deriok
 
----------------- FindyKill V4.712 ------------------

* User : Simon - HUTT
* executed from : C:\Program Files\FindyKill
* Update on 14/01/09 par Chiquitine29
* Start at 18:41:36 the Wed 01/14/2009
* Windows XP - Internet Explorer 7.0.5730.13


((((((((((((((( *** deleting *** ))))))))))))))))))


--------------- [ Active Processes ] ----------------


C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\logonui.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\windows\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------


»»»» Supression files in C:


»»»» Supression files in C:\windows


»»»» Supression files in C:\windows\Prefetch

Deleted ! - C:\windows\prefetch\FLEXNET_PATCH_Q113020.EXE-26AE90E2.pf

»»»» Supression files in C:\windows\system32


»»»» Supression files in C:\windows\system32\drivers


»»»» Supression files in C:\Documents and Settings\Simon.HUTT\Application Data


»»»» Supression files in C:\DOCUME~1\SIMON~1.HUT\LOCALS~1\Temp


»»»» Supression files in C:\Documents and Settings\Simon.HUTT\Local Settings\Temporary Internet Files\Content.IE5


--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_USERS\S-1-5-21-527237240-492894223-725345543-1004\Software\Ubisoft

--------------- [ States / Restarting of services ] ----------------



+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2


--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur de CD-ROM


+- deleting files :


--------------- [ Registry / Mountpoint2 ] ----------------


-> Not found !


--------------- [ Searching Other Infections ] ----------------


--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\Simon.HUTT\Application Data\BitTorrent\(PC Game) WarCraft III - Reign of Chaos - (Plus Serial & Crack).rar.torrent
C:\Documents and Settings\Simon.HUTT\Application Data\BitTorrent\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe.torrent
C:\Documents and Settings\Simon.HUTT\Application Data\BitTorrent\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK.torrent
C:\Documents and Settings\Simon.HUTT\Application Data\BitTorrent\GTA 4 - Crack Activation (Bugs Fix) - SGF.torrent
C:\Documents and Settings\Simon.HUTT\Application Data\BitTorrent\Heroes.of.Might.and.Magic.V WITH NoDVD Crack.torrent
C:\Documents and Settings\Simon.HUTT\Application Data\BitTorrent\MagicISO Maker 5.4 Build 248.with.working.Keygen.torrent
C:\Documents and Settings\Simon.HUTT\Bureau\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe [mininova].torrent
C:\Documents and Settings\Simon.HUTT\Bureau\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK [mininova].torrent
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GTA 4 - Crack Activation (Bugs Fix) - SGF
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\MagicISO Maker 5.4 Build 248.with.working.Keygen
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe\wurstsuppe-gta4crack.nfo
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe\wurstsuppe-gta4crack.rar
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe\wurstsuppe-gta4crack.sfv
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK\GTA.4.REAL.PROPER.Crack.ONLY-FCUKTHESCENE
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK\GTA.4.REAL.PROPER.Crack.ONLY-FCUKTHESCENE\fts-gta4crackrealproper.nfo
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK\GTA.4.REAL.PROPER.Crack.ONLY-FCUKTHESCENE\fts-gta4crack_realproper.rar
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK\GTA.4.REAL.PROPER.Crack.ONLY-FCUKTHESCENE\fts-gta4crack_realproper.sfv
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK\GTA.4.REAL.PROPER.Crack.ONLY-FCUKTHESCENE\Gratis Godis h„r.URL
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\GTA 4 - Crack Activation (Bugs Fix) - SGF\GTA 4 - Crack Activation (Bugs Fix) - SGF.rar
C:\Documents and Settings\Simon.HUTT\Mes documents\Downloads\MagicISO Maker 5.4 Build 248.with.working.Keygen\sdata.cab
C:\Documents and Settings\Simon.HUTT\Mes documents\Incomplete\T-126-Serials Et Cle Activation Crack Windows Xp Fr Pro Et Familiale Sp2 (Check & Rebulid 10.04.2005) Rar Infected.txt
C:\Documents and Settings\Simon.HUTT\Mes documents\Incomplete\T-5108999-Serials Et Cle Activation Crack Windows Xp Fr Pro Et Familiale SP2 updated-fixed 04-2006.(Ghost168 Wga Patch).rar
C:\Documents and Settings\Simon.HUTT\Mes documents\Incomplete\T3RM4T24FMR3KRIM5R73QYLPCZGVP4RU\.datHeroes.of.Might.and.Magic.V WITH NoDVD Crack
C:\Documents and Settings\Simon.HUTT\Mes documents\Incomplete\T3RM4T24FMR3KRIM5R73QYLPCZGVP4RU\Heroes.of.Might.and.Magic.V WITH NoDVD Crack
C:\Documents and Settings\Simon.HUTT\Mes documents\Incomplete\T3RM4T24FMR3KRIM5R73QYLPCZGVP4RU\Heroes.of.Might.and.Magic.V WITH NoDVD Crack\Heroes.of.Might.and.Magic.V.daa
C:\Documents and Settings\Simon.HUTT\Mes documents\Incomplete\T3RM4T24FMR3KRIM5R73QYLPCZGVP4RU\Heroes.of.Might.and.Magic.V WITH NoDVD Crack\Heroes.of.Might.and.Magic.V.txt
C:\Documents and Settings\Simon.HUTT\Mes documents\Incomplete\T3RM4T24FMR3KRIM5R73QYLPCZGVP4RU\Heroes.of.Might.and.Magic.V WITH NoDVD Crack\MANUAL.daa
C:\Documents and Settings\Simon.HUTT\Mes documents\Shared\Battle Net Bnet Blizzard Warcraft III Starcraft Diablo 2 Cd Key Keygen ONLINE (PVPGN).txt
C:\Documents and Settings\Simon.HUTT\Mes documents\Shared\Fraps v2.6.0 (cracked).zip
C:\Documents and Settings\Simon.HUTT\Mes documents\Shared\Nero 7.0.1.2 Ultra Edition with Keygen - English.zip
C:\Documents and Settings\Simon.HUTT\Mes documents\Shared\Ots Turntables Pro Crack 2.zip
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\DRIVER.CAB
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\hdaudres.dl_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HDWWIZ.CP_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HEADSP~1.WM_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HEART.WM_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HEIDELB.JP_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HEIDELBM.JP_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HELP.EX_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HELPCTR.EX_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HELPHOST.EX_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HELPSVC.EX_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HIVEUSD.INF
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HLINK.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HMMAPI.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HMOVE.CU_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HNDSHAKE.HT_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HNESW.CU_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\HNETCFG.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\LANG
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NUSRMGRP.CH_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NV3.IN_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NV4.IN_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NV4_DISP.IN_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NVCT.IN_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NVDM.IN_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NVTS.IN_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NWDOCP.CH_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NWLNKFLT.SY_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NWLNKFWD.SY_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NWLNKIPX.SY_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NWLNKNB.SY_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NWLNKSPX.SY_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\NWPROVAU.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\OAKLEY.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\OBEIP.DU_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\OBELOG.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\OBEMETAL.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\PER_SEG5.SW_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\SYSTEM32
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\SYSTRAY.EX_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\SYS_SRV.CH_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\T2EMBED.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TABLE.BM_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TADA.WA_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAHOMA.TT_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAHOMABD.TT_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAOFF.GI_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAOFFH.GI_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAON.GI_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAONH.GI_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAPE.IN_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAPE.SY_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAPI.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAPI.HL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\TAPI3.DL_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\WIN9XMIG
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\LANG\IMJPNM.DI_
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\SYSTEM32\SMSS.EXE
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\WIN9XMIG\MAPI
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\WIN9XMIG\MAPI\803
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\WIN9XMIG\MAPI\EX40SP3
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\WIN9XMIG\MAPI\803\803.CAB
C:\Documents and Settings\Simon.HUTT\Mes documents\Torrent\windoes xp home edition with activation crack[bala224202]\I386\WIN9XMIG\MAPI\EX40SP3\40SP3.CAB
C:\Documents and Settings\Simon.HUTT\Recent\Dead_Space_PC_crack.4465283.TPB.torrent.lnk
C:\Documents and Settings\Simon.HUTT\Recent\FALLOUT_3_CRACK-TRiViUM.rar.lnk
C:\Documents and Settings\Simon.HUTT\Recent\fts-gta4crack_realproper.rar.lnk
C:\Documents and Settings\Simon.HUTT\Recent\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe [mininova].torrent.lnk
C:\Documents and Settings\Simon.HUTT\Recent\Grand.Theft.Auto.4.CrackOnly.Proper-Wurstsuppe.lnk
C:\Documents and Settings\Simon.HUTT\Recent\GRAND_THEFT_AUTO_4_CLONEDVD_READNFO-ePEN15 + PROPER CRACK [mininova].torrent.lnk
C:\Documents and Settings\Simon.HUTT\Recent\GTA.4.REAL.PROPER.Crack.ONLY-FCUKTHESCENE.lnk
C:\Documents and Settings\Simon.HUTT\Recent\USB-SMART-FULLY-CRACKED.lnk
C:\Documents and Settings\Simon.HUTT\Recent\USB-SMART-FULLY-CRACKED.rar.lnk
C:\Documents and Settings\Simon.HUTT\Recent\wurstsuppe-gta4crack.rar.lnk


---------------- ! End of report ! ------------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 27
Deriok
 
Test. Je suis incapable de copier mon rapport. rien n'apparait...
0
Réponse 6 / 27
Utilisateur anonyme
 
Re,

Fait ce qui suit alors:

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
SDFix (créé par AndyManchesta)

ou http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.

ou http://downloads.andymanchesta.com/RemovalTools/SDFix.exe?thread

ou http://sdfix.net/SDFix.exe


--> Double-cliques sur SDFix.exe et choisis "Install" .
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

• Redémarre ton ordinateur

• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).

• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.

• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".

• Choisis ton compte.

• Puis, ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis. pour lancer le script.

• Appuie sur une touche pour commencer le processus de nettoyage.

• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

• Appuie sur une touche pour redémarrer le PC.

• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.


• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau rapport Hijackthis !

•NOTE:Si SDFix ne se lance pas
Clique sur=> Démarrer => Exécuter
Copie/colle ceci :
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

Clique sur Ok.

Redémarre et essaie de relance SDFix.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 7 / 27
Deriok
 
Voici le rapport SDFix:


[b]SDFix: Version 1.240 [/b]
Run by Simon on Wed 01/14/2009 at 07:28 PM

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\windows\system32\TDSSfxmp.dll - Deleted
C:\windows\system32\TDSSosvd.dat - Deleted
C:\windows\system32\TDSStkdv.log - Deleted


Could Not Remove C:\windows\system32\TDSSofxh.dll
Could Not Remove C:\windows\system32\TDSSnrsr.dll
Could Not Remove C:\windows\system32\TDSSriqp.dll
Could Not Remove C:\windows\system32\TDSScfum.dll



Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 19:37:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\windows\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\windows\system32\config\software, 0
disk error: C:\Documents and Settings\Simon.HUTT\ntuser.dat, 0
scanning hidden files ...

disk error: C:\windows\

please note that you need administrator rights to perform deep scan

[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Nortel Networks\\Extranet.exe"="C:\\Program Files\\Nortel Networks\\Extranet.exe:*:Enabled:Contivity VPN Client"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire Demo\\Sins of a Solar Empire.exe"="C:\\Program Files\\Stardock Games\\Sins of a Solar Empire Demo\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire Demo"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"="C:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe:*:Enabled:Dead Space T"
"C:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"="C:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe:*:Enabled:Guitar Hero III"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\system32\\drivers\\svchost.exe"="%windir%\\system32\\drivers\\svchost.exe:*:Enabled:svchost"
"C:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"="C:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe:*:Disabled:Grand Theft Auto IV"
"C:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"="C:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe:*:Disabled:Grand Theft Auto IV"
"C:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"="C:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe:*:Disabled:Rockstar Games Social Club"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\system32\\drivers\\svchost.exe"="%windir%\\system32\\drivers\\svchost.exe:*:Enabled:svchost"

[b]Remaining Files [/b]:

C:\windows\system32\TDSSofxh.dll Found
C:\windows\system32\TDSSnrsr.dll Found
C:\windows\system32\TDSSriqp.dll Found
C:\windows\system32\TDSScfum.dll Found

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Tue 29 Jul 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sun 2 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users.windows\DRM\Cache\Indiv01.tmp"
Sat 9 Feb 2008 8,073 ...HR --- "C:\Documents and Settings\Simon\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sun 11 Jan 2009 5,347 ...HR --- "C:\Documents and Settings\Simon.HUTT\Application Data\SecuROM\UserData\securom_v7_01.bak"
Wed 4 Apr 2001 28,738 A..H. --- "C:\Documents and Settings\Simon.HUTT\Mes documents\Shared\Microsoft Office XP PRO (word, excel, powerpoint, outlook, access, frontpage) SQL Server 2000\MSDE2000\SQLRESLD.DLL"
Mon 12 Jan 2009 2,229 A.SH. --- "C:\Documents and Settings\Simon.HUTT\Application Data\Roxio\Dragon\3.x\DiscInfoCache\SONY_DVD-ROM_DDU1615_GYS4_000_DICV018_DRGV901001B.TMP"

[b]Finished![/b]



Et voici le HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 7:39:15 PM, on 1/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\windows\system32\notepad.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Simon.HUTT\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [wclock] "C:\Documents and Settings\Simon.HUTT\Application Data\Google\yfijv17721328.exe" 2
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - https://www.fileplanet.com/
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
0
Réponse 8 / 27
Utilisateur anonyme
 
Re,

Télécharge Rooter de l'équipe IDN

Sur ton bureau

/!\ Déconnecte toi d'internet et ferme toutes applications en cours /!\

▶ Exécute Rooter et laisse travailler l'outil .

▶ Une fois terminé, poste le rapport obtenu pour analyse

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur ' continue ' à l'écran Disclaimer.

Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 9 / 27
Utilisateur anonyme
 
Re,

Bon vous laisse ensemble alors et sache que je n'apprécie pas du tout ces méthode.
0
Réponse 10 / 27
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
"Could Not Remove C:\windows\system32\TDSSofxh.dll
Could Not Remove C:\windows\system32\TDSSnrsr.dll
Could Not Remove C:\windows\system32\TDSSriqp.dll
Could Not Remove C:\windows\system32\TDSScfum.dll"

---> SDFix n'arrive pas à supprimer le rootkit Tibs et comme je pense que tu n'as pas le droit de faire utiliser ComboFix, je me suis permis de lui demander ;)
0
Réponse 11 / 27
Utilisateur anonyme
 
Re,

J'allais lui faire faire mais !!!!!!!!!!
0
Réponse 12 / 27
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Non, tu lui as demandé Rooter et RSIT alors qu'il a des problèmes pour télécharger. Autant tuer l'infection tout de suite après tu fais ce que tu veux.
0
Réponse 13 / 27
Utilisateur anonyme
 
re,

Rooter pour le tdsss et rsit si il a put télécharger hijackthis !!

Enfin ceci étant dit j'arrête ici.

Bon courage.
0
Réponse 14 / 27
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Rooter permet de faire quoi ?
0
Deriok
 
Bon, je suis désolé du problème que j'ai pu causer! Alors voici le rapport combofix.

ComboFix 09-01-13.04 - Simon 2009-01-14 19:53:30.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1656 [GMT -5:00]
Lancé depuis: c:\documents and settings\Simon.HUTT\Bureau\KillTibs.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated)

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\drivers\TDSSpaxt.sys
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSfxmp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.log

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-15 au 2009-01-15 ))))))))))))))))))))))))))))))))))))
.

2009-01-14 19:26 . 2009-01-14 19:26 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-14 19:20 . 2009-01-14 19:20 <REP> d-------- c:\windows\ERUNT
2009-01-14 19:15 . 2009-01-14 19:37 <REP> d-------- C:\SDFix
2009-01-14 18:04 . 2009-01-14 18:54 <REP> d-------- c:\program files\FindyKill
2009-01-12 18:49 . 2009-01-12 18:49 <REP> d-------- c:\documents and settings\Simon.HUTT\Application Data\Roxio
2009-01-12 18:49 . 2009-01-12 18:49 <REP> d-------- c:\documents and settings\LocalService.AUTORITE NT\Application Data\Roxio
2009-01-12 18:48 . 2009-01-12 18:48 <REP> d-------- c:\documents and settings\Simon.HUTT\Application Data\Research In Motion
2009-01-12 18:48 . 2009-01-12 19:17 256 --a------ c:\windows\system32\pool.bin
2009-01-12 18:37 . 2009-01-12 18:37 <REP> d-------- c:\documents and settings\Simon.HUTT\Application Data\InstallShield
2009-01-12 18:37 . 2009-01-12 18:37 <REP> d-------- c:\documents and settings\All Users.windows\Application Data\Sonic
2009-01-12 18:37 . 2009-01-12 18:37 <REP> d-------- c:\documents and settings\All Users.windows\Application Data\InstallShield
2009-01-12 18:36 . 2009-01-12 18:36 <REP> d-------- c:\program files\Roxio
2009-01-12 18:36 . 2009-01-12 18:36 <REP> d-------- c:\program files\Fichiers communs\Sonic Shared
2009-01-12 18:36 . 2009-01-12 18:36 <REP> d-------- c:\program files\Fichiers communs\Roxio Shared
2009-01-12 18:36 . 2009-01-12 18:37 <REP> d-------- c:\documents and settings\All Users.windows\Application Data\Roxio
2009-01-12 18:33 . 2009-01-12 18:33 <REP> d-------- c:\program files\Research In Motion
2009-01-12 18:33 . 2009-01-12 18:33 <REP> d-------- c:\program files\Fichiers communs\Research In Motion
2009-01-12 18:33 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2009-01-11 20:17 . 2009-01-11 20:17 <REP> d-------- c:\program files\Avira
2009-01-11 20:17 . 2009-01-11 20:17 <REP> d-------- c:\documents and settings\All Users.windows\Application Data\Avira
2009-01-11 20:02 . 2009-01-11 20:02 <REP> d-------- c:\documents and settings\Simon.HUTT\Application Data\AdwareAlert
2009-01-11 19:30 . 2009-01-13 18:14 <REP> d-------- c:\program files\Windows Live Safety Center
2009-01-11 18:48 . 2009-01-11 18:48 <REP> d-------- c:\windows\system32\XPSViewer
2009-01-11 18:48 . 2009-01-11 18:48 <REP> d-------- C:\adceec1d56c034f0aa2201bb76e8
2009-01-11 18:47 . 2009-01-11 18:47 <REP> d-------- c:\program files\MSBuild
2009-01-11 16:01 . 2009-01-11 18:47 <REP> d-------- c:\windows\system32\XPSViewer(2)
2009-01-11 16:01 . 2009-01-11 16:01 <REP> d-------- c:\windows\system32\en-US(2)
2009-01-11 16:01 . 2009-01-11 18:47 <REP> d-------- c:\program files\MSBuild(2)
2009-01-11 15:17 . 2009-01-11 18:48 <REP> d-------- c:\program files\Rockstar Games(2)
2009-01-11 14:53 . 2009-01-11 14:53 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-11 10:05 . 2009-01-11 10:05 <REP> d-------- c:\windows\system32\fr
2009-01-11 10:05 . 2009-01-11 10:05 <REP> d-------- c:\windows\system32\bits
2009-01-11 10:05 . 2009-01-11 10:05 <REP> d-------- c:\windows\l2schemas
2009-01-11 10:04 . 2009-01-11 10:04 <REP> d-------- c:\windows\ServicePackFiles
2009-01-11 10:00 . 2009-01-11 10:00 <REP> d-------- c:\windows\EHome
2009-01-11 09:47 . 2009-01-11 10:22 <REP> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-01-11 09:14 . 2009-01-11 09:14 <REP> d-------- c:\program files\Reference Assemblies
2009-01-11 09:13 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2008-12-28 19:31 . 2009-01-03 19:11 <REP> d-------- c:\program files\mIRC
2008-12-28 19:31 . 2009-01-03 19:46 <REP> d-------- c:\documents and settings\Simon.HUTT\Application Data\mIRC

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 00:49 --------- d-----w c:\documents and settings\Simon.HUTT\Application Data\DNA
2009-01-15 00:37 --------- d-----w c:\program files\DNA
2009-01-12 23:36 --------- d-----w c:\program files\Fichiers communs\InstallShield
2009-01-12 02:17 --------- d-----w c:\program files\DAEMON Tools Pro
2009-01-12 01:22 --------- d-----w c:\program files\MSTpscre
2009-01-12 00:45 --------- d-----w c:\documents and settings\Simon.HUTT\Application Data\LimeWire
2009-01-11 23:48 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 23:46 --------- d-----w c:\documents and settings\Simon.HUTT\Application Data\Apple Computer
2009-01-11 23:30 --------- d-----w c:\documents and settings\Simon.HUTT\Application Data\BitTorrent
2009-01-01 17:30 --------- d-----w c:\program files\Warcraft III
2008-12-23 01:23 --------- d-----w c:\program files\Nortel Networks
2008-12-21 15:26 --------- d-----w c:\program files\Electronic Arts
2008-12-16 22:56 --------- d-----w c:\program files\World of Warcraft
2008-10-28 22:41 14,303,392 ----a-w c:\windows\system32\xlive.dll
2008-10-28 22:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-07-30 22:49 23 ----a-w c:\documents and settings\Simon.HUTT\jagex_runescape_preferences.dat
2008-04-12 18:17 22,328 ----a-w c:\documents and settings\Simon.HUTT\Application Data\PnkBstrK.sys
2008-01-22 01:52 22,328 ----a-w c:\documents and settings\Simon\Application Data\PnkBstrK.sys
2006-06-23 18:48 32,768 ----a-w c:\windows\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-26 342848]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"BlackBerryAutoUpdate"="c:\program files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"RoxWatchTray"="c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-02-19 39424]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2008-03-03 9433]
S3 ntportio;ntportio;\??\c:\documents and settings\Simon.HUTT\Bureau\ntportio.sys --> c:\documents and settings\Simon.HUTT\Bureau\ntportio.sys [?]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2008-10-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2008-10-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2008-10-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2008-10-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2008-10-23 98568]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\drivers\z520bus.sys [2008-10-19 57648]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\drivers\z520mdfl.sys [2008-10-19 8336]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\drivers\z520mdm.sys [2008-10-19 93488]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\drivers\z520mgmt.sys [2008-10-19 84928]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\z520obex.sys [2008-10-19 82864]
S4 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2008-03-03 115680]
.
Contenu du dossier 'Tâches planifiées'

2009-01-12 c:\windows\Tasks\AdwareAlert Scheduled Scan.job
- c:\program files\AdwareAlert\AdwareAlert.exe []

2009-01-12 c:\windows\Tasks\AdwareAlert Scheduled Scan.job
- c:\program files\AdwareAlert []

2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-01-13 c:\windows\Tasks\ComboFix.job
- c:\documents and settings\Simon.HUTT\Bureau\ComboFix.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKLM-Run-wclock - c:\documents and settings\Simon.HUTT\Application Data\Google\yfijv17721328.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDED4D.OSD
FF - ProfilePath - c:\documents and settings\Simon.HUTT\Application Data\Mozilla\Firefox\Profiles\l8bk4n7v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 19:57:10
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-527237240-492894223-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:98,b3,fe,13,4d,6c,1b,93,6e,37,c6,a4,be,68,36,9c,c4,ff,4d,56,db,81,7e,
c3,64,4e,39,ca,c5,fb,ed,8d,00,a1,bf,64,77,45,6f,20,1a,a1,1b,5d,1b,97,81,35,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-527237240-492894223-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:94,a7,23,42,a4,d5,0d,b5,82,01,76,98,19,df,1e,87,fc,f7,82,74,a3,
95,28,5c,d2,d5,30,b7,fa,8a,69,3d,29,af,a3,5f,35,6c,4c,7a,02,44,8d,67,c5,52,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Heure de fin: 2009-01-14 19:58:13
ComboFix-quarantined-files.txt 2009-01-15 00:58:11

Avant-CF: 17,386,258,432 octets libres
Après-CF: 19,132,502,016 octets libres

222 --- E O F --- 2009-01-12 04:27:39
0
Réponse 15 / 27
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Je ne voulais pas vexer V-X mais bon, il reviendra ^^

--> Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) sur ton Bureau.
--> Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée.
--> Un rapport sera généré, poste-le dans ta prochaine réponse.

[*] Process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.

/!\ Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix. /!\
0
Deriok
 
Bon, j'ai fais cela mais a quelques reprises Antivir Guard a détecté des infections durant le scan, c'est normal?

Voici le rapport.

SmitFraudFix v2.391

Rapport fait à 20:10:03.75, Wed 01/14/2009
Executé à partir de C:\Documents and Settings\Simon.HUTT\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\explorer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\Simon.HUTT\Bureau\SmitfraudFix\Policies.exe
C:\windows\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Simon.HUTT


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SIMON~1.HUT\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Simon.HUTT\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SIMON~1.HUT\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\windows\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 24.200.241.37
DNS Server Search Order: 24.201.245.77
DNS Server Search Order: 24.200.243.189

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F00D8357-5E4A-4A5D-AFC9-1FA74633EBBD}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F00D8357-5E4A-4A5D-AFC9-1FA74633EBBD}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F00D8357-5E4A-4A5D-AFC9-1FA74633EBBD}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F00D8357-5E4A-4A5D-AFC9-1FA74633EBBD}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 16 / 27
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
"Bon, j'ai fais cela mais a quelques reprises Antivir Guard a détecté des infections durant le scan, c'est normal?"
---> Oui.

---> Supprime SmitfraudFix.

---> Fais ceci :

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 17 / 27
Deriok
 
Log.txt :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Simon at 2009-01-14 20:16:41
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 20 GB (13%) free of 153 GB
Total RAM: 2047 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:45, on 1/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\explorer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wscntfy.exe
C:\Documents and Settings\Simon.HUTT\Bureau\RSIT.exe
C:\Program Files\trend micro\Simon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - https://www.fileplanet.com/
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
0
Réponse 18 / 27
Deriok
 
Info.txt :

info.txt logfile of random's system information tool 1.05 2009-01-14 20:16:46

======Uninstall list======

-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\windows\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E19F210-3813-4002-B561-94D66AA182B6}\Setup.exe" -l0x9 -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BlackBerry Desktop Software 4.7-->MsiExec.exe /i{98DC111A-7C22-4C26-B2A1-E654264DAC1E}
BlackBerry Desktop Software 4.7-->MsiExec.exe /I{98DC111A-7C22-4C26-B2A1-E654264DAC1E}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\windows\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\windows\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe"
Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
Diablo II-->C:\Program Files\Fichiers communs\Blizzard Entertainment\Diablo II\Uninstall.exe
Download Manager 2.3.7-->C:\Program Files\Download Manager\uninst.exe
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
GameSpot Download Manager-->"C:\Program Files\GameSpot\uninstall.exe"
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Guitar Hero III-->MsiExec.exe /I{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}
Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x40c
High Definition Audio Driver Package - KB888111-->"C:\windows\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\windows\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x40c -removeonly
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\windows\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\windows\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\windows\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{9084040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Application Compatibility Database-->C:\windows\system32\sdbinst.exe -u "C:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\windows\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\windows\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\windows\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\windows\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\windows\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\windows\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\windows\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\windows\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\windows\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\windows\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\windows\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\windows\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\windows\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nortel Networks Contivity VPN Client-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
NVIDIA Drivers-->C:\windows\system32\nvuninst.exe UninstallGUI
Oblivion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x40c -removeonly
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PunkBuster Services-->C:\windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Roxio Media Manager-->MsiExec.exe /X{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}
Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite-->C:\windows\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite-->MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
Starcraft-->C:\windows\SCunin.exe C:\windows\SCunin.dat
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TBS WMP Plug-in-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Windows Imaging Component-->"C:\windows\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\windows\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\windows\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe"
World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xbox 360 Controller for Windows-->"C:\windows\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\windows\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Avira AntiVir PersonalEdition Classic (disabled)

System event log

Computer Name: HUTT
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 12535
Source Name: Service Control Manager
Time Written: 20081213151822.000000-300
Event Type: information
User: HUTT\Simon

Computer Name: HUTT
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur :
Le module spécifié est introuvable.


Record Number: 12534
Source Name: Service Control Manager
Time Written: 20081213151822.000000-300
Event Type: error
User:

Computer Name: HUTT
Event Code: 7036
Message: Le service Gestion d'applications est entré dans l'état : arrêté.

Record Number: 12533
Source Name: Service Control Manager
Time Written: 20081213151822.000000-300
Event Type: information
User:

Computer Name: HUTT
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 12532
Source Name: Service Control Manager
Time Written: 20081213151822.000000-300
Event Type: information
User: HUTT\Simon

Computer Name: HUTT
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur :
Le module spécifié est introuvable.


Record Number: 12531
Source Name: Service Control Manager
Time Written: 20081213151822.000000-300
Event Type: error
User:

Application event log

Computer Name: HUTT
Event Code: 101
Message: MsnMsgr (1460) Le moteur de base de données est arrêté.

Record Number: 6380
Source Name: ESENT
Time Written: 20081125023757.000000-300
Event Type: information
User:

Computer Name: HUTT
Event Code: 103
Message: MsnMsgr (1460) \\.\C:\Documents and Settings\Simon.HUTT\Local Settings\Application Data\Microsoft\Messenger\kaydanhutt@msn.com\SharingMetadata\Working\database_92B0_BA33_B0BA_1DA3\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 6379
Source Name: ESENT
Time Written: 20081125023757.000000-300
Event Type: information
User:

Computer Name: HUTT
Event Code: 102
Message: MsnMsgr (1460) \\.\C:\Documents and Settings\Simon.HUTT\Local Settings\Application Data\Microsoft\Messenger\kaydanhutt@msn.com\SharingMetadata\Working\database_92B0_BA33_B0BA_1DA3\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 6378
Source Name: ESENT
Time Written: 20081125023248.000000-300
Event Type: information
User:

Computer Name: HUTT
Event Code: 100
Message: MsnMsgr (1460) Le moteur de base de données 5.01.2600.2780 est démarré.

Record Number: 6377
Source Name: ESENT
Time Written: 20081125023248.000000-300
Event Type: information
User:

Computer Name: HUTT
Event Code: 101
Message: MsnMsgr (1460) Le moteur de base de données est arrêté.

Record Number: 6376
Source Name: ESENT
Time Written: 20081125023201.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Teleca Shared;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared;C:\Program Files\Fichiers communs\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0

-----------------EOF-----------------
0
Réponse 19 / 27
Deriok
 
info.txt logfile of random's system information tool 1.05 2009-01-14 20:16:46

======Uninstall list======

-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\windows\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E19F210-3813-4002-B561-94D66AA182B6}\Setup.exe" -l0x9 -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BlackBerry Desktop Software 4.7-->MsiExec.exe /i{98DC111A-7C22-4C26-B2A1-E654264DAC1E}
BlackBerry Desktop Software 4.7-->MsiExec.exe /I{98DC111A-7C22-4C26-B2A1-E654264DAC1E}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\windows\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\windows\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\windows\$NtUninstallKB952287$\spuninst\spuninst.exe"
Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
Diablo II-->C:\Program Files\Fichiers communs\Blizzard Entertainment\Diablo II\Uninstall.exe
Download Manager 2.3.7-->C:\Program Files\Download Manager\uninst.exe
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
GameSpot Download Manager-->"C:\Program Files\GameSpot\uninstall.exe"
Grand Theft Auto IV-->"C:\Program Files\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Guitar Hero III-->MsiExec.exe /I{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}
Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x40c
High Definition Audio Driver Package - KB888111-->"C:\windows\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\windows\$NtUninstallKB929399$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x40c -removeonly
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\windows\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\windows\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\windows\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{9084040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\windows\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Application Compatibility Database-->C:\windows\system32\sdbinst.exe -u "C:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\windows\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\windows\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\windows\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\windows\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\windows\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\windows\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\windows\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\windows\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\windows\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\windows\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\windows\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\windows\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\windows\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\windows\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\windows\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\windows\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\windows\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\windows\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\windows\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\windows\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\windows\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\windows\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\windows\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\windows\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\windows\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\windows\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\windows\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\windows\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\windows\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\windows\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\windows\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\windows\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\windows\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\windows\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\windows\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nortel Networks Contivity VPN Client-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
NVIDIA Drivers-->C:\windows\system32\nvuninst.exe UninstallGUI
Oblivion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x40c -removeonly
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PunkBuster Services-->C:\windows\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0009 -removeonly
Roxio Media Manager-->MsiExec.exe /X{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}
Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers-->MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite-->C:\windows\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite-->MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
Starcraft-->C:\windows\SCunin.exe C:\windows\SCunin.dat
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TBS WMP Plug-in-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Windows Imaging Component-->"C:\windows\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\windows\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\windows\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe"
World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xbox 360 Controller for Windows-->"C:\windows\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\windows\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Avira AntiVir PersonalEdition Classic (disabled)

System event log

Computer Name: HUTT
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 12535
Source Name: Service Control Manager
Time Written: 20081213151822.000000-300
Event Type: information
User: HUTT\Simon

Computer Name: HUTT
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur :
Le module spécifié est introuvable.


Record Number: 12534
Source Name: Service Control Manager
Time Written: 20081213151822.000000-300
Event Type: error
User:

Computer Name: HUTT
Event Code: 7036
Message: Le service Gestion d'applications est entré dans l'état : arrêté.

Record Number: 12533
Source Name: Service Control Manager
Time Written: 20081213151822.000000-300
Event Type: information
User:

Computer Name: HUTT
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestion d'applications.

Record Number: 12532
Source Name: Service Control Manager
Time Written: 20081213151822.000000-300
Event Type: information
User: HUTT\Simon

Computer Name: HUTT
Event Code: 7023
Message: Le service Gestion d'applications s'est arrêté avec l'erreur :
Le module spécifié est introuvable.


Record Number: 12531
Source Name: Service Control Manager
Time Written: 20081213151822.000000-300
Event Type: error
User:

Application event log

Computer Name: HUTT
Event Code: 101
Message: MsnMsgr (1460) Le moteur de base de données est arrêté.

Record Number: 6380
Source Name: ESENT
Time Written: 20081125023757.000000-300
Event Type: information
User:

Computer Name: HUTT
Event Code: 103
Message: MsnMsgr (1460) \\.\C:\Documents and Settings\Simon.HUTT\Local Settings\Application Data\Microsoft\Messenger\kaydanhutt@msn.com\SharingMetadata\Working\database_92B0_BA33_B0BA_1DA3\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 6379
Source Name: ESENT
Time Written: 20081125023757.000000-300
Event Type: information
User:

Computer Name: HUTT
Event Code: 102
Message: MsnMsgr (1460) \\.\C:\Documents and Settings\Simon.HUTT\Local Settings\Application Data\Microsoft\Messenger\kaydanhutt@msn.com\SharingMetadata\Working\database_92B0_BA33_B0BA_1DA3\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 6378
Source Name: ESENT
Time Written: 20081125023248.000000-300
Event Type: information
User:

Computer Name: HUTT
Event Code: 100
Message: MsnMsgr (1460) Le moteur de base de données 5.01.2600.2780 est démarré.

Record Number: 6377
Source Name: ESENT
Time Written: 20081125023248.000000-300
Event Type: information
User:

Computer Name: HUTT
Event Code: 101
Message: MsnMsgr (1460) Le moteur de base de données est arrêté.

Record Number: 6376
Source Name: ESENT
Time Written: 20081125023201.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Teleca Shared;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared;C:\Program Files\Fichiers communs\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"RGSCLauncher"=C:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0

-----------------EOF-----------------
0
Réponse 20 / 27
Deriok
 
Logfile of random's system information tool 1.05 (written by random/random)
Run by Simon at 2009-01-14 20:21:34
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 20 GB (13%) free of 153 GB
Total RAM: 2047 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:34, on 1/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\explorer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wscntfy.exe
C:\Documents and Settings\Simon.HUTT\Bureau\RSIT.exe
C:\Program Files\trend micro\Simon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\windows\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - https://www.fileplanet.com/
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
0

Discussions similaires

Besoin de l'autorisation trustedinstaller
BRAND7 -
lulu24h -

52 réponses