Sujet Précédent Sujet Suivant

Virus trés malsain , cas urgent

hamido007890 -  
 hamido007890 -
Bonjour,
merci de me repondre rapidement , j'ai u ou plusieir virus qui bloc mon gestionnaire de taches , mon regedit , certain programmes que je travaille avec et surtout ne me laisse aps installer des antivirus , il les bloque et ne laisse pas s'executer
On plus j'ai les win32 puiske je n'ai plus d'antivirus pour les supprimer

j'ai un travail urgent à terminer alors sil vous plait reponder moi rapidement et merci
A voir également:

11 réponses

Réponse 1 / 11
Utilisateur anonyme
 
salut :

######## | XP _ Instal & recherche | #######

Telecharge et install UsbFix (de C_XX & Chiquitine29)

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisi l option 1 ( Recherche )

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

0
Réponse 2 / 11
Utilisateur anonyme
 
Bonjour

• Télécharge FindyKill ici : : http://pagesperso-orange.fr/FindyKill.Ad.Remover/home_page.htm
• ->Enregistre-le sur ton bureau et pas ailleurs !

!! Déconnecte toi et ferme toutes les applications en cours !!

• (Si ton anti-virus s'affole au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)

•-> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.

Tuto : https://www.malekal.com/tutorial-findykill/

--> Double-clique sur le raccourci " FindyKill " qui est sur ton bureau.

-->choisis l'option 1 (recherche). Puis laisse travailler l'outil sans rien toucher ...

Une fois terminé, poste le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 3 / 11
Utilisateur anonyme
 
bonjour mets ton firefox à jour,
Télécharge FindyKill de Chiquitine29 :

http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/tutorial-findykill-bagle-sujet_201870_1.htm

->Enregistre-le sur ton bureau et pas ailleurs !

!! Déconnecte toi et ferme toutes les applications en cours !!

( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)

-> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.

Tuto : https://www.malekal.com/tutorial-findykill/

--> Double-clique sur le raccourci " FindyKill " qui est sur ton bureau .

-->choisis l'option 1 ( recherche ). Puis laisse travailler l'outil sans rien toucher ...

Une fois terminé, poste le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Utilisateur anonyme
 
Bonjour
Tu as la main gen-hackman
@+
0
Réponse 4 / 11
Utilisateur anonyme
 
j'aimerais quand même avoir un rapport de recherche des deux logiciels

(pour le concepteur)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
hamido007890
 
dsl pour le retard, voila le rapport

############################## [ UsbFix V3.016 # Scan ]

# User : Administrateur (Administrateurs) # 16F5C46E2850497
# Update on 01/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 19:46:44 | 01/05/2009

# Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 8.0.0.506 [ (!) Disabled | (!) Outdated ]
# FW : Kaspersky Internet Security[ (!) Disabled ]8.0.0.506

# C:\ # Disque fixe local # 64,42 Go (1,18 Go free) [sé7li] # NTFS
# D:\ # Disque fixe local # 76,62 Go (28,16 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible # 3,76 Go (3,38 Go free) # FAT32
# I:\ # Disque CD-ROM
# J:\ # Disque CD-ROM

############################## [ Processus actifs ]

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscript.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Registery Booster 2\RegistryBooster 2\RegistryBooster.exe
D:\WINDOWS\system32\win.exe
D:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\snbhr.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwtxnjy.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qpny.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmoutv.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqtsiu.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.freewebtown.com/blackooh/BlaCk-TiMeind3x.html.html"
HKCU_Main: "Window Title"=" .-~= Hacked by x4x =~-. "
HKLM_logon: "Userinit"="D:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Administrateur"
HKLM_logon: "AltDefaultUserName"="Administrateur"
HKLM_logon: "LegalNoticeCaption"="Welcome!"
HKLM_Run: USB Antivirus=D:\Program Files\USB Disk Security\USBGuard.exe
HKLM_Run: AVP="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
HKLM_Run: smsm=D:\WINDOWS\system32\win.exe
HKLM_Run: regdiit=D:\WINDOWS\system32\win.exe
HKLM_Run: CTFMON=D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
HKLM_Run: FrameWorkService=
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=D:\WINDOWS\system32\ctfmon.exe
HKCU_Run: Uniblue RegistryBooster 2=D:\Program Files\Registery Booster 2\RegistryBooster 2\RegistryBooster.exe /S
HKCU_Run: FrameWorkService=

################## [ Informations ]

################## [ Fichiers # Dossiers infectieux ]

Found ! D:\WINDOWS\inf\smss.exe
Found ! "D:\WINDOWS\system32\Sexy Girls.scr"
Found ! "D:\Documents and Settings\Administrateur\Application Data\smss.exe"
Found ! C:\winfile.jpg
Found ! C:\autorun.inf
Found ! D:\winfile.jpg
Found ! D:\autorun.inf
0
Réponse 6 / 11
hamido007890
 
en fet le virus la impeu bloqué , voilà le rapport complé

############################## [ UsbFix V3.016 # Scan ]

# User : Administrateur (Administrateurs) # 16F5C46E2850497
# Update on 01/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 19:46:44 | 01/05/2009

# Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 8.0.0.506 [ (!) Disabled | (!) Outdated ]
# FW : Kaspersky Internet Security[ (!) Disabled ]8.0.0.506

# C:\ # Disque fixe local # 64,42 Go (1,18 Go free) [sé7li] # NTFS
# D:\ # Disque fixe local # 76,62 Go (28,16 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible # 3,76 Go (3,38 Go free) # FAT32
# I:\ # Disque CD-ROM
# J:\ # Disque CD-ROM

############################## [ Processus actifs ]

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscript.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Registery Booster 2\RegistryBooster 2\RegistryBooster.exe
D:\WINDOWS\system32\win.exe
D:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\snbhr.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwtxnjy.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qpny.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmoutv.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqtsiu.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="D:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.freewebtown.com/blackooh/BlaCk-TiMeind3x.html.html"
HKCU_Main: "Window Title"=" .-~= Hacked by x4x =~-. "
HKLM_logon: "Userinit"="D:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Administrateur"
HKLM_logon: "AltDefaultUserName"="Administrateur"
HKLM_logon: "LegalNoticeCaption"="Welcome!"
HKLM_Run: USB Antivirus=D:\Program Files\USB Disk Security\USBGuard.exe
HKLM_Run: AVP="D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
HKLM_Run: smsm=D:\WINDOWS\system32\win.exe
HKLM_Run: regdiit=D:\WINDOWS\system32\win.exe
HKLM_Run: CTFMON=D:\WINDOWS\system32\wscript.exe /E:vbs D:\WINDOWS\system32\winjpg.jpg
HKLM_Run: FrameWorkService=
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=D:\WINDOWS\system32\ctfmon.exe
HKCU_Run: Uniblue RegistryBooster 2=D:\Program Files\Registery Booster 2\RegistryBooster 2\RegistryBooster.exe /S
HKCU_Run: FrameWorkService=

################## [ Informations ]

################## [ Fichiers # Dossiers infectieux ]

Found ! D:\WINDOWS\inf\smss.exe
Found ! "D:\WINDOWS\system32\Sexy Girls.scr"
Found ! "D:\Documents and Settings\Administrateur\Application Data\smss.exe"
Found ! C:\winfile.jpg
Found ! C:\autorun.inf
Found ! D:\winfile.jpg
Found ! D:\autorun.inf
Found ! H:\Administrateur_Fichiers.exe
Found ! H:\RECYCLER\RECYCLER.exe
Found ! H:\Wallpaper.vbs
Found ! H:\winfile.jpg
Found ! H:\autorun.inf
Found ! H:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
Found ! H:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "FirewallOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "UacDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\Svc\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\Svc\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\Svc\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\Svc\\ "FirewallOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\Svc\\ "UacDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\software\microsoft\security center\Svc\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableTaskMgr"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Found ! HKU\S-1-5-21-2052111302-2077806209-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\J\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{2ed099e4-f5bc-11dd-b1b4-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{2ef77138-9524-11dd-b0ff-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{30338878-911a-11dd-b0f5-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{44c19ce6-07ee-11de-b1d3-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{57dafa89-d589-11dd-b189-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{57dafa89-d589-11dd-b189-001b2496fb14}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{6b6cdbe2-96c7-11dd-b103-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{74fb8396-8d8b-11dd-b0ea-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{7a550c0e-e6f7-11dd-b1a0-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{7a550c0e-e6f7-11dd-b1a0-001b2496fb14}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{7a550c0e-e6f7-11dd-b1a0-001b2496fb14}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{816b49ef-e090-11dd-b198-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{83b813a2-3643-11de-b236-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9eaeec57-b4ea-11dd-b144-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bbd86d20-279f-11de-b213-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bf1eece9-cda9-11dd-b17e-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bf1eece9-cda9-11dd-b17e-001b2496fb14}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{bf1eece9-cda9-11dd-b17e-001b2496fb14}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{bf1eecec-cda9-11dd-b17e-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bf1eecef-cda9-11dd-b17e-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bf1eecef-cda9-11dd-b17e-001b2496fb14}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{c40001dc-e48a-11dd-b19c-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{d4bddf90-f9ca-11dd-b1ba-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{d4bddf90-f9ca-11dd-b1ba-001b2496fb14}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{e6bf58b3-c77b-11dd-b173-001b2496fb14}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{f6e86f32-f08b-11dd-b1ad-e173b28897e1}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{fdceda57-1341-11de-b1e2-001b2496fb14}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.016 ! ]

Merci de votre patience
0
Réponse 7 / 11
Utilisateur anonyme
 
ok peux-tu s'il te plait fournir la meme chose en recherche avec Findykill precedemmenr cité ?

on passera au kill ensuite :)
0
Réponse 8 / 11
hamido007890
 
voici le rapport de findykill

############################## [ FindyKill V4.728 ]

# User : Administrateur (Administrateurs) # 16F5C46E2850497
# Update on 01/05/09 by Chiquitine29
# Start at: 20:46:51 | 01/05/2009
# Website : http://pagesperso-orange.fr/NosTools/findykill.html

# Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 8.0.0.506 [ (!) Disabled | (!) Outdated ]
# FW : Kaspersky Internet Security[ (!) Disabled ]8.0.0.506

# C:\ # Disque fixe local # 64,42 Go (1,18 Go free) [sé7li] # NTFS
# D:\ # Disque fixe local # 76,62 Go (28,14 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible # 3,76 Go (3,38 Go free) # FAT32
# I:\ # Disque CD-ROM
# J:\ # Disque CD-ROM

############################## [ Processus actifs ]

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscript.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Registery Booster 2\RegistryBooster 2\RegistryBooster.exe
D:\WINDOWS\system32\win.exe
D:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\snbhr.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwtxnjy.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qpny.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmoutv.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqtsiu.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xpeln.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\windcejdq.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers / Dossiers infectieux ]

################## [ Infected Temp Files ]

################## [ Registre / Clés infectieuses ]

################## [ Recherche dans supports amovibles]

Found ! C:\autorun.inf
Found ! D:\autorun.inf
Found ! H:\autorun.inf

################## [ Registre / Mountpoints2 ]

Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf1eece9-cda9-11dd-b17e-001b2496fb14}\Shell\AutoRun\command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf1eece9-cda9-11dd-b17e-001b2496fb14}\Shell\explore\Command
Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf1eece9-cda9-11dd-b17e-001b2496fb14}\Shell\open\Command

################## [ ! Fin du rapport # FindyKill V4.728 ! ]
0
Réponse 9 / 11
Utilisateur anonyme
 
######## | Suppression | ########

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisi l option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

######### | Désinstallation | #######

# Double clic sur le raccourci UsbFix présent sur ton bureau

# Choisi l option Désinstaller ....
0
hamido007890
 
voici le rapport :



############################## [ UsbFix V3.016 # Cleaning ]

# User : Administrateur (Administrateurs) # 16F5C46E2850497
# Update on 01/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:14:23 | 01/05/2009

# Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 8.0.0.506 [ (!) Disabled | (!) Outdated ]
# FW : Kaspersky Internet Security[ (!) Disabled ]8.0.0.506

# C:\ # Disque fixe local # 64,42 Go (1,18 Go free) [sé7li] # NTFS
# D:\ # Disque fixe local # 76,62 Go (25,68 Go free) # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible # 3,76 Go (3,38 Go free) # FAT32
# I:\ # Disque CD-ROM
# J:\ # Disque CD-ROM

############################## [ Processus actifs ]

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\logonui.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! D:\WINDOWS\inf\smss.exe
Deleted ! "D:\WINDOWS\system32\Sexy Girls.scr"
Deleted ! "D:\Documents and Settings\Administrateur\Application Data\smss.exe"
Deleted ! C:\winfile.jpg
Deleted ! C:\autorun.inf
Deleted ! D:\winfile.jpg
Deleted ! D:\autorun.inf
Deleted ! H:\Administrateur_Fichiers.exe
Deleted ! H:\RECYCLER\RECYCLER.exe
Deleted ! H:\Wallpaper.vbs
Deleted ! H:\winfile.jpg
Deleted ! H:\autorun.inf
Deleted ! H:\xjat.pif
Deleted ! H:\mcur.pif
Deleted ! H:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
Deleted ! H:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

################## [ Registre # Clés Run infectieuses ]

# HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "FirewallOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "UacDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "AntiVirusDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "AntiVirusOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "FirewallDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "FirewallOverride"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "UacDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKLM\software\microsoft\security center\Svc\\ "UpdatesDisableNotify"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
# HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableTaskMgr"
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Deleted ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "FrameWorkService"
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Deleted ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\J\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{2ed099e4-f5bc-11dd-b1b4-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{2ef77138-9524-11dd-b0ff-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{44c19ce6-07ee-11de-b1d3-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{57dafa89-d589-11dd-b189-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{6b6cdbe2-96c7-11dd-b103-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{74fb8396-8d8b-11dd-b0ea-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{7a550c0e-e6f7-11dd-b1a0-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{816b49ef-e090-11dd-b198-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{83b813a2-3643-11de-b236-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{9eaeec57-b4ea-11dd-b144-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bbd86d20-279f-11de-b213-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bf1eece9-cda9-11dd-b17e-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bf1eecec-cda9-11dd-b17e-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bf1eecef-cda9-11dd-b17e-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{c40001dc-e48a-11dd-b19c-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{d4bddf90-f9ca-11dd-b1ba-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{e6bf58b3-c77b-11dd-b173-001b2496fb14}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{f6e86f32-f08b-11dd-b1ad-e173b28897e1}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{fdceda57-1341-11de-b1e2-001b2496fb14}\Shell\AutoRun\command

################## [ Listing des fichiers présent ]

[28/09/2008 19:06|--a------|0] - C:\AUTOEXEC.BAT
[26/04/2009 00:29|-rahs----|110] - C:\AUTORUN.FCB
[29/08/2008 23:36|---hs----|292] - C:\BOOT.BAK
[28/03/2009 00:45|--ahs----|292] - C:\boot.ini
[03/05/2008 00:57|-rahs----|4952] - C:\Bootfont.bin
[04/08/2004 01:00|-r-hs----|263488] - C:\cmldr
[28/09/2008 19:06|--a------|0] - C:\CONFIG.SYS
[28/09/2008 19:06|-rahs----|0] - C:\IO.SYS
[03/04/2009 22:34|--a------|205] - C:\jeux PSP.txt
[23/07/2008 17:59|--a------|54883] - C:\lve.txt
[28/09/2008 19:06|-rahs----|0] - C:\MSDOS.SYS
[03/05/2008 00:57|-rahs----|47564] - C:\NTDETECT.COM
[03/05/2008 00:57|-rahs----|252240] - C:\ntldr
[13/04/2008 19:34|--a------|106496] - C:\setupSNK.exe
[04/04/2009 17:48|--a------|13538] - C:\Solt ff7.txt
[30/04/2009 02:18|--a------|249] - C:\Stage.txt
[01/05/2009 20:47|--a------|2982] - D:\FindyKill.txt
[24/03/2009 13:35|--a------|4492099740] - D:\Oblivion.nrg
[?|?|?] - D:\pagefile.sys
[21/11/2008 12:10|--ah-----|268] - D:\sqmdata00.sqm
[21/11/2008 12:12|--ah-----|304] - D:\sqmdata01.sqm
[22/11/2008 19:34|--ah-----|232] - D:\sqmdata02.sqm
[09/12/2008 16:31|--ah-----|268] - D:\sqmdata03.sqm
[09/12/2008 16:31|--ah-----|172] - D:\sqmdata04.sqm
[09/12/2008 16:52|--ah-----|304] - D:\sqmdata05.sqm
[24/12/2008 02:06|--ah-----|268] - D:\sqmdata06.sqm
[10/01/2009 03:42|--ah-----|268] - D:\sqmdata07.sqm
[10/01/2009 04:59|--ah-----|208] - D:\sqmdata08.sqm
[13/01/2009 05:03|--ah-----|268] - D:\sqmdata09.sqm
[21/11/2008 12:10|--ah-----|244] - D:\sqmnoopt00.sqm
[21/11/2008 12:12|--ah-----|244] - D:\sqmnoopt01.sqm
[22/11/2008 19:34|--ah-----|244] - D:\sqmnoopt02.sqm
[09/12/2008 16:31|--ah-----|244] - D:\sqmnoopt03.sqm
[09/12/2008 16:31|--ah-----|172] - D:\sqmnoopt04.sqm
[09/12/2008 16:52|--ah-----|244] - D:\sqmnoopt05.sqm
[24/12/2008 02:06|--ah-----|244] - D:\sqmnoopt06.sqm
[10/01/2009 03:42|--ah-----|244] - D:\sqmnoopt07.sqm
[10/01/2009 04:59|--ah-----|172] - D:\sqmnoopt08.sqm
[13/01/2009 05:03|--ah-----|244] - D:\sqmnoopt09.sqm
[01/05/2009 21:15|--a------|9244] - D:\UsbFix.txt
[30/08/2008 12:40|--a------|856576] - H:\ramadan.doc
[14/07/2008 11:54|--a------|63488] - H:\Room check list RCK.xls
[10/02/2009 13:32|--a------|56832] - H:\Organigramme.doc
[10/07/2008 08:14|--a------|110080] - H:\Normes.xls
[08/10/2008 12:15|--a------|50176] - H:\Bungalows.xls
[18/04/2008 12:02|--a------|52224] - H:\Room Directory Fran‡ais.doc
[22/05/2008 16:31|--a------|28160] - H:\C.V - B.K.doc
[18/07/2008 11:23|--a------|180736] - H:\CHECK LISTE Bung.07-08.xls
[18/04/2008 12:02|--a------|79872] - H:\Room Directory deutsch.doc
[01/05/2009 14:12|-r-h-----|474] - H:\winamp_cache_0001.xml
[01/05/2009 14:12|--a------|41] - H:\pmp_usb.ini
[10/04/2009 08:19|-r-hs----|173055] - H:\wuemd.cmd
[08/04/2007 16:14|--a------|377344] - H:\perso_Fichiers.exe

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# H:\autorun.inf -> Folder created by UsbFix.

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.016 ! ]
0
Réponse 10 / 11
Utilisateur anonyme
 
ok relance USBFix et option "desinstaller"

ensuite :

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...

-> laisse faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
0
hamido007890
 
voici log.txt :


Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-05-01 21:37:14
Microsoft Windows XP Professionnel Service Pack 3
System drive D: has 26 GB (34%) free of 78 GB
Total RAM: 2038 MB (75% free)

HijackThis download failed

======Scheduled tasks folder======

D:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - D:\Program Files\Orbitdownloader\orbitcth.dll [2008-11-24 134344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - D:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - D:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - D:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45AD732C-2CE2-4666-B366-B2214AD57A49}]
Idea2 SidebarBrowserMonitor Class - D:\Program Files\Desktop Sidebar\sbhelp.dll [2006-07-09 278528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
Hotspot Shield Toolbar - D:\Program Files\Hotspot_Shield\tbHots.dll [2008-06-25 1569304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-03 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - D:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - D:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - D:\Program Files\Orbitdownloader\GrabPro.dll [2008-11-24 445560]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - D:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - D:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
{c95a4e8e-816d-4655-8c79-d736da1adb6d} - Hotspot Shield Toolbar - D:\Program Files\Hotspot_Shield\tbHots.dll [2008-06-25 1569304]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - D:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"USB Antivirus"=D:\Program Files\USB Disk Security\USBGuard.exe [2008-09-23 868352]
"AVP"=D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-11-11 206088]
"smsm"=D:\WINDOWS\system32\win.exe [2009-05-01 104968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-05-03 15360]
"Uniblue RegistryBooster 2"=D:\Program Files\Registery Booster 2\RegistryBooster 2\RegistryBooster.exe [2008-06-04 669464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
D:\WINDOWS\system32\NeroCheck.exe [2001-07-09 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
D:\WINDOWS\system32\NvCpl.dll [2007-05-22 8433664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
D:\Program Files\Java\jre6\bin\jusched.exe [2008-12-03 214424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
D:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-05 132608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
D:\Program Files\Registery Booster 2\RegistryBooster 2\RegistryBooster.exe [2008-06-04 669464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
D:\Program Files\Winamp\winampa.exe [2008-08-04 110080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk]
D:\DOCUME~1\ADMINI~1\APPLIC~1\MICROS~1\LIVESE~1\NOTIFI~1.EXE [2009-02-03 212992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
D:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
D:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 157088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Orbit.lnk]
D:\PROGRA~1\ORBITD~1\orbitdm.exe [2008-11-24 1760456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"SeaPort"=2
"NVSvc"=2
"Macromedia Licensing Service"=3
"maconfservice"=3
"JavaQuickStarterService"=2
"iPod Service"=3
"idsvc"=3
"IBS_gds_db"=3
"IBG_gds_db"=2
"HotspotShieldService"=2
"fsssvc"=3
"CiSvc"=3
"Bonjour Service"=2
"AresChatServer"=3
"Apple Mobile Device"=2
"VETMSGNT"=2
"CaCCProvSP"=3

D:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
Dos Optimizer.pif

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,D:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,D:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,D:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
D:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2008-05-03 200064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-03 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - D:\WINDOWS\system32\upnpui.dll [2008-05-03 240128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"DisallowRun"=0
"NoFolderOptions"=
"NoRun"=
"NoFind"=
"NoDrives"=0
"NoViewContextMenu"=0
"NoWinKeys"=0
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"NoLogOff"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:ipsec"
"D:\Program Files\Orbitdownloader\orbitnet.exe"="D:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:ipsec"
"D:\Program Files\Internet Explorer\IEXPLORE.EXE"="D:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"D:\Program Files\Garena\Garena.exe"="D:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"J:\etppq.exe"="J:\etppq.exe:*:Enabled:ipsec"
"D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe"="D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe:*:Enabled:ipsec"
"D:\Program Files\Registery Booster 2\RegistryBooster 2\RegistryBooster.exe"="D:\Program Files\Registery Booster 2\RegistryBooster 2\RegistryBooster.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xrbb.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xrbb.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uljo.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uljo.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhdfwgh.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winhdfwgh.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winafgng.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winafgng.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winscqpkp.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winscqpkp.exe:*:Enabled:ipsec"
"D:\Program Files\Microsoft Office\Office10\OSA.EXE"="D:\Program Files\Microsoft Office\Office10\OSA.EXE:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnpol.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnpol.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsiwub.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winsiwub.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuyqp.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuyqp.exe:*:Enabled:ipsec"
"D:\WINDOWS\Explorer.EXE"="D:\WINDOWS\explorer.exe:*:Enabled:ipsec"
"D:\WINDOWS\system32\msconfig.exe"="D:\WINDOWS\system32\msconfig.exe:*:Enabled:ipsec"
"D:\Program Files\USB Disk Security\USBGuard.exe"="D:\Program Files\USB Disk Security\USBGuard.exe:*:Enabled:ipsec"
"C:\programmes\microtorrent_torrent_1.8.1_anglais_18245.exe"="C:\programmes\microtorrent_torrent_1.8.1_anglais_18245.exe:*:Enabled:µTorrent"
"D:\WINDOWS\system32\ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe:*:Enabled:ipsec"
"D:\Program Files\Avira\Avira Premium Security Suite\avwsc.exe"="D:\Program Files\Avira\Avira Premium Security Suite\avwsc.exe:*:Enabled:ipsec"
"C:\9rayti\GL2\2eme semestre moi\prog orienté objet\eclipse\eclipse.exe"="C:\9rayti\GL2\2eme semestre moi\prog orienté objet\eclipse\eclipse.exe:*:Enabled:ipsec"
"D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE"="D:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\oxwti.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\oxwti.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ltkc.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ltkc.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfwmhrw.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfwmhrw.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmlllf.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmlllf.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nvmnf.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nvmnf.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrifk.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winrifk.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingrcmg.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingrcmg.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winipowg.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winipowg.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\oxafpx.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\oxafpx.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winylwb.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winylwb.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlkeqa.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlkeqa.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfoio.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfoio.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxeikuq.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxeikuq.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintvfst.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wintvfst.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnsolko.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnsolko.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ugdryl.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ugdryl.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\remg.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\remg.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winttlx.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winttlx.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmqor.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winmqor.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wehsny.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wehsny.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbllpa.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbllpa.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnoos.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winnoos.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjxdk.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjxdk.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqeogph.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqeogph.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwbfmqr.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winwbfmqr.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winitgsjc.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winitgsjc.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxubrk.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxubrk.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyted.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyted.exe:*:Enabled:ipsec"
"D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlydyyi.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlydyyi.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxpit.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxpit.exe:*:Enabled:ipsec"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winceuwn.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winceuwn.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sfpibn.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sfpibn.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pgdphu.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pgdphu.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingipvk.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wingipvk.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\edvm.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\edvm.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fcey.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fcey.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\keil.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\keil.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfablog.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfablog.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfiwte.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfiwte.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlsvoj.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlsvoj.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hglv.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hglv.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\efgv.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\efgv.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gqbn.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gqbn.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qnha.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qnha.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bfur.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bfur.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuqsn.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winuqsn.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dulugo.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dulugo.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cohww.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cohww.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gudvf.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gudvf.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkiktbs.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winkiktbs.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hhsfi.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hhsfi.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winetho.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winetho.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\otvsaw.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\otvsaw.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\toqgx.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\toqgx.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winegqrkj.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winegqrkj.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjrwme.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjrwme.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fmqpn.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fmqpn.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\corbh.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\corbh.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincrotm.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincrotm.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\djabbw.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\djabbw.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eaxisb.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\eaxisb.exe:*:Enabled:ipsec"
"D:\Program Files\Winamp\winamp.exe"="D:\Program Files\Winamp\winamp.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\esgjtv.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\esgjtv.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfomj.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfomj.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaasw.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winaasw.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjdws.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winjdws.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbcnpuy.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winbcnpuy.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyule.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyule.exe:*:Enabled:ipsec"
"D:\WINDOWS\system32\wscript.exe"="D:\WINDOWS\system32\wscript.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ejflsk.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ejflsk.exe:*:Enabled:ipsec"
"D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dynt.exe"="D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dynt.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - edit - "D:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
.js - open - "D:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"

======List of files/folders created in the last 2 months======

2009-05-01 21:37:14 ----D---- D:\rsit
2009-05-01 21:37:14 ----D---- D:\Program Files\trend micro
2009-05-01 21:15:26 ----RASHD---- D:\autorun.inf
2009-05-01 20:46:49 ----A---- D:\FindyKill.txt
2009-05-01 20:46:05 ----D---- D:\FindyKill
2009-05-01 19:45:53 ----D---- D:\UsbFix
2009-04-28 23:56:21 ----D---- D:\Program Files\Project64 v1.5
2009-04-28 23:54:51 ----D---- D:\Program Files\glassfish-v3-prelude
2009-04-28 23:53:30 ----D---- D:\Program Files\glassfish-v2ur2
2009-04-28 23:48:35 ----D---- D:\Program Files\Sun
2009-04-28 22:35:58 ----N---- D:\WINDOWS\system32\ActPanel.dll
2009-04-28 22:35:55 ----D---- D:\Program Files\jdk1.2.1
2009-04-28 22:35:47 ----A---- D:\WINDOWS\IsUninst.exe
2009-04-27 23:19:28 ----D---- D:\Program Files\Laxius Power 3
2009-04-27 14:58:38 ----D---- D:\Program Files\Bethesda Softworks
2009-04-18 00:56:41 ----D---- D:\nv
2009-04-12 22:28:17 ----RASH---- D:\WINDOWS\system32\win.exe
2009-04-10 20:55:58 ----D---- D:\Program Files\Kaspersky Lab
2009-04-10 20:55:58 ----D---- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-04-09 23:16:30 ----D---- D:\Program Files\Garena
2009-04-09 23:15:59 ----D---- D:\Documents and Settings\Administrateur\Application Data\InstallShield
2009-04-08 18:02:34 ----D---- D:\Program Files\ZAAPA
2009-03-28 01:19:32 ----D---- D:\Program Files\Eset
2009-03-28 01:16:26 ----D---- D:\Program Files\Panda Security
2009-03-28 00:22:14 ----D---- D:\Program Files\USB Disk Security
2009-03-28 00:16:31 ----D---- D:\Documents and Settings\Administrateur\Application Data\Yahoo!
2009-03-28 00:16:30 ----D---- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-03-28 00:16:29 ----D---- D:\Program Files\Yahoo!
2009-03-23 15:31:07 ----D---- D:\Documents and Settings\Administrateur\Application Data\dvdcss
2009-03-22 14:02:06 ----D---- D:\Program Files\Lionhead Studios
2009-03-19 13:21:35 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
2009-03-11 00:55:46 ----D---- D:\Kyle XY saison 3
2009-03-06 01:01:34 ----A---- D:\WINDOWS\system32\XAPOFX1_1.dll
2009-03-06 01:01:33 ----A---- D:\WINDOWS\system32\XAudio2_2.dll
2009-03-06 01:01:33 ----A---- D:\WINDOWS\system32\xactengine3_2.dll
2009-03-06 01:01:33 ----A---- D:\WINDOWS\system32\d3dx10_39.dll
2009-03-06 01:01:33 ----A---- D:\WINDOWS\system32\D3DCompiler_39.dll
2009-03-06 01:01:32 ----A---- D:\WINDOWS\system32\XAudio2_1.dll
2009-03-06 01:01:32 ----A---- D:\WINDOWS\system32\XAPOFX1_0.dll
2009-03-06 01:01:32 ----A---- D:\WINDOWS\system32\D3DX9_39.dll
2009-03-06 01:01:31 ----A---- D:\WINDOWS\system32\xactengine3_1.dll
2009-03-06 01:01:30 ----A---- D:\WINDOWS\system32\X3DAudio1_4.dll
2009-03-06 01:01:30 ----A---- D:\WINDOWS\system32\D3DX9_38.dll
2009-03-06 01:01:30 ----A---- D:\WINDOWS\system32\d3dx10_38.dll
2009-03-06 01:01:30 ----A---- D:\WINDOWS\system32\D3DCompiler_38.dll
2009-03-06 01:00:28 ----D---- D:\WINDOWS\Logs
2009-03-06 00:25:07 ----D---- D:\Program Files\Ubisoft
2009-03-04 18:10:49 ----D---- D:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-03-04 18:10:05 ----A---- D:\WINDOWS\system32\BASSMOD.dll
2009-03-03 12:40:36 ----D---- D:\Program Files\Enterbrain
2009-03-03 12:39:54 ----D---- D:\Program Files\Fichiers communs\Enterbrain

======List of files/folders modified in the last 2 months======

2009-05-01 21:37:14 ----D---- D:\Program Files
2009-05-01 21:24:36 ----D---- D:\Documents and Settings\Administrateur\Application Data\TeraCopy
2009-05-01 21:17:12 ----D---- D:\WINDOWS\system32\drivers
2009-05-01 21:16:47 ----D---- D:\Program Files\Mozilla Firefox
2009-05-01 21:14:27 ----D---- D:\WINDOWS\system32
2009-05-01 21:14:26 ----D---- D:\WINDOWS\inf
2009-05-01 21:14:22 ----D---- D:\WINDOWS\Temp
2009-05-01 21:12:30 ----A---- D:\WINDOWS\SchedLgU.Txt
2009-05-01 16:50:50 ----D---- D:\WINDOWS\system32\CatRoot2
2009-05-01 13:30:38 ----D---- D:\WINDOWS
2009-04-30 22:09:08 ----D---- D:\Program Files\Orbitdownloader
2009-04-30 14:54:35 ----SHD---- D:\WINDOWS\Installer
2009-04-30 14:54:27 ----D---- D:\Program Files\Java
2009-04-29 00:22:57 ----RD---- D:\jeux ds
2009-04-27 17:12:03 ----RSD---- D:\WINDOWS\assembly
2009-04-27 17:12:03 ----D---- D:\WINDOWS\system32\DirectX
2009-04-27 14:58:35 ----HD---- D:\Program Files\InstallShield Installation Information
2009-04-24 01:34:51 ----RD---- D:\manga
2009-04-20 22:57:17 ----D---- D:\Program Files\eMule
2009-04-20 19:17:37 ----D---- D:\Documents and Settings\Administrateur\Application Data\uTorrent
2009-04-18 11:19:21 ----A---- D:\WINDOWS\NeroDigital.ini
2009-04-13 09:34:32 ----SHD---- D:\System Volume Information
2009-04-08 18:04:03 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2009-04-08 18:03:13 ----D---- D:\WINDOWS\WinSxS
2009-04-08 18:03:13 ----D---- D:\Program Files\Fichiers communs\Microsoft Shared
2009-04-07 14:24:38 ----D---- D:\Program Files\Warcraft III
2009-04-03 03:30:12 ----D---- D:\Documents and Settings\Administrateur\Application Data\LimeWire
2009-03-30 11:18:12 ----D---- D:\WINDOWS\system32\CatRoot
2009-03-28 01:06:27 ----D---- D:\Documents and Settings\Administrateur\Application Data\Desktop Sidebar
2009-03-28 01:01:34 ----D---- D:\WINDOWS\Debug
2009-03-28 00:48:55 ----A---- D:\WINDOWS\SYSTEM.INI
2009-03-28 00:45:19 ----A---- D:\WINDOWS\win.ini
2009-03-28 00:31:11 ----D---- D:\WINDOWS\pss
2009-03-28 00:16:35 ----D---- D:\Program Files\CCleaner
2009-03-26 00:14:25 ----D---- D:\Documents and Settings\Administrateur\Application Data\Orbit
2009-03-26 00:12:12 ----D---- D:\Program Files\K-Lite Codec Pack
2009-03-14 01:02:32 ----D---- D:\Downloads
2009-03-11 18:07:13 ----D---- D:\Program Files\Opera
2009-03-04 18:10:46 ----D---- D:\Program Files\Fichiers communs\Wise Installation Wizard
2009-03-04 18:06:21 ----D---- D:\WINDOWS\Downloaded Installations
2009-03-04 01:21:11 ----D---- D:\Program Files\Hotspot_Shield
2009-03-03 12:39:54 ----D---- D:\Program Files\Fichiers communs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Pilote de processeur Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; D:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-04-08 21419]
R2 fssfltr;FssFltr; D:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; D:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-05-03 88320]
R2 NwlnkNb;NetBIOS NWLink; D:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-05-03 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; D:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-05-03 55936]
R2 rimsptsk;rimsptsk; D:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2008-05-03 66560]
R3 abp470n5;abp470n5; \??\D:\WINDOWS\system32\drivers\plksnk.sys []
R3 Arp1394;Protocole client ARP 1394; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-03 60800]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; D:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; D:\WINDOWS\system32\drivers\CHDAud.sys [2007-02-12 625664]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-03 144384]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; D:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; D:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 NETw4x32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows XP 32 bits; D:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2008-05-03 2211456]
R3 NIC1394;Pilote réseau 1394; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-03 61824]
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-22 6346688]
R3 sdbus;sdbus; D:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-05-03 79232]
R3 tapvpn;TAP VPN Adapter; D:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
R3 usbccgp;Pilote parent générique USB Microsoft; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-05-03 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Périphérique vidéo USB (WDM); D:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; D:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-05-03 259712]
S1 InCDPass;InCDPass; D:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; D:\WINDOWS\system32\drivers\InCDRm.sys []
S3 azaxho2u;azaxho2u; D:\WINDOWS\system32\drivers\azaxho2u.sys []
S3 catchme;catchme; \??\D:\ComboFix\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 driverhardwarev2;driverhardwarev2; \??\D:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 HidUsb;Pilote de classe HID Microsoft; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Pilote HID de souris; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RT73;RT73 USB Wireless LAN Card Driver; D:\WINDOWS\system32\DRIVERS\rt73.sys [2007-11-28 451456]
S3 sffdisk;Pilote de classe de stockage SFF; D:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-05-03 11904]
S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; D:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-05-03 11008]
S3 SLIP;Détrameur décalage BDA; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 WSTCODEC;Codec Teletext standard; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-03 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-03 82944]
S4 InCDFs;InCD File System; D:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; D:\WINDOWS\system32\DRIVERS\sr.sys [2008-05-03 73600]
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-05-03 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S3 aspnet_state;Service d'état ASP.NET; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 Visual Studio Analyzer RPC bridge;Visual Studio Analyzer RPC bridge; D:\Program Files\Visual C++ GL\Tools\VS-Ent98\Vanalyzr\varpc.exe [1998-06-06 111860]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-05-03 14336]
S4 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 206152]
S4 AresChatServer;Ares Chatroom server; D:\Program Files\Ares\chatServer.exe [2007-03-20 263168]
S4 fsssvc;Windows Live Contrôle parental; D:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S4 HotspotShieldService;Hotspot Shield Service; D:\Program Files\Hotspot Shield\bin\openvpnas.exe [2008-07-24 154072]
S4 IBG_gds_db;InterBase 7.5 Guardian gds_db; D:\Program Files\Borland\InterBase\bin\ibguard.exe -i D:\Program Files\Borland\InterBase -p gds_db []
S4 IBS_gds_db;InterBase 7.5 Server gds_db; D:\Program Files\Borland\InterBase\bin\ibserver.exe -i D:\Program Files\Borland\InterBase -p gds_db []
S4 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S4 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2008-12-03 222616]
S4 maconfservice;Ma-Config Service; D:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 261288]
S4 Macromedia Licensing Service;Macromedia Licensing Service; D:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [2008-11-19 141824]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe []
S4 SeaPort;SeaPort; D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S4 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------
0
Réponse 11 / 11
hamido007890
 
voici info.txt :

info.txt logfile of random's system information tool 1.06 2009-05-01 21:37:18

======Uninstall list======

-->D:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->D:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->D:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->D:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->D:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->D:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->D:\WINDOWS\UNRecode.exe /UNINSTALL
50 FREE MP3s +1 Free Audiobook!-->"D:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Adobe Flash Player 10 Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->D:\WINDOWS\ISUN040C.EXE -f"D:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"D:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->D:\Program Files\WinRAR\uninstall.exe
Ares 2.0.9-->"D:\Program Files\Ares\uninstall.exe"
Ask Toolbar-->"D:\Program Files\AskBarDis\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{D6E592B3-67DA-4BBB-9783-E1838FB253A2}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Assistant Publication de sites Web Microsoft 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection D:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
BitComet 1.04-->D:\Program Files\BitComet\uninst.exe
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Complément Office 2007 - Microsoft Enregistrer en tant que PDF ou XPS (Beta)-->MsiExec.exe /X{30120000-00B2-040C-0000-0000000FF1CE}
Conexant HD Audio-->D:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IPBxVen5a.inf
Counter-Strike 1.6-->D:\Program Files\Counter-Strike 1.6\Uninstal.exe
Crayon Physics Deluxe - release 51-->"D:\Program Files\Crayon Physics Deluxe\unins000.exe"
Desktop Sidebar-->MsiExec.exe /I{A92D7264-1A13-45BE-B769-88445DD04FD6}
DivX Content Uploader-->D:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EasyPHP 1.8-->"D:\Program Files\EasyPHP1-8\unins000.exe"
eMule-->"D:\Program Files\eMule\Uninstall.exe"
FindyKill-->D:\FindyKill\Uninstal.exe
Foxit Reader-->D:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
Garena-->D:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
GlassFish V2 UR2-->"D:\Program Files\glassfish-v2ur2\uninstall.exe"
GlassFish v3 Prelude-->"D:\Program Files\glassfish-v3-prelude\uninstall.exe"
GOM Player-->"D:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Hotspot Shield 1.06-->D:\Program Files\Hotspot Shield\Uninstall.exe
Installation Windows Live-->D:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java Development Kit 1.2-->D:\WINDOWS\IsUninst.exe -fD:\jdk1.2.1\Uninst.isu
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
K-Lite Mega Codec Pack 4.4.5-->"D:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 4.18.8-->"D:\Program Files\LimeWire\uninstall.exe"
Ma-Config.com-->MsiExec.exe /X{1C02A760-1682-49AE-BB54-FA7D63BD3504}
Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
Macromedia Dreamweaver MX 2004-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x40c mmUninstall
Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Messenger Plus! Live-->"D:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5-->D:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{299CF645-48C7-4FA1-8BCD-5CE200CF180D}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Express Edition - FRA-->MsiExec.exe /X{15473D70-D791-3B5E-B174-2FD19EC0D017}
Microsoft Visual Studio 6.0 Édition Entreprise (Français)-->"D:\Program Files\Visual C++ GL\Setup\1036\Setup.exe"
Microsoft Visual C++ 2008 Express - Français-->D:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition - FRA\setup.exe
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{AB47EEE8-507B-331F-AA28-B7C7257F014C}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Module linguistique Microsoft .NET Framework 3.5 - fra-->d:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Mozilla Firefox (3.0.10)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14)-->D:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 7 Demo-->MsiExec.exe /I{C985153C-3801-EB63-1432-088E71801036}
Nero 8 Lite 8.3.2.1-->"D:\Program Files\Nero\unins000.exe"
Notepad++-->D:\Program Files\Notepad++\uninstall.exe
Oblivion-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Openwave V7 Simulator-->"D:\Program Files\Openwave\V7 Simulator\Uninst.exe"
Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}
Orbit Downloader-->"D:\Program Files\Orbitdownloader\unins000.exe"
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
RPGXP-->MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sybase PowerAMC 11.1 Evaluation-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FE492F35-7EE6-4DA5-BF68-56A9FC64A4E2}\setup.exe" -l0x40c
Sybase PowerAMC 12.1-->RunDll32 D:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9A36F368-6E30-4725-8C1D-B8A53D6F9805}\setup.exe" -l0x40c
Sybase PowerAMC 9.5 Evaluation-->D:\WINDOWS\IsUn040c.exe -f"D:\Program Files\Sybase\PowerAMC Evaluation 9\AMC90trl.isu"
TaskSwitchXP-->D:\Program Files\TaskSwitchXP\uninst.exe
TeraCopy 2.0 beta 4a-->"D:\Program Files\TeraCopy\unins000.exe"
USB Disk Security 5.1.0.15-->"D:\Program Files\USB Disk Security\unins000.exe"
VLC media player 0.9.4-->D:\Program Files\VLC\uninstall.exe
Winamp Remote-->"D:\Program Files\Winamp Remote\uninstall.exe"
Winamp Toolbar for Internet Explorer-->"D:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"D:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
XML Paper Specification Shared Components Language Pack 1.0-->"D:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Toolbar-->D:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
ZW-WD854-->D:\Program Files\InstallShield Installation Information\{313ECC79-E04F-4B48-865C-E4870CFD4865}\setup.exe -runfromtemp -l0x0009 -removeonly

======Hosts File======

127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]

======Security center information======

AV: Kaspersky Internet Security (disabled) (outdated)
FW: Kaspersky Internet Security (disabled)

======System event log======

Computer Name: 16F5C46E2850497
Event Code: 26
Message: Application popup : Windows - Pas de disque : Exception Processing Message c0000013 Parameters 75afbf7c 4 75afbf7c 75afbf7c

Record Number: 34026
Source Name: Application Popup
Time Written: 20090425002219.000000+120
Event Type: Informations
User:

Computer Name: 16F5C46E2850497
Event Code: 26
Message: Application popup : Windows - Pas de disque : Exception Processing Message c0000013 Parameters 75afbf7c 4 75afbf7c 75afbf7c

Record Number: 34025
Source Name: Application Popup
Time Written: 20090425002219.000000+120
Event Type: Informations
User:

Computer Name: 16F5C46E2850497
Event Code: 26
Message: Application popup : Windows - Pas de disque : Exception Processing Message c0000013 Parameters 75afbf7c 4 75afbf7c 75afbf7c

Record Number: 34024
Source Name: Application Popup
Time Written: 20090425002219.000000+120
Event Type: Informations
User:

Computer Name: 16F5C46E2850497
Event Code: 26
Message: Application popup : Windows - Pas de disque : Exception Processing Message c0000013 Parameters 75afbf7c 4 75afbf7c 75afbf7c

Record Number: 34023
Source Name: Application Popup
Time Written: 20090425002218.000000+120
Event Type: Informations
User:

Computer Name: 16F5C46E2850497
Event Code: 26
Message: Application popup : Windows - Pas de disque : Exception Processing Message c0000013 Parameters 75afbf7c 4 75afbf7c 75afbf7c

Record Number: 34022
Source Name: Application Popup
Time Written: 20090425002218.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: 16F5C46E2850497
Event Code: 2
Message: Récupération de la mise à jour automatique du fichier CAB de la liste racine tierce partie réussie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

Record Number: 865
Source Name: crypt32
Time Written: 20081130022547.000000+060
Event Type: Informations
User:

Computer Name: 16F5C46E2850497
Event Code: 7
Message: Récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie réussie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

Record Number: 864
Source Name: crypt32
Time Written: 20081130022544.000000+060
Event Type: Informations
User:

Computer Name: 16F5C46E2850497
Event Code: 101
Message: msnmsgr (3876) Le moteur de base de données est arrêté.

Record Number: 863
Source Name: ESENT
Time Written: 20081130021822.000000+060
Event Type: Informations
User:

Computer Name: 16F5C46E2850497
Event Code: 103
Message: msnmsgr (3876) \\.\D:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\hamido007890@hotmail.com\SharingMetadata\Working\database_2C18_E953_18E9_1C98\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 862
Source Name: ESENT
Time Written: 20081130021822.000000+060
Event Type: Informations
User:

Computer Name: 16F5C46E2850497
Event Code: 302
Message: msnmsgr (3876) \\.\D:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\hamido007890@hotmail.com\SharingMetadata\Working\database_2C18_E953_18E9_1C98\dfsr.db: Le moteur de base de données a exécuté la procédure de récupération avec succès.

Record Number: 861
Source Name: ESENT
Time Written: 20081130013944.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VS90COMNTOOLS"=D:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
"CLASSPATH"=.;D:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Site pour regarder animé sans virus
ShaylahScarlet -
bendrop -

1 réponse
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses