Virus + Rapports
Fermé
NoNaMe_
Messages postés
13
Date d'inscription
dimanche 31 mai 2009
Statut
Membre
Dernière intervention
8 juin 2009
-
31 mai 2009 à 16:00
NoNaMe_ Messages postés 13 Date d'inscription dimanche 31 mai 2009 Statut Membre Dernière intervention 8 juin 2009 - 8 juin 2009 à 16:32
NoNaMe_ Messages postés 13 Date d'inscription dimanche 31 mai 2009 Statut Membre Dernière intervention 8 juin 2009 - 8 juin 2009 à 16:32
A voir également:
- Virus + Rapports
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Faux message virus ordinateur - Accueil - Arnaque
- Softonic virus ✓ - Forum Virus
- Faux message virus iphone - Forum iPhone
19 réponses
loloetseb
Messages postés
5508
Date d'inscription
dimanche 14 décembre 2008
Statut
Membre
Dernière intervention
22 avril 2012
174
31 mai 2009 à 16:02
31 mai 2009 à 16:02
Deja fais ceci
Télécharge HostXpert sur ton Bureau :
---> Décompresse-le (Clic droit >> Extraire ici)
---> Double-clique sur HostsXpert pour le lancer
---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme
PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.
s'il est fermé , clique dessus :)
Télécharge HostXpert sur ton Bureau :
---> Décompresse-le (Clic droit >> Extraire ici)
---> Double-clique sur HostsXpert pour le lancer
---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme
PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.
s'il est fermé , clique dessus :)
loloetseb
Messages postés
5508
Date d'inscription
dimanche 14 décembre 2008
Statut
Membre
Dernière intervention
22 avril 2012
174
31 mai 2009 à 16:03
31 mai 2009 à 16:03
Ensuite afin de descendre en profondeur de tes infections
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
! Déconnecte toi et ferme toutes tes applications en cours !
Double-clique sur " RSIT.exe " pour le lancer .
-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
* Devant l'option "List files/folders created ..." , tu choisis : 2 months
* clique ensuite sur " Continue " pour lancer l'analyse ...
-> laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
NoNaMe_
Messages postés
13
Date d'inscription
dimanche 31 mai 2009
Statut
Membre
Dernière intervention
8 juin 2009
31 mai 2009 à 16:14
31 mai 2009 à 16:14
---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme
ok fait
voici le rapport Log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Seb at 2009-05-31 16:10:31
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (8%) free of 25 GB
Total RAM: 1535 MB (60% free)
HijackThis download failed
======Scheduled tasks folder======
C:\windows\tasks\Ad-Aware Update (Weekly).job
C:\windows\tasks\AFBFE710918498B4.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38D3FE60-3D53-4F37-BB0E-C7A97A26A156}]
CInterceptor Object - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll [2009-02-19 475136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FABAEFE-3C05-6581-F97A-05946655DA37}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-06-14 509592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eac16819-0a02-42b9-8427-a561618467d5}]
C:\windows\system32\muhodogu.dll [2009-02-27 48640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-01-10 4628480]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-01-18 506712]
"yiteyemidi"=C:\windows\system32\pugohawu.dll [2009-02-27 48640]
"odby"=C:\windows\odb.exe [2009-05-31 233472]
"netc"=C:\windows\svc.exe [2009-05-31 233472]
"17503904"=C:\Documents and Settings\All Users\Application Data\17503904\17503904.exe [2009-05-31 368684]
"97513896"=C:\Documents and Settings\All Users\Application Data\97513896\97513896.exe [2009-05-31 47148]
"lsass"=C:\windows\lsass.exe [2009-05-31 280576]
"UpdateWin"=C:\windows\system32\8E7057D447z.exe [2009-05-31 41984]
"amoumain"=C:\windows\amoumain.exe [2009-05-31 281600]
"servicelayer"=C:\windows\servicelayer.exe [2009-05-31 281600]
"ctfmon"=C:\windows\ctfmon.exe [2009-05-31 280576]
"vlc"=C:\windows\vlc.exe [2009-05-31 233472]
"wdmon"=C:\windows\wdmon.exe [2009-05-31 233472]
"netx"=C:\windows\svx.exe [2009-05-31 233472]
"netw"=C:\windows\svw.exe [2009-05-31 233472]
"CPM7b5acc02"=c:\windows\system32\kezuroha.dll [2009-05-31 80896]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cdoosoft"=C:\windows\system32\olhrwef.exe []
"Pando"=C:\Program Files\Pando Networks\Pando\pando.exe [2009-02-19 3913032]
""= []
"yiteyemidi"=C:\windows\system32\pugohawu.dll [2009-02-27 48640]
"UpdateWin"=C:\windows\system32\8E7057D447z.exe [2009-05-31 41984]
"userinit"=C:\windows\system32\ntos.exe [2004-08-20 273408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ball Kind Htm Eq]
C:\Documents and Settings\All Users\Application Data\book boob ball kind\Dupehide.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
C:\PROGRA~1\MESSAG~1\StartMessager.exe [2003-04-11 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2004-12-16 266240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2005-01-10 4628480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\System32\NvMcTray.dll [2005-01-10 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe [2009-02-19 3913032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\program date]
C:\DOCUME~1\Seb\APPLIC~1\AXISST~1\slow book.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-09-15 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\windows\SOUNDMAN.EXE [2004-11-15 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-06-14 132760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [2003-04-29 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY]
C:\Program Files\WINSOS\WINSOS.EXE MINI []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [1999-02-18 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk]
C:\PROGRA~1\SAGEMW~1.11G\WLANUTL.exe [2004-09-15 679936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\windows\system32\getaviwi.dll c:\windows\system32\kezuroha.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2003-04-26 45056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2006-06-27 3584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
syshelps - {BA416781-7515-4D26-8032-E8D61BE89B19} - syshelps.dll []
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kezuroha.dll [2009-05-31 80896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kezuroha.dll [2009-05-31 80896]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\windows\system32\getaviwi.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=FFFFFFFF
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Zion++\Zion++.exe"="C:\Program Files\Zion++\Zion++.exe:*:Enabled:Zion++"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\THQ\Dawn of War DEMO\W40k.exe"="C:\Program Files\THQ\Dawn of War DEMO\W40k.exe:*:Enabled:W40K"
"C:\Program Files\THQ\Dawn of War\W40k.exe"="C:\Program Files\THQ\Dawn of War\W40k.exe:*:Enabled:W40K"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\jEUX\Earth 2160\Earth2160_NO_SSE.exe"="E:\jEUX\Earth 2160\Earth2160_NO_SSE.exe:*:Enabled:Earth 2160"
"E:\jEUX\Earth 2160\Earth2160_SSE.exe"="E:\jEUX\Earth 2160\Earth2160_SSE.exe:*:Enabled:Earth 2160"
"C:\Program Files\Kylotonn Entertainment\Bet on Soldier\BoS.exe"="C:\Program Files\Kylotonn Entertainment\Bet on Soldier\BoS.exe:*:Enabled:BoS"
"E:\jEUX\CounTer\SteamApps\drumcore\counter-strike\hl.exe"="E:\jEUX\CounTer\SteamApps\drumcore\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"E:\jEUX\CounTer\SteamApps\drumcore\condition zero deleted scenes\hl.exe"="E:\jEUX\CounTer\SteamApps\drumcore\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"E:\jEUX\Age3\age3.exe"="E:\jEUX\Age3\age3.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Empire Interactive\Strangelite\Starship Troopers\STGame.exe"="C:\Program Files\Empire Interactive\Strangelite\Starship Troopers\STGame.exe:*:Enabled:Starship Troopers"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\JVTorrent\btdownloadgui.exe"="C:\Program Files\JVTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Dark Omen\PRG_FRA\EngRel.exe"="C:\Program Files\Dark Omen\PRG_FRA\EngRel.exe:*:Enabled:Dark Omen"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\Program Files\WINSOS\winsos.exe"="C:\Program Files\WINSOS\winsos.exe:*:Enabled:Winsos"
"C:\Program Files\WINSOS\anti-spy.exe"="C:\Program Files\WINSOS\anti-spy.exe:*:Enabled:anti-spy Winsos"
"C:\Program Files\WINSOS\help.exe"="C:\Program Files\WINSOS\help.exe:*:Enabled:Winsos Help"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Firefly Studios\Stronghold 2 Demo\Stronghold2Demo.exe"="C:\Program Files\Firefly Studios\Stronghold 2 Demo\Stronghold2Demo.exe:*:Disabled:Stronghold 2"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Galactic Dream - Rage of War - Demo\RoW.exe"="C:\Program Files\Galactic Dream - Rage of War - Demo\RoW.exe:*:Enabled:RoW"
"C:\Documents and Settings\Seb\Bureau\StarCraft2CinematicTrailer_EnglishUS-avi-downloader.exe"="C:\Documents and Settings\Seb\Bureau\StarCraft2CinematicTrailer_EnglishUS-avi-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.10.0-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.10.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\ACSPMonitor\ASMonitor.exe"="C:\Program Files\ACSPMonitor\ASMonitor.exe:*:Enabled:System"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat"="C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\L4D2\left4dead.exe"="C:\L4D2\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe:*:Enabled:nSvcAppFlt"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\DOCUME~1\Seb\LOCALS~1\Temp\4_pinnew.exe"="C:\DOCUME~1\Seb\LOCALS~1\Temp\4_pinnew.exe:*:Enabled:Enabled"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cd09df2-937b-11dc-8a38-0011d8ded54d}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1405a4b8-1ddd-11dd-8b34-0011d8ded54d}]
shell\AutoRun\command - H:\ReadMe.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23472580-a75b-11dc-8a5e-0011d8ded54d}]
shell\AutoRun\command - H:\2aaxaiy.exe
shell\open\command - H:\2aaxaiy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f7007c6-7c0d-11dc-8a11-0003c9801419}]
shell\AutoRun\command - H:\AutoTransfer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e78d743-b12c-11db-a31a-0011d8ded54d}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c4ca7c0-b1ab-11dd-9756-0003c9801419}]
shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6410a2a-1e87-11dc-897e-0003c9801419}]
shell\AutoRun\command - uxkl0apt.bat
shell\open\command - uxkl0apt.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be25159c-0264-11da-a01a-0011d8ded54d}]
shell\AutoRun\command - uxkl0apt.bat
shell\open\command - uxkl0apt.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f00e72ce-efd7-11dd-97a3-0003c9801419}]
shell\AutoRun\command - H:\hl80c6b1.com
shell\open\command - H:\hl80c6b1.com
======List of files/folders created in the last 2 months======
2009-05-31 16:10:37 ----D---- C:\Program Files\trend micro
2009-05-31 16:10:31 ----D---- C:\rsit
2009-05-31 14:53:18 ----A---- C:\windows\ntbtlog.txt
2009-05-31 13:54:57 ----A---- C:\windows\system32\tmp.txt
2009-05-31 13:54:46 ----A---- C:\rapport.txt
2009-05-31 13:29:34 ----D---- C:\Program Files\Sunbelt Software
2009-05-31 05:29:20 ----A---- C:\windows\svw.exe
2009-05-31 05:29:18 ----A---- C:\windows\svx.exe
2009-05-31 05:29:17 ----A---- C:\windows\wdmon.exe
2009-05-31 05:29:15 ----A---- C:\windows\vlc.exe
2009-05-31 05:28:57 ----A---- C:\windows\ctfmon.exe
2009-05-31 05:28:52 ----A---- C:\windows\servicelayer.exe
2009-05-31 05:28:48 ----A---- C:\windows\amoumain.exe
2009-05-31 05:27:41 ----A---- C:\Documents and Settings\All Users\Application Data\97513896.ini
2009-05-31 05:27:37 ----A---- C:\windows\lsass.exe
2009-05-31 05:27:35 ----A---- C:\windows\svc.exe
2009-05-31 05:27:34 ----SHD---- C:\windows\system32\wsnpoem
2009-05-31 05:27:34 ----D---- C:\Documents and Settings\All Users\Application Data\97513896
2009-05-31 05:27:34 ----D---- C:\Documents and Settings\All Users\Application Data\17503904
2009-05-31 05:27:34 ----A---- C:\windows\odb.exe
2009-05-31 05:27:33 ----RSH---- C:\windows\system32\8E7057D447z.exe
2009-05-30 01:25:29 ----SH---- C:\windows\system32\ivakibif.ini
2009-05-29 13:25:28 ----SH---- C:\windows\system32\akedikut.ini
2009-05-28 23:28:30 ----SH---- C:\windows\system32\ohuhitim.ini
2009-05-28 11:28:00 ----SH---- C:\windows\system32\uzohavat.ini
2009-05-27 19:31:06 ----SH---- C:\windows\system32\uyejehag.ini
2009-05-26 19:25:18 ----SH---- C:\windows\system32\olodekar.ini
2009-05-24 13:15:38 ----SH---- C:\windows\system32\igidobum.ini
2009-05-23 15:55:25 ----SH---- C:\windows\system32\ewagurom.ini
2009-05-23 03:54:44 ----ASH---- C:\windows\system32\isebihos.ini
2009-05-22 11:28:20 ----SH---- C:\windows\system32\asiteres.ini
2009-05-21 23:28:26 ----SH---- C:\windows\system32\aleboyid.ini
2009-05-21 11:28:53 ----SH---- C:\windows\system32\ebalupez.ini
2009-05-19 18:36:40 ----SH---- C:\windows\system32\ikayibon.ini
2009-05-18 18:25:55 ----A---- C:\windows\system32\lsdelete.exe
2009-05-18 18:19:11 ----SH---- C:\windows\system32\eralokuk.ini
2009-05-18 17:35:49 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-18 00:04:23 ----SH---- C:\windows\system32\ofeyahij.ini
2009-05-17 00:04:13 ----SH---- C:\windows\system32\urelizud.ini
2009-05-15 19:15:37 ----SH---- C:\windows\system32\itiwedil.ini
2009-05-14 13:38:51 ----SH---- C:\windows\system32\eyapagev.ini
2009-05-13 17:20:45 ----SH---- C:\windows\system32\upelifen.ini
2009-05-13 16:43:48 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-05-12 18:52:42 ----SH---- C:\windows\system32\isehofed.ini
2009-05-11 20:12:23 ----SH---- C:\windows\system32\utofopor.ini
2009-05-10 23:07:25 ----SH---- C:\windows\system32\otoliyef.ini
2009-05-10 08:02:45 ----SH---- C:\windows\system32\anevenoy.ini
2009-05-09 08:02:00 ----ASH---- C:\windows\system32\iyemahes.ini
2009-05-08 20:01:54 ----SH---- C:\windows\system32\utuvayen.ini
2009-05-08 08:01:29 ----SH---- C:\windows\system32\ebitokud.ini
2009-05-07 14:35:27 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-05-07 14:23:35 ----SH---- C:\windows\system32\owemavod.ini
2009-05-06 12:56:43 ----SH---- C:\windows\system32\oketifif.ini
2009-05-04 22:10:58 ----SH---- C:\windows\system32\onolavoy.ini
======List of files/folders modified in the last 2 months======
2009-05-31 16:10:37 ----RD---- C:\Program Files
2009-05-31 16:04:46 ----D---- C:\Program Files\Mozilla Firefox
2009-05-31 15:43:35 ----D---- C:\windows\system32
2009-05-31 15:25:49 ----D---- C:\windows\Temp
2009-05-31 15:21:36 ----A---- C:\windows\SchedLgU.Txt
2009-05-31 15:19:44 ----D---- C:\windows\system32\CatRoot2
2009-05-31 15:15:13 ----D---- C:\windows\system32\Restore
2009-05-31 15:03:18 ----D---- C:\WINDOWS
2009-05-31 13:30:02 ----SHD---- C:\windows\Installer
2009-05-31 13:30:02 ----SHD---- C:\Config.Msi
2009-05-31 13:29:47 ----HD---- C:\windows\inf
2009-05-31 13:29:39 ----D---- C:\windows\system32\drivers
2009-05-31 05:54:45 ----ASH---- C:\windows\system32\kezuroha.dll
2009-05-31 05:54:45 ----ASH---- C:\windows\system32\gukowema.dll
2009-05-30 17:54:23 ----ASH---- C:\windows\system32\yagejani.dll
2009-05-30 17:54:23 ----ASH---- C:\windows\system32\kadidika.dll
2009-05-30 01:25:45 ----D---- C:\windows\Prefetch
2009-05-30 01:25:29 ----ASH---- C:\windows\system32\pasagami.dll
2009-05-30 01:25:29 ----ASH---- C:\windows\system32\fibikavi.dll
2009-05-29 13:25:25 ----ASH---- C:\windows\system32\jefiyuna.dll
2009-05-29 12:24:49 ----D---- C:\windows\Minidump
2009-05-28 23:28:30 ----ASH---- C:\windows\system32\veyetidi.dll
2009-05-28 11:28:00 ----ASH---- C:\windows\system32\dimoburi.dll
2009-05-27 19:31:27 ----ASH---- C:\windows\system32\muzupera.dll
2009-05-27 19:30:57 ----ASH---- C:\windows\system32\yivozizi.dll
2009-05-26 20:25:18 ----D---- C:\Documents and Settings\Seb\Application Data\OpenOffice.org2
2009-05-20 18:47:18 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-05-18 17:37:00 ----SD---- C:\windows\Tasks
2009-05-18 17:36:48 ----DC---- C:\windows\system32\DRVSTORE
2009-05-18 17:35:45 ----D---- C:\Program Files\Lavasoft
2009-05-16 12:08:54 ----D---- C:\Documents and Settings\Seb\Application Data\dvdcss
2009-05-16 00:16:53 ----AC---- C:\windows\winamp.ini
2009-05-13 16:46:06 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-05-13 16:44:23 ----D---- C:\Program Files\WinZip
2009-05-07 14:35:24 ----D---- C:\windows\WinSxS
2009-05-07 14:26:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-07 14:26:00 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-14 01:40:31 ----D---- C:\windows\security
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\windows\System32\DRIVERS\NVTcp.sys [2004-12-16 97792]
R1 PQNTDrv;PQNTDrv; C:\windows\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SbFw;SbFw; C:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\windows\system32\DRIVERS\mdc8021x.sys [2004-09-02 15781]
R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS []
R2 nvcap;nVidia WDM Video Capture (universal); C:\windows\system32\DRIVERS\nvcap.sys [2004-10-29 140972]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\windows\system32\DRIVERS\NVxbar.sys [2004-10-29 15790]
R2 STEC3;STEC3; \??\C:\WINDOWS\system32\STEC3.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 HidUsb;Pilote de classe HID Microsoft; C:\windows\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Pilote HID de souris; C:\windows\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\windows\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\windows\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NAVAP;NAVAP; \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090530.003\NAVENG.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090530.003\NAVEX15.sys []
R3 nv;nv; C:\windows\System32\DRIVERS\nv4_mini.sys [2005-01-10 3224480]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\windows\System32\DRIVERS\NVENETFD.sys [2004-11-24 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\windows\System32\DRIVERS\nvnetbus.sys [2004-12-16 12928]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\windows\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Concentrateur USB2; C:\windows\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\windows\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 akiw9eg7;akiw9eg7; C:\windows\system32\drivers\akiw9eg7.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\windows\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\windows\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\windows\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\windows\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable; C:\windows\System32\Drivers\SilvrLnk.sys [2004-01-28 21456]
S3 SLIP;Détrameur décalage BDA; C:\windows\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\windows\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Pilote de scanneur USB; C:\windows\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\windows\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\windows\system32\DRIVERS\WlanUIG.sys [2004-09-02 379456]
S3 WpdUsb;WpdUsb; C:\windows\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Codec Teletext standard; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\windows\System32\drivers\ws2ifsl.sys [2001-08-28 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 DefWatch;DefWatch; C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe [2003-04-29 32768]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-12-16 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543]
R2 Norton AntiVirus Server;Symantec AntiVirus Client; C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe [2003-04-29 622592]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2004-12-16 57409]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\System32\nvsvc32.exe [2005-01-10 127043]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-02 66872]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2004-12-16 131133]
S2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2004-08-20 14336]
-----------------EOF-----------------
ok fait
voici le rapport Log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Seb at 2009-05-31 16:10:31
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (8%) free of 25 GB
Total RAM: 1535 MB (60% free)
HijackThis download failed
======Scheduled tasks folder======
C:\windows\tasks\Ad-Aware Update (Weekly).job
C:\windows\tasks\AFBFE710918498B4.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38D3FE60-3D53-4F37-BB0E-C7A97A26A156}]
CInterceptor Object - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll [2009-02-19 475136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FABAEFE-3C05-6581-F97A-05946655DA37}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-06-14 509592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eac16819-0a02-42b9-8427-a561618467d5}]
C:\windows\system32\muhodogu.dll [2009-02-27 48640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-01-10 4628480]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-01-18 506712]
"yiteyemidi"=C:\windows\system32\pugohawu.dll [2009-02-27 48640]
"odby"=C:\windows\odb.exe [2009-05-31 233472]
"netc"=C:\windows\svc.exe [2009-05-31 233472]
"17503904"=C:\Documents and Settings\All Users\Application Data\17503904\17503904.exe [2009-05-31 368684]
"97513896"=C:\Documents and Settings\All Users\Application Data\97513896\97513896.exe [2009-05-31 47148]
"lsass"=C:\windows\lsass.exe [2009-05-31 280576]
"UpdateWin"=C:\windows\system32\8E7057D447z.exe [2009-05-31 41984]
"amoumain"=C:\windows\amoumain.exe [2009-05-31 281600]
"servicelayer"=C:\windows\servicelayer.exe [2009-05-31 281600]
"ctfmon"=C:\windows\ctfmon.exe [2009-05-31 280576]
"vlc"=C:\windows\vlc.exe [2009-05-31 233472]
"wdmon"=C:\windows\wdmon.exe [2009-05-31 233472]
"netx"=C:\windows\svx.exe [2009-05-31 233472]
"netw"=C:\windows\svw.exe [2009-05-31 233472]
"CPM7b5acc02"=c:\windows\system32\kezuroha.dll [2009-05-31 80896]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cdoosoft"=C:\windows\system32\olhrwef.exe []
"Pando"=C:\Program Files\Pando Networks\Pando\pando.exe [2009-02-19 3913032]
""= []
"yiteyemidi"=C:\windows\system32\pugohawu.dll [2009-02-27 48640]
"UpdateWin"=C:\windows\system32\8E7057D447z.exe [2009-05-31 41984]
"userinit"=C:\windows\system32\ntos.exe [2004-08-20 273408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ball Kind Htm Eq]
C:\Documents and Settings\All Users\Application Data\book boob ball kind\Dupehide.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessagerStarter Wanadoo]
C:\PROGRA~1\MESSAG~1\StartMessager.exe [2003-04-11 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe [2004-12-16 266240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2005-01-10 4628480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\System32\NvMcTray.dll [2005-01-10 86016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe [2009-02-19 3913032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\program date]
C:\DOCUME~1\Seb\APPLIC~1\AXISST~1\slow book.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-09-15 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\windows\SOUNDMAN.EXE [2004-11-15 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-06-14 132760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [2003-04-29 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY]
C:\Program Files\WINSOS\WINSOS.EXE MINI []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [1999-02-18 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk]
C:\PROGRA~1\SAGEMW~1.11G\WLANUTL.exe [2004-09-15 679936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\windows\system32\getaviwi.dll c:\windows\system32\kezuroha.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2003-04-26 45056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2006-06-27 3584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
syshelps - {BA416781-7515-4D26-8032-E8D61BE89B19} - syshelps.dll []
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kezuroha.dll [2009-05-31 80896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kezuroha.dll [2009-05-31 80896]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\windows\system32\getaviwi.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=FFFFFFFF
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Zion++\Zion++.exe"="C:\Program Files\Zion++\Zion++.exe:*:Enabled:Zion++"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\THQ\Dawn of War DEMO\W40k.exe"="C:\Program Files\THQ\Dawn of War DEMO\W40k.exe:*:Enabled:W40K"
"C:\Program Files\THQ\Dawn of War\W40k.exe"="C:\Program Files\THQ\Dawn of War\W40k.exe:*:Enabled:W40K"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\jEUX\Earth 2160\Earth2160_NO_SSE.exe"="E:\jEUX\Earth 2160\Earth2160_NO_SSE.exe:*:Enabled:Earth 2160"
"E:\jEUX\Earth 2160\Earth2160_SSE.exe"="E:\jEUX\Earth 2160\Earth2160_SSE.exe:*:Enabled:Earth 2160"
"C:\Program Files\Kylotonn Entertainment\Bet on Soldier\BoS.exe"="C:\Program Files\Kylotonn Entertainment\Bet on Soldier\BoS.exe:*:Enabled:BoS"
"E:\jEUX\CounTer\SteamApps\drumcore\counter-strike\hl.exe"="E:\jEUX\CounTer\SteamApps\drumcore\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"E:\jEUX\CounTer\SteamApps\drumcore\condition zero deleted scenes\hl.exe"="E:\jEUX\CounTer\SteamApps\drumcore\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"E:\jEUX\Age3\age3.exe"="E:\jEUX\Age3\age3.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Empire Interactive\Strangelite\Starship Troopers\STGame.exe"="C:\Program Files\Empire Interactive\Strangelite\Starship Troopers\STGame.exe:*:Enabled:Starship Troopers"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\JVTorrent\btdownloadgui.exe"="C:\Program Files\JVTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Dark Omen\PRG_FRA\EngRel.exe"="C:\Program Files\Dark Omen\PRG_FRA\EngRel.exe:*:Enabled:Dark Omen"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\Program Files\WINSOS\winsos.exe"="C:\Program Files\WINSOS\winsos.exe:*:Enabled:Winsos"
"C:\Program Files\WINSOS\anti-spy.exe"="C:\Program Files\WINSOS\anti-spy.exe:*:Enabled:anti-spy Winsos"
"C:\Program Files\WINSOS\help.exe"="C:\Program Files\WINSOS\help.exe:*:Enabled:Winsos Help"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Firefly Studios\Stronghold 2 Demo\Stronghold2Demo.exe"="C:\Program Files\Firefly Studios\Stronghold 2 Demo\Stronghold2Demo.exe:*:Disabled:Stronghold 2"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Galactic Dream - Rage of War - Demo\RoW.exe"="C:\Program Files\Galactic Dream - Rage of War - Demo\RoW.exe:*:Enabled:RoW"
"C:\Documents and Settings\Seb\Bureau\StarCraft2CinematicTrailer_EnglishUS-avi-downloader.exe"="C:\Documents and Settings\Seb\Bureau\StarCraft2CinematicTrailer_EnglishUS-avi-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.10.0-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.10.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.10.2.5302-to-1.11.0.5428-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.11.1.5462-to-1.11.2.5464-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.11.2.5464-to-1.12.0.5595-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.5.1.4449-to-1.6.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.6.0.4500-to-1.6.1-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\ACSPMonitor\ASMonitor.exe"="C:\Program Files\ACSPMonitor\ASMonitor.exe:*:Enabled:System"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat"="C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"="C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:*:Enabled:Battlefield 2"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\L4D2\left4dead.exe"="C:\L4D2\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe:*:Enabled:nSvcAppFlt"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\DOCUME~1\Seb\LOCALS~1\Temp\4_pinnew.exe"="C:\DOCUME~1\Seb\LOCALS~1\Temp\4_pinnew.exe:*:Enabled:Enabled"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0cd09df2-937b-11dc-8a38-0011d8ded54d}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1405a4b8-1ddd-11dd-8b34-0011d8ded54d}]
shell\AutoRun\command - H:\ReadMe.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23472580-a75b-11dc-8a5e-0011d8ded54d}]
shell\AutoRun\command - H:\2aaxaiy.exe
shell\open\command - H:\2aaxaiy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f7007c6-7c0d-11dc-8a11-0003c9801419}]
shell\AutoRun\command - H:\AutoTransfer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e78d743-b12c-11db-a31a-0011d8ded54d}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c4ca7c0-b1ab-11dd-9756-0003c9801419}]
shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6410a2a-1e87-11dc-897e-0003c9801419}]
shell\AutoRun\command - uxkl0apt.bat
shell\open\command - uxkl0apt.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be25159c-0264-11da-a01a-0011d8ded54d}]
shell\AutoRun\command - uxkl0apt.bat
shell\open\command - uxkl0apt.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f00e72ce-efd7-11dd-97a3-0003c9801419}]
shell\AutoRun\command - H:\hl80c6b1.com
shell\open\command - H:\hl80c6b1.com
======List of files/folders created in the last 2 months======
2009-05-31 16:10:37 ----D---- C:\Program Files\trend micro
2009-05-31 16:10:31 ----D---- C:\rsit
2009-05-31 14:53:18 ----A---- C:\windows\ntbtlog.txt
2009-05-31 13:54:57 ----A---- C:\windows\system32\tmp.txt
2009-05-31 13:54:46 ----A---- C:\rapport.txt
2009-05-31 13:29:34 ----D---- C:\Program Files\Sunbelt Software
2009-05-31 05:29:20 ----A---- C:\windows\svw.exe
2009-05-31 05:29:18 ----A---- C:\windows\svx.exe
2009-05-31 05:29:17 ----A---- C:\windows\wdmon.exe
2009-05-31 05:29:15 ----A---- C:\windows\vlc.exe
2009-05-31 05:28:57 ----A---- C:\windows\ctfmon.exe
2009-05-31 05:28:52 ----A---- C:\windows\servicelayer.exe
2009-05-31 05:28:48 ----A---- C:\windows\amoumain.exe
2009-05-31 05:27:41 ----A---- C:\Documents and Settings\All Users\Application Data\97513896.ini
2009-05-31 05:27:37 ----A---- C:\windows\lsass.exe
2009-05-31 05:27:35 ----A---- C:\windows\svc.exe
2009-05-31 05:27:34 ----SHD---- C:\windows\system32\wsnpoem
2009-05-31 05:27:34 ----D---- C:\Documents and Settings\All Users\Application Data\97513896
2009-05-31 05:27:34 ----D---- C:\Documents and Settings\All Users\Application Data\17503904
2009-05-31 05:27:34 ----A---- C:\windows\odb.exe
2009-05-31 05:27:33 ----RSH---- C:\windows\system32\8E7057D447z.exe
2009-05-30 01:25:29 ----SH---- C:\windows\system32\ivakibif.ini
2009-05-29 13:25:28 ----SH---- C:\windows\system32\akedikut.ini
2009-05-28 23:28:30 ----SH---- C:\windows\system32\ohuhitim.ini
2009-05-28 11:28:00 ----SH---- C:\windows\system32\uzohavat.ini
2009-05-27 19:31:06 ----SH---- C:\windows\system32\uyejehag.ini
2009-05-26 19:25:18 ----SH---- C:\windows\system32\olodekar.ini
2009-05-24 13:15:38 ----SH---- C:\windows\system32\igidobum.ini
2009-05-23 15:55:25 ----SH---- C:\windows\system32\ewagurom.ini
2009-05-23 03:54:44 ----ASH---- C:\windows\system32\isebihos.ini
2009-05-22 11:28:20 ----SH---- C:\windows\system32\asiteres.ini
2009-05-21 23:28:26 ----SH---- C:\windows\system32\aleboyid.ini
2009-05-21 11:28:53 ----SH---- C:\windows\system32\ebalupez.ini
2009-05-19 18:36:40 ----SH---- C:\windows\system32\ikayibon.ini
2009-05-18 18:25:55 ----A---- C:\windows\system32\lsdelete.exe
2009-05-18 18:19:11 ----SH---- C:\windows\system32\eralokuk.ini
2009-05-18 17:35:49 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-18 00:04:23 ----SH---- C:\windows\system32\ofeyahij.ini
2009-05-17 00:04:13 ----SH---- C:\windows\system32\urelizud.ini
2009-05-15 19:15:37 ----SH---- C:\windows\system32\itiwedil.ini
2009-05-14 13:38:51 ----SH---- C:\windows\system32\eyapagev.ini
2009-05-13 17:20:45 ----SH---- C:\windows\system32\upelifen.ini
2009-05-13 16:43:48 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-05-12 18:52:42 ----SH---- C:\windows\system32\isehofed.ini
2009-05-11 20:12:23 ----SH---- C:\windows\system32\utofopor.ini
2009-05-10 23:07:25 ----SH---- C:\windows\system32\otoliyef.ini
2009-05-10 08:02:45 ----SH---- C:\windows\system32\anevenoy.ini
2009-05-09 08:02:00 ----ASH---- C:\windows\system32\iyemahes.ini
2009-05-08 20:01:54 ----SH---- C:\windows\system32\utuvayen.ini
2009-05-08 08:01:29 ----SH---- C:\windows\system32\ebitokud.ini
2009-05-07 14:35:27 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-05-07 14:23:35 ----SH---- C:\windows\system32\owemavod.ini
2009-05-06 12:56:43 ----SH---- C:\windows\system32\oketifif.ini
2009-05-04 22:10:58 ----SH---- C:\windows\system32\onolavoy.ini
======List of files/folders modified in the last 2 months======
2009-05-31 16:10:37 ----RD---- C:\Program Files
2009-05-31 16:04:46 ----D---- C:\Program Files\Mozilla Firefox
2009-05-31 15:43:35 ----D---- C:\windows\system32
2009-05-31 15:25:49 ----D---- C:\windows\Temp
2009-05-31 15:21:36 ----A---- C:\windows\SchedLgU.Txt
2009-05-31 15:19:44 ----D---- C:\windows\system32\CatRoot2
2009-05-31 15:15:13 ----D---- C:\windows\system32\Restore
2009-05-31 15:03:18 ----D---- C:\WINDOWS
2009-05-31 13:30:02 ----SHD---- C:\windows\Installer
2009-05-31 13:30:02 ----SHD---- C:\Config.Msi
2009-05-31 13:29:47 ----HD---- C:\windows\inf
2009-05-31 13:29:39 ----D---- C:\windows\system32\drivers
2009-05-31 05:54:45 ----ASH---- C:\windows\system32\kezuroha.dll
2009-05-31 05:54:45 ----ASH---- C:\windows\system32\gukowema.dll
2009-05-30 17:54:23 ----ASH---- C:\windows\system32\yagejani.dll
2009-05-30 17:54:23 ----ASH---- C:\windows\system32\kadidika.dll
2009-05-30 01:25:45 ----D---- C:\windows\Prefetch
2009-05-30 01:25:29 ----ASH---- C:\windows\system32\pasagami.dll
2009-05-30 01:25:29 ----ASH---- C:\windows\system32\fibikavi.dll
2009-05-29 13:25:25 ----ASH---- C:\windows\system32\jefiyuna.dll
2009-05-29 12:24:49 ----D---- C:\windows\Minidump
2009-05-28 23:28:30 ----ASH---- C:\windows\system32\veyetidi.dll
2009-05-28 11:28:00 ----ASH---- C:\windows\system32\dimoburi.dll
2009-05-27 19:31:27 ----ASH---- C:\windows\system32\muzupera.dll
2009-05-27 19:30:57 ----ASH---- C:\windows\system32\yivozizi.dll
2009-05-26 20:25:18 ----D---- C:\Documents and Settings\Seb\Application Data\OpenOffice.org2
2009-05-20 18:47:18 ----A---- C:\windows\system32\PerfStringBackup.INI
2009-05-18 17:37:00 ----SD---- C:\windows\Tasks
2009-05-18 17:36:48 ----DC---- C:\windows\system32\DRVSTORE
2009-05-18 17:35:45 ----D---- C:\Program Files\Lavasoft
2009-05-16 12:08:54 ----D---- C:\Documents and Settings\Seb\Application Data\dvdcss
2009-05-16 00:16:53 ----AC---- C:\windows\winamp.ini
2009-05-13 16:46:06 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-05-13 16:44:23 ----D---- C:\Program Files\WinZip
2009-05-07 14:35:24 ----D---- C:\windows\WinSxS
2009-05-07 14:26:01 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-07 14:26:00 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-14 01:40:31 ----D---- C:\windows\security
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\windows\System32\DRIVERS\NVTcp.sys [2004-12-16 97792]
R1 PQNTDrv;PQNTDrv; C:\windows\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SbFw;SbFw; C:\windows\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\windows\system32\drivers\sbhips.sys [2008-06-21 66600]
R2 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\windows\system32\DRIVERS\mdc8021x.sys [2004-09-02 15781]
R2 NAVAPEL;NAVAPEL; \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS []
R2 nvcap;nVidia WDM Video Capture (universal); C:\windows\system32\DRIVERS\nvcap.sys [2004-10-29 140972]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\windows\system32\DRIVERS\NVxbar.sys [2004-10-29 15790]
R2 STEC3;STEC3; \??\C:\WINDOWS\system32\STEC3.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\windows\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 HidUsb;Pilote de classe HID Microsoft; C:\windows\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Pilote HID de souris; C:\windows\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\windows\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\windows\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NAVAP;NAVAP; \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090530.003\NAVENG.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090530.003\NAVEX15.sys []
R3 nv;nv; C:\windows\System32\DRIVERS\nv4_mini.sys [2005-01-10 3224480]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\windows\System32\DRIVERS\NVENETFD.sys [2004-11-24 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\windows\System32\DRIVERS\nvnetbus.sys [2004-12-16 12928]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\windows\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\windows\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Concentrateur USB2; C:\windows\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\windows\System32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 akiw9eg7;akiw9eg7; C:\windows\system32\drivers\akiw9eg7.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\windows\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\windows\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\windows\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\windows\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable; C:\windows\System32\Drivers\SilvrLnk.sys [2004-01-28 21456]
S3 SLIP;Détrameur décalage BDA; C:\windows\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\windows\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Pilote de scanneur USB; C:\windows\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\windows\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\windows\system32\DRIVERS\WlanUIG.sys [2004-09-02 379456]
S3 WpdUsb;WpdUsb; C:\windows\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Codec Teletext standard; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\windows\System32\drivers\ws2ifsl.sys [2001-08-28 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 DefWatch;DefWatch; C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe [2003-04-29 32768]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2004-12-16 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543]
R2 Norton AntiVirus Server;Symantec AntiVirus Client; C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe [2003-04-29 622592]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2004-12-16 57409]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\System32\nvsvc32.exe [2005-01-10 127043]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-02 66872]
R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2004-12-16 131133]
S2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2004-08-20 14336]
-----------------EOF-----------------
NoNaMe_
Messages postés
13
Date d'inscription
dimanche 31 mai 2009
Statut
Membre
Dernière intervention
8 juin 2009
31 mai 2009 à 16:15
31 mai 2009 à 16:15
Et le rapport info:
info.txt logfile of random's system information tool 1.06 2009-05-31 16:10:41
======Uninstall list======
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
-->MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.55 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
AGEIA PhysX v7.03.21-->MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
Analyseur MSXML 6.0-->MsiExec.exe /I{CEEE4B46-D156-44B9-91A6-4DF113C79DE9}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
BitTorrent 4.26.0-->"C:\Program Files\BitTorrent\uninstall.exe"
CamStudio 2.0 Fr-->"C:\Program Files\wc\unins000.exe"
Canon EOS Kiss REBEL 300D Pilote WIA -->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{31A57C3E-30DD-421F-B5C7-974DACB0D05F}
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x000c
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CEDP Stealer 4 for MSN Messenger 6 and 7-->C:\Program Files\BitTorrent\uninstall.exe
Chargeur de l'installateur Debian-->C:\debian\uninstall.exe
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Code::Blocks-->"C:\Program Files\CodeBlocks\unins000.exe"
Correctif Windows XP - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Correctif Windows XP - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Correctif Windows XP - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Counter-Strike(TM)-->MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Counter-Strike: Source-->"E:\JEUX\CS\steam.exe" steam://uninstall/240
Dawn of War - Dark Crusade-->C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x040c -removeonly
Dawn of War - Soulstorm-->"C:\Program Files\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x040c -removeonly
Dawn Of War - Winter Assault-->MsiExec.exe /X{DD8408E9-9421-484F-979D-DB6361E3E828}
Dawn Of War-->MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
Dia (supprimer uniquement)-->C:\Program Files\Dia\dia-0.96.1-8-uninstall.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA Download Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1036
Easy-WebPrint-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Enregistrement utilisateur de Canon MP160-->C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
La boite a couleurs version 1.6.14-->"C:\Program Files\LaBoiteACouleurs\unins000.exe"
Livebox-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}\Setup.exe" -l0x40c
LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Messager Wanadoo-->C:\PROGRA~1\MESSAG~1\Uninstall.exe
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Document Explorer 2005 Language Pack - FRA-->MsiExec.exe /X{A0EEDF22-8A8A-45C3-9571-FCCE846ABAED}
Microsoft Document Explorer 2005-->C:\Program Files\Fichiers communs\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Office 2000 Premium-->MsiExec.exe /I{0000040C-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2005 Express - FRA-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - FRA\setup.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MinGW 5.1.3-->C:\MinGW\uninst.exe
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique de Microsoft Document Explorer 2005 - FRA-->C:\Program Files\Fichiers communs\Microsoft Shared\Help 8\Microsoft Document Explorer 2005 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Reaper-->"C:\Program Files\MSN Reaper\uninst.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1036
NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
OLYMPUS CAMEDIA Master 4.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.1
OpenOffice.org 2.3-->MsiExec.exe /I{FADB55D0-403F-4413-A268-CF0A6F1185C2}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pando-->MsiExec.exe /I{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}
PerfectAed-->MsiExec.exe /I{68FDFE6E-A0F2-4A9E-9623-BB4A5D735F91}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653} /l1036
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
rgc:audio z3ta+ DXi v1.4-->"C:\Program Files\Image-Line\FLStudio5\Plugins\VST\Zeta\unins000.exe"
Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E691604-B328-4B4A-8F17-C9D6395075C5}\Setup.exe" -l0x40c
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
Sony Sound Forge 7.0-->MsiExec.exe /I{0712667C-A171-49AE-A098-4ACDA28625F8}
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sunbelt Personal Firewall-->MsiExec.exe /X{82B1150E-9B37-49FC-83EB-D52197D900D0}
SUPER © Version 2008.bld.33 (Sep 2, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Symantec AntiVirus Client-->MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
Synapse Junglist VSTi v3.2-->C:\PROGRA~1\IMAGE-~1\FLSTUD~1\Plugins\VST\VSTPLU~1\Junglist\Junglist\UNWISE.EXE C:\PROGRA~1\IMAGE-~1\FLSTUD~1\Plugins\VST\VSTPLU~1\Junglist\Junglist\INSTALL.LOG
System Security 2009-->C:\Documents and Settings\Seb\Menu Démarrer\Programmes\System Security\System Security 2009 Support.lnk
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Theme Hospital-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Bullfrog\Hospital\DeIsL1.isu"
Turbo Lister 2-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Ulead Straight-to-Disc SDK-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2C1E44-7685-4D05-8342-B0DC6422FA47}\Setup.exe" -l0x9
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WGM 1.4-->"C:\Program Files\WGM\unins000.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinFast(R) Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x40c -removeonly
WinMX-->C:\Program Files\WinMX\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
Wow Cartographe 1.07-->C:\Program Files\WowCartographe\uninst.exe
Wubi-->C:\WINDOWS\wubi-uninstall.exe
Zombie Panic! Source Dedicated Server-->"E:\JEUX\CS\steam.exe" steam://uninstall/17505
======Hosts File======
127.0.0.1 localhost
======Security center information======
FW: NVIDIA Firewall (disabled)
FW: Sunbelt Personal Firewall
======System event log======
Computer Name: SEB-HNTFWSVRF1P
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.
Record Number: 95558
Source Name: Service Control Manager
Time Written: 20090429185736.000000+120
Event Type: Informations
User:
Computer Name: SEB-HNTFWSVRF1P
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.
Record Number: 95557
Source Name: Service Control Manager
Time Written: 20090429185734.000000+120
Event Type: Informations
User:
Computer Name: SEB-HNTFWSVRF1P
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.
Record Number: 95556
Source Name: Service Control Manager
Time Written: 20090429185734.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: SEB-HNTFWSVRF1P
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.
Record Number: 95555
Source Name: Service Control Manager
Time Written: 20090429185712.000000+120
Event Type: Informations
User:
Computer Name: SEB-HNTFWSVRF1P
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Services Terminal Server.
Record Number: 95554
Source Name: Service Control Manager
Time Written: 20090429185712.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
=====Application event log=====
Computer Name: SEB-HNTFWSVRF1P
Event Code: 14
Message:
Le démarrage des services Symantec AntiVirus a réussi.
Record Number: 29585
Source Name: Norton AntiVirus
Time Written: 20090525215020.000000+120
Event Type: Informations
User:
Computer Name: SEB-HNTFWSVRF1P
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 29584
Source Name: SecurityCenter
Time Written: 20090525215008.000000+120
Event Type: Informations
User:
Computer Name: SEB-HNTFWSVRF1P
Event Code: 0
Message:
Record Number: 29583
Source Name: ForceWare Intelligent Application Manager (IAM)
Time Written: 20090525215008.000000+120
Event Type: Informations
User:
Computer Name: SEB-HNTFWSVRF1P
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur SEB-HNTFWSVRF1P\Seb alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.
Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.
Record Number: 29582
Source Name: Userenv
Time Written: 20090525000838.000000+120
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: SEB-HNTFWSVRF1P
Event Code: 1524
Message: Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé.
Record Number: 29581
Source Name: Userenv
Time Written: 20090525000809.000000+120
Event Type: Avertissement
User: SEB-HNTFWSVRF1P\Seb
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=1f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
Voila, merci pour les conseils !!!! :D
info.txt logfile of random's system information tool 1.06 2009-05-31 16:10:41
======Uninstall list======
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->MsiExec /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
-->MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.55 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
AGEIA PhysX v7.03.21-->MsiExec.exe /X{85EBB283-65AF-4C53-9EBE-7C0A232762F7}
Analyseur MSXML 6.0-->MsiExec.exe /I{CEEE4B46-D156-44B9-91A6-4DF113C79DE9}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
BitTorrent 4.26.0-->"C:\Program Files\BitTorrent\uninstall.exe"
CamStudio 2.0 Fr-->"C:\Program Files\wc\unins000.exe"
Canon EOS Kiss REBEL 300D Pilote WIA -->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{31A57C3E-30DD-421F-B5C7-974DACB0D05F}
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x000c
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CEDP Stealer 4 for MSN Messenger 6 and 7-->C:\Program Files\BitTorrent\uninstall.exe
Chargeur de l'installateur Debian-->C:\debian\uninstall.exe
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Code::Blocks-->"C:\Program Files\CodeBlocks\unins000.exe"
Correctif Windows XP - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Correctif Windows XP - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Correctif Windows XP - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Counter-Strike(TM)-->MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}
Counter-Strike: Source-->"E:\JEUX\CS\steam.exe" steam://uninstall/240
Dawn of War - Dark Crusade-->C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x040c -removeonly
Dawn of War - Soulstorm-->"C:\Program Files\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x040c -removeonly
Dawn Of War - Winter Assault-->MsiExec.exe /X{DD8408E9-9421-484F-979D-DB6361E3E828}
Dawn Of War-->MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
Dia (supprimer uniquement)-->C:\Program Files\Dia\dia-0.96.1-8-uninstall.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA Download Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1036
Easy-WebPrint-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Enregistrement utilisateur de Canon MP160-->C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
La boite a couleurs version 1.6.14-->"C:\Program Files\LaBoiteACouleurs\unins000.exe"
Livebox-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}\Setup.exe" -l0x40c
LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Messager Wanadoo-->C:\PROGRA~1\MESSAG~1\Uninstall.exe
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Document Explorer 2005 Language Pack - FRA-->MsiExec.exe /X{A0EEDF22-8A8A-45C3-9571-FCCE846ABAED}
Microsoft Document Explorer 2005-->C:\Program Files\Fichiers communs\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Office 2000 Premium-->MsiExec.exe /I{0000040C-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2005 Express - FRA-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - FRA\setup.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MinGW 5.1.3-->C:\MinGW\uninst.exe
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique de Microsoft Document Explorer 2005 - FRA-->C:\Program Files\Fichiers communs\Microsoft Shared\Help 8\Microsoft Document Explorer 2005 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Reaper-->"C:\Program Files\MSN Reaper\uninst.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1036
NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
OLYMPUS CAMEDIA Master 4.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.1
OpenOffice.org 2.3-->MsiExec.exe /I{FADB55D0-403F-4413-A268-CF0A6F1185C2}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pando-->MsiExec.exe /I{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}
PerfectAed-->MsiExec.exe /I{68FDFE6E-A0F2-4A9E-9623-BB4A5D735F91}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653} /l1036
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
rgc:audio z3ta+ DXi v1.4-->"C:\Program Files\Image-Line\FLStudio5\Plugins\VST\Zeta\unins000.exe"
Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E691604-B328-4B4A-8F17-C9D6395075C5}\Setup.exe" -l0x40c
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
Sony Sound Forge 7.0-->MsiExec.exe /I{0712667C-A171-49AE-A098-4ACDA28625F8}
SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sunbelt Personal Firewall-->MsiExec.exe /X{82B1150E-9B37-49FC-83EB-D52197D900D0}
SUPER © Version 2008.bld.33 (Sep 2, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Symantec AntiVirus Client-->MsiExec.exe /X{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}
Synapse Junglist VSTi v3.2-->C:\PROGRA~1\IMAGE-~1\FLSTUD~1\Plugins\VST\VSTPLU~1\Junglist\Junglist\UNWISE.EXE C:\PROGRA~1\IMAGE-~1\FLSTUD~1\Plugins\VST\VSTPLU~1\Junglist\Junglist\INSTALL.LOG
System Security 2009-->C:\Documents and Settings\Seb\Menu Démarrer\Programmes\System Security\System Security 2009 Support.lnk
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Theme Hospital-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Bullfrog\Hospital\DeIsL1.isu"
Turbo Lister 2-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Ulead Straight-to-Disc SDK-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2C1E44-7685-4D05-8342-B0DC6422FA47}\Setup.exe" -l0x9
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WGM 1.4-->"C:\Program Files\WGM\unins000.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinFast(R) Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x40c -removeonly
WinMX-->C:\Program Files\WinMX\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
Wow Cartographe 1.07-->C:\Program Files\WowCartographe\uninst.exe
Wubi-->C:\WINDOWS\wubi-uninstall.exe
Zombie Panic! Source Dedicated Server-->"E:\JEUX\CS\steam.exe" steam://uninstall/17505
======Hosts File======
127.0.0.1 localhost
======Security center information======
FW: NVIDIA Firewall (disabled)
FW: Sunbelt Personal Firewall
======System event log======
Computer Name: SEB-HNTFWSVRF1P
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.
Record Number: 95558
Source Name: Service Control Manager
Time Written: 20090429185736.000000+120
Event Type: Informations
User:
Computer Name: SEB-HNTFWSVRF1P
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.
Record Number: 95557
Source Name: Service Control Manager
Time Written: 20090429185734.000000+120
Event Type: Informations
User:
Computer Name: SEB-HNTFWSVRF1P
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.
Record Number: 95556
Source Name: Service Control Manager
Time Written: 20090429185734.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: SEB-HNTFWSVRF1P
Event Code: 7036
Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.
Record Number: 95555
Source Name: Service Control Manager
Time Written: 20090429185712.000000+120
Event Type: Informations
User:
Computer Name: SEB-HNTFWSVRF1P
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Services Terminal Server.
Record Number: 95554
Source Name: Service Control Manager
Time Written: 20090429185712.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
=====Application event log=====
Computer Name: SEB-HNTFWSVRF1P
Event Code: 14
Message:
Le démarrage des services Symantec AntiVirus a réussi.
Record Number: 29585
Source Name: Norton AntiVirus
Time Written: 20090525215020.000000+120
Event Type: Informations
User:
Computer Name: SEB-HNTFWSVRF1P
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 29584
Source Name: SecurityCenter
Time Written: 20090525215008.000000+120
Event Type: Informations
User:
Computer Name: SEB-HNTFWSVRF1P
Event Code: 0
Message:
Record Number: 29583
Source Name: ForceWare Intelligent Application Manager (IAM)
Time Written: 20090525215008.000000+120
Event Type: Informations
User:
Computer Name: SEB-HNTFWSVRF1P
Event Code: 1517
Message: Windows a sauvegardé le Registre utilisateur SEB-HNTFWSVRF1P\Seb alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé.
Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local.
Record Number: 29582
Source Name: Userenv
Time Written: 20090525000838.000000+120
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: SEB-HNTFWSVRF1P
Event Code: 1524
Message: Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé.
Record Number: 29581
Source Name: Userenv
Time Written: 20090525000809.000000+120
Event Type: Avertissement
User: SEB-HNTFWSVRF1P\Seb
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=1f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
Voila, merci pour les conseils !!!! :D
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
loloetseb
Messages postés
5508
Date d'inscription
dimanche 14 décembre 2008
Statut
Membre
Dernière intervention
22 avril 2012
174
31 mai 2009 à 16:16
31 mai 2009 à 16:16
Le rapport hijack this a planté
HijackThis download failed
Télécharges et installes le logiciel de diagnostic :
ici Hijackthis
ou ici Hijackthis
ou ici Hijackthis
ou renommé
1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
tuto pour utilisation :(merci balltrap34)
Regardes ici, c'est parfaitement expliqué en images ,
( Ne fixes encore AUCUNE ligne de ton plein gré, cela pourrait empêcher ton PC de fonctionner correctement )
2- !! Déconnectes toi et fermes toute tes applications en cours !!
Cliques sur le raccourci du bureau pour lancer le prg :
fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"
--->copies-colles le rapport généré pour analyse
HijackThis download failed
Télécharges et installes le logiciel de diagnostic :
ici Hijackthis
ou ici Hijackthis
ou ici Hijackthis
ou renommé
1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .
tuto pour utilisation :(merci balltrap34)
Regardes ici, c'est parfaitement expliqué en images ,
( Ne fixes encore AUCUNE ligne de ton plein gré, cela pourrait empêcher ton PC de fonctionner correctement )
2- !! Déconnectes toi et fermes toute tes applications en cours !!
Cliques sur le raccourci du bureau pour lancer le prg :
fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"
--->copies-colles le rapport généré pour analyse
NoNaMe_
Messages postés
13
Date d'inscription
dimanche 31 mai 2009
Statut
Membre
Dernière intervention
8 juin 2009
31 mai 2009 à 16:24
31 mai 2009 à 16:24
Voila le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:44, on 31/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\svc.exe
C:\windows\lsass.exe
C:\windows\amoumain.exe
C:\windows\servicelayer.exe
C:\windows\ctfmon.exe
C:\windows\vlc.exe
C:\windows\wdmon.exe
C:\windows\svx.exe
C:\windows\svw.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\windows\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\windows\System32\alg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\windows\odb.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\windows\odb.exe
C:\windows\odb.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\windows\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {5FABAEFE-3C05-6581-F97A-05946655DA37} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {eac16819-0a02-42b9-8427-a561618467d5} - C:\windows\system32\muhodogu.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [yiteyemidi] Rundll32.exe "C:\windows\system32\pugohawu.dll",s
O4 - HKLM\..\Run: [odby] C:\windows\odb.exe
O4 - HKLM\..\Run: [netc] C:\windows\svc.exe
O4 - HKLM\..\Run: [17503904] C:\Documents and Settings\All Users\Application Data\17503904\17503904.exe
O4 - HKLM\..\Run: [97513896] C:\Documents and Settings\All Users\Application Data\97513896\97513896.exe
O4 - HKLM\..\Run: [lsass] C:\windows\lsass.exe
O4 - HKLM\..\Run: [UpdateWin] C:\windows\system32\8E7057D447z.exe
O4 - HKLM\..\Run: [amoumain] C:\windows\amoumain.exe
O4 - HKLM\..\Run: [servicelayer] C:\windows\servicelayer.exe
O4 - HKLM\..\Run: [ctfmon] C:\windows\ctfmon.exe
O4 - HKLM\..\Run: [vlc] C:\windows\vlc.exe
O4 - HKLM\..\Run: [wdmon] C:\windows\wdmon.exe
O4 - HKLM\..\Run: [netx] C:\windows\svx.exe
O4 - HKLM\..\Run: [netw] C:\windows\svw.exe
O4 - HKLM\..\Run: [CPM7b5acc02] Rundll32.exe "c:\windows\system32\kezuroha.dll",a
O4 - HKLM\..\RunServices: [UpdateWin] C:\windows\system32\8E7057D447z.exe
O4 - HKCU\..\Run: [cdoosoft] C:\windows\system32\olhrwef.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [yiteyemidi] Rundll32.exe "C:\windows\system32\pugohawu.dll",s
O4 - HKCU\..\Run: [UpdateWin] C:\windows\system32\8E7057D447z.exe
O4 - HKCU\..\Run: [userinit] C:\windows\system32\ntos.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\windows\system32\8E7057D447z.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [yiteyemidi] Rundll32.exe "C:\windows\system32\pugohawu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\windows\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\windows\system32\getaviwi.dll c:\windows\system32\kezuroha.dll
O21 - SSODL: syshelps - {BA416781-7515-4D26-8032-E8D61BE89B19} - syshelps.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kezuroha.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kezuroha.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:44, on 31/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\svc.exe
C:\windows\lsass.exe
C:\windows\amoumain.exe
C:\windows\servicelayer.exe
C:\windows\ctfmon.exe
C:\windows\vlc.exe
C:\windows\wdmon.exe
C:\windows\svx.exe
C:\windows\svw.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\windows\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\windows\System32\alg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\windows\odb.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\windows\odb.exe
C:\windows\odb.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\windows\system32\ntos.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {5FABAEFE-3C05-6581-F97A-05946655DA37} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {eac16819-0a02-42b9-8427-a561618467d5} - C:\windows\system32\muhodogu.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [yiteyemidi] Rundll32.exe "C:\windows\system32\pugohawu.dll",s
O4 - HKLM\..\Run: [odby] C:\windows\odb.exe
O4 - HKLM\..\Run: [netc] C:\windows\svc.exe
O4 - HKLM\..\Run: [17503904] C:\Documents and Settings\All Users\Application Data\17503904\17503904.exe
O4 - HKLM\..\Run: [97513896] C:\Documents and Settings\All Users\Application Data\97513896\97513896.exe
O4 - HKLM\..\Run: [lsass] C:\windows\lsass.exe
O4 - HKLM\..\Run: [UpdateWin] C:\windows\system32\8E7057D447z.exe
O4 - HKLM\..\Run: [amoumain] C:\windows\amoumain.exe
O4 - HKLM\..\Run: [servicelayer] C:\windows\servicelayer.exe
O4 - HKLM\..\Run: [ctfmon] C:\windows\ctfmon.exe
O4 - HKLM\..\Run: [vlc] C:\windows\vlc.exe
O4 - HKLM\..\Run: [wdmon] C:\windows\wdmon.exe
O4 - HKLM\..\Run: [netx] C:\windows\svx.exe
O4 - HKLM\..\Run: [netw] C:\windows\svw.exe
O4 - HKLM\..\Run: [CPM7b5acc02] Rundll32.exe "c:\windows\system32\kezuroha.dll",a
O4 - HKLM\..\RunServices: [UpdateWin] C:\windows\system32\8E7057D447z.exe
O4 - HKCU\..\Run: [cdoosoft] C:\windows\system32\olhrwef.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - HKCU\..\Run: [yiteyemidi] Rundll32.exe "C:\windows\system32\pugohawu.dll",s
O4 - HKCU\..\Run: [UpdateWin] C:\windows\system32\8E7057D447z.exe
O4 - HKCU\..\Run: [userinit] C:\windows\system32\ntos.exe
O4 - HKCU\..\RunServices: [UpdateWin] C:\windows\system32\8E7057D447z.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [yiteyemidi] Rundll32.exe "C:\windows\system32\pugohawu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\windows\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\windows\system32\getaviwi.dll c:\windows\system32\kezuroha.dll
O21 - SSODL: syshelps - {BA416781-7515-4D26-8032-E8D61BE89B19} - syshelps.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kezuroha.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kezuroha.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
loloetseb
Messages postés
5508
Date d'inscription
dimanche 14 décembre 2008
Statut
Membre
Dernière intervention
22 avril 2012
174
31 mai 2009 à 16:29
31 mai 2009 à 16:29
Tu es tres infecté
/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\
_________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Avant d'utiliser ComboFix :
______________________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
!!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
>> Reviens sur le forum, et
copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
--
/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\
_________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Avant d'utiliser ComboFix :
______________________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
!!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
>> Reviens sur le forum, et
copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
--
loloetseb
Messages postés
5508
Date d'inscription
dimanche 14 décembre 2008
Statut
Membre
Dernière intervention
22 avril 2012
174
31 mai 2009 à 16:44
31 mai 2009 à 16:44
Fais d'abord usbfix avant de faire combofix
1/
##################### | XP _ Instal & recherche | ########################
? Télécharge et install UsbFix : http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l' option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
2/
##################### | XP _ Suppression | ########################
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau
• choisis l' option 2 ( Suppression )
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Ensuite relances usbfix ,puis desinstallation
1/
##################### | XP _ Instal & recherche | ########################
? Télécharge et install UsbFix : http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l' option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
2/
##################### | XP _ Suppression | ########################
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau
• choisis l' option 2 ( Suppression )
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Ensuite relances usbfix ,puis desinstallation
NoNaMe_
Messages postés
13
Date d'inscription
dimanche 31 mai 2009
Statut
Membre
Dernière intervention
8 juin 2009
31 mai 2009 à 17:39
31 mai 2009 à 17:39
Ok le UsbFix prend bcp de temps, je poste le rapport des mon retour, encore merci a plus tard!
loloetseb
Messages postés
5508
Date d'inscription
dimanche 14 décembre 2008
Statut
Membre
Dernière intervention
22 avril 2012
174
31 mai 2009 à 17:56
31 mai 2009 à 17:56
D'accord
NoNaMe_
Messages postés
13
Date d'inscription
dimanche 31 mai 2009
Statut
Membre
Dernière intervention
8 juin 2009
1 juin 2009 à 21:15
1 juin 2009 à 21:15
ok, voila le 1er rapport:
############################## [ UsbFix V3.027 | Scan ]
# User : Seb (Administrateurs) # SEB-HNTFWSVRF1P
# Update on 30/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 16:53:32 | 31/05/2009
# AMD Athlon(tm) 64 Processor 3000+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# FW : NVIDIA Firewall[ (!) Disabled ]1.0
# FW : Sunbelt Personal Firewall[ Enabled ]4.6.1861 T
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 24,41 Go (1,99 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 46,56 Go (3,21 Go free) # FAT32
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# I:\ # Disque fixe local # 298,09 Go (21,76 Go free) [Disk Dur ExTerN] # NTFS
############################## [ Processus actifs ]
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\windows\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\windows\odb.exe
C:\windows\svc.exe
C:\windows\lsass.exe
C:\windows\amoumain.exe
C:\windows\servicelayer.exe
C:\windows\ctfmon.exe
C:\windows\vlc.exe
C:\windows\wdmon.exe
C:\windows\svx.exe
C:\windows\svw.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\windows\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Registre Startup ]
HKCU_Main: "Local Page"="C:\\windows\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\windows\\system32\\ntos.exe,"
HKLM_logon: "DefaultUserName"="Seb"
HKLM_logon: "AltDefaultUserName"="Seb"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKLM_Run: yiteyemidi=Rundll32.exe "C:\windows\system32\pugohawu.dll",s
HKLM_Run: odby=C:\windows\odb.exe
HKLM_Run: netc=C:\windows\svc.exe
HKLM_Run: 17503904=C:\Documents and Settings\All Users\Application Data\17503904\17503904.exe
HKLM_Run: 97513896=C:\Documents and Settings\All Users\Application Data\97513896\97513896.exe
HKLM_Run: lsass=C:\windows\lsass.exe
HKLM_Run: UpdateWin=C:\windows\system32\8E7057D447z.exe
HKLM_Run: amoumain=C:\windows\amoumain.exe
HKLM_Run: servicelayer=C:\windows\servicelayer.exe
HKLM_Run: ctfmon=C:\windows\ctfmon.exe
HKLM_Run: vlc=C:\windows\vlc.exe
HKLM_Run: wdmon=C:\windows\wdmon.exe
HKLM_Run: netx=C:\windows\svx.exe
HKLM_Run: netw=C:\windows\svw.exe
HKLM_Run: CPM7b5acc02=Rundll32.exe "c:\windows\system32\kezuroha.dll",a
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKLM_Rserv: UpdateWin=C:\windows\system32\8E7057D447z.exe
HKCU_Run: cdoosoft=C:\windows\system32\olhrwef.exe
HKCU_Run: Pando="C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
HKCU_Run: yiteyemidi=Rundll32.exe "C:\windows\system32\pugohawu.dll",s
HKCU_Run: UpdateWin=C:\windows\system32\8E7057D447z.exe
HKCU_Run: userinit=C:\windows\system32\ntos.exe
################## [ Fichiers # Dossiers infectieux ]
Found ! C:\windows\odb.exe
Found ! C:\windows\svc.exe
Found ! C:\windows\svw.exe
Found ! C:\windows\svx.exe
Found ! C:\windows\vlc.exe
Found ! C:\windows\wdmon.exe
Found ! C:\windows\system32\ntos.exe
Found ! C:\windows\system32\tmp.reg
Found ! C:\DOCUME~1\Seb\LOCALS~1\Temp\pft35.tmp\LuAll.exe
Found ! "E:\resycled"
I:\autorun.inf # -> fichier appelé : "I:\uxkl0apt.bat" ( absent ! )
Found ! I:\cb.exe
Found ! I:\gi2ky.exe
Found ! I:\qxty9be.cmd
Found ! I:\jeorels.cmd
Found ! I:\opgde.exe
Found ! I:\qphdin.com
Found ! I:\qxty9be.cmd
Found ! I:\ur0.com
Found ! I:\xdw.com
Found ! I:\2.bat
Found ! I:\i.com
Found ! I:\autorun.inf
Found ! "I:\resycled"
################## [ Registre # Clés Run infectieuses ]
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "netc"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "netw"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "netx"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "odby"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "UpdateWin"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "vlc"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "wdmon"
Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "UpdateWin"
Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "userinit"
Found ! HKU\S-1-5-21-1220945662-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Found ! HKU\S-1-5-21-1220945662-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "UpdateWin"
Found ! HKU\S-1-5-21-1220945662-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "userinit"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "UpdateWin"
Found ! HKLM\software\microsoft\security center "UpdatesDisableNotify" ( 0x1 )
################## [ Registre # Mountpoints2 ]
HKCU\...\Explorer\MountPoints2\{0cd09df2-937b-11dc-8a38-0011d8ded54d}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{0cd09df2-937b-11dc-8a38-0011d8ded54d}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{1405a4b8-1ddd-11dd-8b34-0011d8ded54d}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{23472580-a75b-11dc-8a5e-0011d8ded54d}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{23472580-a75b-11dc-8a5e-0011d8ded54d}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{2f7007c6-7c0d-11dc-8a11-0003c9801419}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{4e78d743-b12c-11db-a31a-0011d8ded54d}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{4e78d743-b12c-11db-a31a-0011d8ded54d}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{6c4ca7c0-b1ab-11dd-9756-0003c9801419}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{b6410a2a-1e87-11dc-897e-0003c9801419}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{b6410a2a-1e87-11dc-897e-0003c9801419}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{be25159c-0264-11da-a01a-0011d8ded54d}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{be25159c-0264-11da-a01a-0011d8ded54d}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{f00e72ce-efd7-11dd-97a3-0003c9801419}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{f00e72ce-efd7-11dd-97a3-0003c9801419}\Shell\open\Command
################## [ Informations # Fichier Suspect ]
################## [ Cracks # Keygens # Serials ]
# -> Nothing found !
################## [ ! Fin du rapport # UsbFix V3.027 ! ]
############################## [ UsbFix V3.027 | Scan ]
# User : Seb (Administrateurs) # SEB-HNTFWSVRF1P
# Update on 30/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 16:53:32 | 31/05/2009
# AMD Athlon(tm) 64 Processor 3000+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# FW : NVIDIA Firewall[ (!) Disabled ]1.0
# FW : Sunbelt Personal Firewall[ Enabled ]4.6.1861 T
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 24,41 Go (1,99 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 46,56 Go (3,21 Go free) # FAT32
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# I:\ # Disque fixe local # 298,09 Go (21,76 Go free) [Disk Dur ExTerN] # NTFS
############################## [ Processus actifs ]
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\windows\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\windows\odb.exe
C:\windows\svc.exe
C:\windows\lsass.exe
C:\windows\amoumain.exe
C:\windows\servicelayer.exe
C:\windows\ctfmon.exe
C:\windows\vlc.exe
C:\windows\wdmon.exe
C:\windows\svx.exe
C:\windows\svw.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\windows\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Registre Startup ]
HKCU_Main: "Local Page"="C:\\windows\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\windows\\system32\\ntos.exe,"
HKLM_logon: "DefaultUserName"="Seb"
HKLM_logon: "AltDefaultUserName"="Seb"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKLM_Run: yiteyemidi=Rundll32.exe "C:\windows\system32\pugohawu.dll",s
HKLM_Run: odby=C:\windows\odb.exe
HKLM_Run: netc=C:\windows\svc.exe
HKLM_Run: 17503904=C:\Documents and Settings\All Users\Application Data\17503904\17503904.exe
HKLM_Run: 97513896=C:\Documents and Settings\All Users\Application Data\97513896\97513896.exe
HKLM_Run: lsass=C:\windows\lsass.exe
HKLM_Run: UpdateWin=C:\windows\system32\8E7057D447z.exe
HKLM_Run: amoumain=C:\windows\amoumain.exe
HKLM_Run: servicelayer=C:\windows\servicelayer.exe
HKLM_Run: ctfmon=C:\windows\ctfmon.exe
HKLM_Run: vlc=C:\windows\vlc.exe
HKLM_Run: wdmon=C:\windows\wdmon.exe
HKLM_Run: netx=C:\windows\svx.exe
HKLM_Run: netw=C:\windows\svw.exe
HKLM_Run: CPM7b5acc02=Rundll32.exe "c:\windows\system32\kezuroha.dll",a
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKLM_Rserv: UpdateWin=C:\windows\system32\8E7057D447z.exe
HKCU_Run: cdoosoft=C:\windows\system32\olhrwef.exe
HKCU_Run: Pando="C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
HKCU_Run: yiteyemidi=Rundll32.exe "C:\windows\system32\pugohawu.dll",s
HKCU_Run: UpdateWin=C:\windows\system32\8E7057D447z.exe
HKCU_Run: userinit=C:\windows\system32\ntos.exe
################## [ Fichiers # Dossiers infectieux ]
Found ! C:\windows\odb.exe
Found ! C:\windows\svc.exe
Found ! C:\windows\svw.exe
Found ! C:\windows\svx.exe
Found ! C:\windows\vlc.exe
Found ! C:\windows\wdmon.exe
Found ! C:\windows\system32\ntos.exe
Found ! C:\windows\system32\tmp.reg
Found ! C:\DOCUME~1\Seb\LOCALS~1\Temp\pft35.tmp\LuAll.exe
Found ! "E:\resycled"
I:\autorun.inf # -> fichier appelé : "I:\uxkl0apt.bat" ( absent ! )
Found ! I:\cb.exe
Found ! I:\gi2ky.exe
Found ! I:\qxty9be.cmd
Found ! I:\jeorels.cmd
Found ! I:\opgde.exe
Found ! I:\qphdin.com
Found ! I:\qxty9be.cmd
Found ! I:\ur0.com
Found ! I:\xdw.com
Found ! I:\2.bat
Found ! I:\i.com
Found ! I:\autorun.inf
Found ! "I:\resycled"
################## [ Registre # Clés Run infectieuses ]
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "netc"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "netw"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "netx"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "odby"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "UpdateWin"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "vlc"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "wdmon"
Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "UpdateWin"
Found ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "userinit"
Found ! HKU\S-1-5-21-1220945662-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Found ! HKU\S-1-5-21-1220945662-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "UpdateWin"
Found ! HKU\S-1-5-21-1220945662-1677128483-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "userinit"
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "UpdateWin"
Found ! HKLM\software\microsoft\security center "UpdatesDisableNotify" ( 0x1 )
################## [ Registre # Mountpoints2 ]
HKCU\...\Explorer\MountPoints2\{0cd09df2-937b-11dc-8a38-0011d8ded54d}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{0cd09df2-937b-11dc-8a38-0011d8ded54d}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{1405a4b8-1ddd-11dd-8b34-0011d8ded54d}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{23472580-a75b-11dc-8a5e-0011d8ded54d}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{23472580-a75b-11dc-8a5e-0011d8ded54d}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{2f7007c6-7c0d-11dc-8a11-0003c9801419}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{4e78d743-b12c-11db-a31a-0011d8ded54d}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{4e78d743-b12c-11db-a31a-0011d8ded54d}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{6c4ca7c0-b1ab-11dd-9756-0003c9801419}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{b6410a2a-1e87-11dc-897e-0003c9801419}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{b6410a2a-1e87-11dc-897e-0003c9801419}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{be25159c-0264-11da-a01a-0011d8ded54d}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{be25159c-0264-11da-a01a-0011d8ded54d}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{f00e72ce-efd7-11dd-97a3-0003c9801419}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{f00e72ce-efd7-11dd-97a3-0003c9801419}\Shell\open\Command
################## [ Informations # Fichier Suspect ]
################## [ Cracks # Keygens # Serials ]
# -> Nothing found !
################## [ ! Fin du rapport # UsbFix V3.027 ! ]
NoNaMe_
Messages postés
13
Date d'inscription
dimanche 31 mai 2009
Statut
Membre
Dernière intervention
8 juin 2009
1 juin 2009 à 21:17
1 juin 2009 à 21:17
et le 2e rapport, tjrs usbfix:
############################## [ UsbFix V3.027 | Cleaning ]
# User : Seb (Administrateurs) # SEB-HNTFWSVRF1P
# Update on 30/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:00:36 | 01/06/2009
# AMD Athlon(tm) 64 Processor 3000+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# FW : NVIDIA Firewall[ (!) Disabled ]1.0
# FW : Sunbelt Personal Firewall[ Enabled ]4.6.1861 T
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 24,41 Go (1,28 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 46,56 Go (1,84 Go free) # FAT32
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# I:\ # Disque fixe local # 298,09 Go (21,76 Go free) [Disk Dur ExTerN] # NTFS
############################## [ Processus actifs ]
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\savedump.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\logonui.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\windows\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\windows\System32\alg.exe
################## [ Fichiers # Dossiers infectieux ]
Deleted ! C:\windows\odb.exe
Deleted ! C:\windows\svc.exe
Deleted ! C:\windows\svw.exe
Deleted ! C:\windows\svx.exe
Deleted ! C:\windows\vlc.exe
Deleted ! C:\windows\wdmon.exe
(!) Not Deleted ! C:\windows\system32\ntos.exe
Deleted ! C:\windows\system32\tmp.reg
Deleted ! C:\DOCUME~1\Seb\LOCALS~1\Temp\pft35.tmp\LuAll.exe
Deleted ! "E:\resycled"
I:\autorun.inf # -> fichier appelé : "I:\uxkl0apt.bat" ( absent ! )
Deleted ! I:\cb.exe
Deleted ! I:\gi2ky.exe
Deleted ! I:\qxty9be.cmd
Deleted ! I:\jeorels.cmd
Deleted ! I:\opgde.exe
Deleted ! I:\qphdin.com
Deleted ! I:\ur0.com
Deleted ! I:\xdw.com
Deleted ! I:\2.bat
Deleted ! I:\i.com
Deleted ! I:\autorun.inf
Deleted ! "I:\resycled"
################## [ Registre # Clés Run infectieuses ]
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "netc"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "netw"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "netx"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "odby"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "UpdateWin"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "vlc"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "wdmon"
Deleted ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Deleted ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "UpdateWin"
Deleted ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "userinit"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "UpdateWin"
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify" # -> Reset sucessfully !
################## [ Registre # Mountpoints2 ]
Deleted ! HKCU\...\Explorer\MountPoints2\{0cd09df2-937b-11dc-8a38-0011d8ded54d}\Shell\Auto\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{1405a4b8-1ddd-11dd-8b34-0011d8ded54d}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{23472580-a75b-11dc-8a5e-0011d8ded54d}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{2f7007c6-7c0d-11dc-8a11-0003c9801419}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{4e78d743-b12c-11db-a31a-0011d8ded54d}\Shell\Auto\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{6c4ca7c0-b1ab-11dd-9756-0003c9801419}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{be25159c-0264-11da-a01a-0011d8ded54d}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{f00e72ce-efd7-11dd-97a3-0003c9801419}\Shell\AutoRun\Command
################## [ Listing des fichiers présent ]
[13/06/2005 19:58|--a------|1024] - C:\.rnd
[01/06/2009 20:59|--a------|16796] - C:\aaw7boot.log
[13/06/2005 19:50|--a------|0] - C:\AUTOEXEC.BAK
[13/03/2006 12:10|--a------|0] - C:\AUTOEXEC.BAT
[28/08/2001 12:00|-rahs----|4952] - C:\Bootfont.bin
[31/05/2009 16:44|--a------|646] - C:\Bug.txt
[16/04/2008 19:49|--a------|667] - C:\colorbox.log
[13/06/2005 19:50|--a------|0] - C:\CONFIG.BAK
[30/12/2008 14:19|-r-hs----|31] - C:\config.sys
[29/07/2008 09:08|--a------|120] - C:\drmHeader.bin
[11/11/2007 16:46|--a------|171008] - C:\grldr
[13/06/2005 19:50|-rahs----|0] - C:\IO.SYS
[25/12/2005 22:18|--a------|300] - C:\LevelParTimes.csv
[03/01/2009 16:23|--a------|18627] - C:\lopR.txt
[11/11/2007 16:46|--a------|303] - C:\menu.lst
[13/06/2005 19:50|-rahs----|0] - C:\MSDOS.SYS
[27/06/2005 12:30|-rahs----|47564] - C:\NTDETECT.COM
[27/06/2005 12:30|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[31/05/2009 15:43|--a------|5639] - C:\rapport.txt
[21/08/2005 12:24|--a------|5645] - C:\resetlog.txt
[21/08/2005 12:06|--a------|90] - C:\Setup.log
[01/06/2009 21:10|--a------|6328] - C:\UsbFix.txt
[24/01/2008 19:22|--a------|5555094] - E:\Tropdelaballetektonike.mp3
[25/07/2008 21:00|--a------|57585695] - E:\NoNaMe_TekBreaKTrance01.mp3
[18/11/2007 23:19|--a------|32030] - E:\ptdr sarko.jpg
[02/05/2008 15:50|--a------|59450172] - E:\sebLast020508.mp3
[19/10/2008 13:13|--a------|65810432] - E:\Lifted_Music_Show_012_-_Spor_and_Chris_Renegade.mp3
[12/01/2008 19:52|--a------|70] - E:\adresses.txt
[24/02/2008 12:49|--a------|1518] - E:\londres.txt
[30/01/2008 23:33|--a------|47741] - E:\ATTENTIONDANGER.rtf
[26/09/2008 23:14|--a------|33483590] - E:\NoNaMe_FreeMix250708.mp3
[09/12/2007 21:13|--a------|547] - E:\arts martiaux.txt
[20/07/2008 16:16|--a------|85094400] - E:\dj m-rode interview mix drum bass exclu live on beur fm 98.7 dkfaz4 show.mp3
[30/06/2008 23:16|--a------|58037856] - E:\TribeMix1 Jo.mp3
[19/11/2008 01:30|--a------|49557548] - I:\American History X - Theme.wav
[01/01/2008 19:25|--a------|725032960] - I:\Apocalypse Now.avi
[19/10/2005 20:51|--a------|659920896] - I:\Full metal jacket.avi
[20/06/2007 15:55|--a------|27711587] - I:\gui mix 20 06.mp3
[12/11/2008 01:29|--a------|54968030] - I:\Jaka_CrisisPack_Part2.mp3
[02/12/2008 23:17|--a------|733227008] - I:\Le Peril Jeune.avi
[19/11/2008 21:40|--a------|171346614] - I:\NoNaMe_X_Part1_191108.mp3
[17/12/2007 03:16|--a------|736846792] - I:\Planete Hurlante.avi
[03/01/2007 16:12|--a------|34973094] - I:\sound forge 7 by_daewoo.rar
[31/03/2009 17:31|--a------|206] - I:\tien‚.txt
[17/11/2008 00:34|--a------|4136269678] - I:\warhamer mark of chaos bit torent file.rar
################## [ Vaccination ]
# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# E:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# I:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
################## [ Informations # Fichier Suspect ]
################## [ Cracks # Keygens # Serials ]
# -> Nothing found !
################## [ ! Fin du rapport # UsbFix V3.027 ! ]
je vai utiliser comboFix now
Merci!
############################## [ UsbFix V3.027 | Cleaning ]
# User : Seb (Administrateurs) # SEB-HNTFWSVRF1P
# Update on 30/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:00:36 | 01/06/2009
# AMD Athlon(tm) 64 Processor 3000+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# FW : NVIDIA Firewall[ (!) Disabled ]1.0
# FW : Sunbelt Personal Firewall[ Enabled ]4.6.1861 T
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 24,41 Go (1,28 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque fixe local # 46,56 Go (1,84 Go free) # FAT32
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# I:\ # Disque fixe local # 298,09 Go (21,76 Go free) [Disk Dur ExTerN] # NTFS
############################## [ Processus actifs ]
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\savedump.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\logonui.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\windows\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\windows\System32\alg.exe
################## [ Fichiers # Dossiers infectieux ]
Deleted ! C:\windows\odb.exe
Deleted ! C:\windows\svc.exe
Deleted ! C:\windows\svw.exe
Deleted ! C:\windows\svx.exe
Deleted ! C:\windows\vlc.exe
Deleted ! C:\windows\wdmon.exe
(!) Not Deleted ! C:\windows\system32\ntos.exe
Deleted ! C:\windows\system32\tmp.reg
Deleted ! C:\DOCUME~1\Seb\LOCALS~1\Temp\pft35.tmp\LuAll.exe
Deleted ! "E:\resycled"
I:\autorun.inf # -> fichier appelé : "I:\uxkl0apt.bat" ( absent ! )
Deleted ! I:\cb.exe
Deleted ! I:\gi2ky.exe
Deleted ! I:\qxty9be.cmd
Deleted ! I:\jeorels.cmd
Deleted ! I:\opgde.exe
Deleted ! I:\qphdin.com
Deleted ! I:\ur0.com
Deleted ! I:\xdw.com
Deleted ! I:\2.bat
Deleted ! I:\i.com
Deleted ! I:\autorun.inf
Deleted ! "I:\resycled"
################## [ Registre # Clés Run infectieuses ]
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "netc"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "netw"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "netx"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "odby"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "UpdateWin"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "vlc"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "wdmon"
Deleted ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "cdoosoft"
Deleted ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "UpdateWin"
Deleted ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "userinit"
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "UpdateWin"
# HKLM\software\microsoft\security center\\ "UpdatesDisableNotify" # -> Reset sucessfully !
################## [ Registre # Mountpoints2 ]
Deleted ! HKCU\...\Explorer\MountPoints2\{0cd09df2-937b-11dc-8a38-0011d8ded54d}\Shell\Auto\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{1405a4b8-1ddd-11dd-8b34-0011d8ded54d}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{23472580-a75b-11dc-8a5e-0011d8ded54d}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{2f7007c6-7c0d-11dc-8a11-0003c9801419}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{4e78d743-b12c-11db-a31a-0011d8ded54d}\Shell\Auto\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{6c4ca7c0-b1ab-11dd-9756-0003c9801419}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{be25159c-0264-11da-a01a-0011d8ded54d}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{f00e72ce-efd7-11dd-97a3-0003c9801419}\Shell\AutoRun\Command
################## [ Listing des fichiers présent ]
[13/06/2005 19:58|--a------|1024] - C:\.rnd
[01/06/2009 20:59|--a------|16796] - C:\aaw7boot.log
[13/06/2005 19:50|--a------|0] - C:\AUTOEXEC.BAK
[13/03/2006 12:10|--a------|0] - C:\AUTOEXEC.BAT
[28/08/2001 12:00|-rahs----|4952] - C:\Bootfont.bin
[31/05/2009 16:44|--a------|646] - C:\Bug.txt
[16/04/2008 19:49|--a------|667] - C:\colorbox.log
[13/06/2005 19:50|--a------|0] - C:\CONFIG.BAK
[30/12/2008 14:19|-r-hs----|31] - C:\config.sys
[29/07/2008 09:08|--a------|120] - C:\drmHeader.bin
[11/11/2007 16:46|--a------|171008] - C:\grldr
[13/06/2005 19:50|-rahs----|0] - C:\IO.SYS
[25/12/2005 22:18|--a------|300] - C:\LevelParTimes.csv
[03/01/2009 16:23|--a------|18627] - C:\lopR.txt
[11/11/2007 16:46|--a------|303] - C:\menu.lst
[13/06/2005 19:50|-rahs----|0] - C:\MSDOS.SYS
[27/06/2005 12:30|-rahs----|47564] - C:\NTDETECT.COM
[27/06/2005 12:30|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[31/05/2009 15:43|--a------|5639] - C:\rapport.txt
[21/08/2005 12:24|--a------|5645] - C:\resetlog.txt
[21/08/2005 12:06|--a------|90] - C:\Setup.log
[01/06/2009 21:10|--a------|6328] - C:\UsbFix.txt
[24/01/2008 19:22|--a------|5555094] - E:\Tropdelaballetektonike.mp3
[25/07/2008 21:00|--a------|57585695] - E:\NoNaMe_TekBreaKTrance01.mp3
[18/11/2007 23:19|--a------|32030] - E:\ptdr sarko.jpg
[02/05/2008 15:50|--a------|59450172] - E:\sebLast020508.mp3
[19/10/2008 13:13|--a------|65810432] - E:\Lifted_Music_Show_012_-_Spor_and_Chris_Renegade.mp3
[12/01/2008 19:52|--a------|70] - E:\adresses.txt
[24/02/2008 12:49|--a------|1518] - E:\londres.txt
[30/01/2008 23:33|--a------|47741] - E:\ATTENTIONDANGER.rtf
[26/09/2008 23:14|--a------|33483590] - E:\NoNaMe_FreeMix250708.mp3
[09/12/2007 21:13|--a------|547] - E:\arts martiaux.txt
[20/07/2008 16:16|--a------|85094400] - E:\dj m-rode interview mix drum bass exclu live on beur fm 98.7 dkfaz4 show.mp3
[30/06/2008 23:16|--a------|58037856] - E:\TribeMix1 Jo.mp3
[19/11/2008 01:30|--a------|49557548] - I:\American History X - Theme.wav
[01/01/2008 19:25|--a------|725032960] - I:\Apocalypse Now.avi
[19/10/2005 20:51|--a------|659920896] - I:\Full metal jacket.avi
[20/06/2007 15:55|--a------|27711587] - I:\gui mix 20 06.mp3
[12/11/2008 01:29|--a------|54968030] - I:\Jaka_CrisisPack_Part2.mp3
[02/12/2008 23:17|--a------|733227008] - I:\Le Peril Jeune.avi
[19/11/2008 21:40|--a------|171346614] - I:\NoNaMe_X_Part1_191108.mp3
[17/12/2007 03:16|--a------|736846792] - I:\Planete Hurlante.avi
[03/01/2007 16:12|--a------|34973094] - I:\sound forge 7 by_daewoo.rar
[31/03/2009 17:31|--a------|206] - I:\tien‚.txt
[17/11/2008 00:34|--a------|4136269678] - I:\warhamer mark of chaos bit torent file.rar
################## [ Vaccination ]
# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# E:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# I:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
################## [ Informations # Fichier Suspect ]
################## [ Cracks # Keygens # Serials ]
# -> Nothing found !
################## [ ! Fin du rapport # UsbFix V3.027 ! ]
je vai utiliser comboFix now
Merci!
NoNaMe_
Messages postés
13
Date d'inscription
dimanche 31 mai 2009
Statut
Membre
Dernière intervention
8 juin 2009
1 juin 2009 à 22:23
1 juin 2009 à 22:23
Voila pour le comboFix, apparement il a résolu certains problemes!
ComboFix 09-05-31.06 - Seb 01/06/2009 21:56.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1535.1071 [GMT 2:00]
Lancé depuis: c:\documents and settings\Seb\Bureau\ComboFix.exe
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\windows\system32\getaviwi.dll
c:\windows\system32\kezuroha.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\17503904
c:\documents and settings\All Users\Application Data\17503904\17503904.exe
c:\documents and settings\All Users\Application Data\17503904\17503904.glu
c:\documents and settings\All Users\Application Data\17503904\pc17503904cnf
c:\documents and settings\All Users\Application Data\17503904\pc17503904ins
c:\documents and settings\All Users\Application Data\97513896
c:\documents and settings\All Users\Application Data\97513896\97513896.exe
c:\documents and settings\Seb\Application Data\.#
c:\documents and settings\Seb\Application Data\.#\MBX@B24@3741A8.###
c:\documents and settings\Seb\Application Data\.#\MBX@B24@3741D8.###
c:\documents and settings\Seb\Application Data\.#\MBX@B24@374208.###
c:\windows\ctfmon.exe
c:\windows\lsass.exe
c:\windows\system32\akedikut.ini
c:\windows\system32\aleboyid.ini
c:\windows\system32\anevenoy.ini
c:\windows\system32\asiteres.ini
c:\windows\system32\dimoburi.dll
c:\windows\system32\drivers\msqpdxcyrrmwbh.sys
c:\windows\system32\drivers\msqpdxituedbbr.sys
c:\windows\system32\drivers\msqpdxqbnmpfqx.sys
c:\windows\system32\ebalupez.ini
c:\windows\system32\ebitokud.ini
c:\windows\system32\eralokuk.ini
c:\windows\system32\ewagurom.ini
c:\windows\system32\eyapagev.ini
c:\windows\system32\fibikavi.dll
c:\windows\system32\gukowema.dll
c:\windows\system32\igidobum.ini
c:\windows\system32\ikayibon.ini
c:\windows\system32\isebihos.ini
c:\windows\system32\isehofed.ini
c:\windows\system32\itiwedil.ini
c:\windows\system32\ivakibif.ini
c:\windows\system32\iyemahes.ini
c:\windows\system32\jefiyuna.dll
c:\windows\system32\kadidika.dll
c:\windows\system32\msqpdxxrbfamwq.dll
c:\windows\system32\muhodogu.dll
c:\windows\system32\muzupera.dll
c:\windows\system32\ntos.exe
c:\windows\system32\ofeyahij.ini
c:\windows\system32\ohuhitim.ini
c:\windows\system32\oketifif.ini
c:\windows\system32\olodekar.ini
c:\windows\system32\onolavoy.ini
c:\windows\system32\otoliyef.ini
c:\windows\system32\owemavod.ini
c:\windows\system32\pasagami.dll
c:\windows\system32\pugohawu.dll
c:\windows\system32\rnaph.dll
c:\windows\system32\upelifen.ini
c:\windows\system32\urelizud.ini
c:\windows\system32\utofopor.ini
c:\windows\system32\utuvayen.ini
c:\windows\system32\uyejehag.ini
c:\windows\system32\uzohavat.ini
c:\windows\system32\veyetidi.dll
c:\windows\system32\wsnpoem
c:\windows\system32\wsnpoem\audio.dll
c:\windows\system32\wsnpoem\video.dll
c:\windows\system32\yagejani.dll
c:\windows\system32\yivozizi.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_msqpdxserv.sys
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-01 au 2009-06-01 ))))))))))))))))))))))))))))))))))))
.
2009-06-01 19:28 . 2009-06-01 19:30 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-05-31 14:52 . 2009-06-01 19:13 -------- d-----w- C:\UsbFix
2009-05-31 14:10 . 2009-05-31 14:19 -------- d-----w- c:\program files\trend micro
2009-05-31 14:10 . 2009-05-31 14:10 -------- d-----w- C:\rsit
2009-05-31 11:29 . 2008-10-31 05:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2009-05-31 11:29 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2009-05-31 11:29 . 2009-05-31 11:29 -------- d-----w- c:\program files\Sunbelt Software
2009-05-31 03:28 . 2009-05-31 03:28 281600 ----a-w- c:\windows\servicelayer.exe
2009-05-31 03:28 . 2009-05-31 03:28 281600 ----a-w- c:\windows\amoumain.exe
2009-05-31 03:27 . 2009-05-31 04:07 109 --sha-w- c:\windows\system32\2020212529.dat
2009-05-31 03:27 . 2009-05-31 03:27 41984 --sha-r- c:\windows\system32\8E7057D447z.exe
2009-05-19 16:20 . 2009-05-19 16:20 81924 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\doheyesi.dll
2009-05-19 16:20 . 2009-05-19 16:20 78852 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\kukolare.dll
2009-05-19 16:20 . 2009-05-19 16:20 49668 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\surujesu.dll
2009-05-19 16:20 . 2009-05-19 16:20 49668 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\rigebevu.dll
2009-05-19 16:20 . 2009-05-19 16:20 49668 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\lepopoka.dll
2009-05-19 16:20 . 2009-05-19 16:20 469508 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\uninstall.exe
2009-05-18 16:25 . 2009-01-18 21:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-18 15:36 . 2009-01-18 21:30 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-18 15:35 . 2009-05-18 15:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-18 15:35 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-05-07 12:41 . 2009-05-07 12:41 -------- d-----w- c:\documents and settings\LocalService\Bureau
2009-05-07 12:35 . 2009-05-18 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 03:54 . 1601-01-01 00:12 80896 ----a-w- c:\windows\system32\kezuroha.dll.vir
2009-05-26 18:25 . 2007-11-20 08:22 -------- d-----w- c:\documents and settings\Seb\Application Data\OpenOffice.org2
2009-05-26 18:16 . 2007-11-20 08:23 1 ----a-w- c:\documents and settings\Seb\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-20 16:47 . 2001-08-28 10:00 75506 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-20 16:47 . 2001-08-28 10:00 468490 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-18 15:35 . 2007-06-21 11:45 -------- d-----w- c:\program files\Lavasoft
2009-05-16 10:08 . 2007-11-18 23:14 -------- d-----w- c:\documents and settings\Seb\Application Data\dvdcss
2009-05-13 14:46 . 2007-06-15 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-05-07 12:26 . 2006-08-02 20:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-07 12:26 . 2006-08-02 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-07 16:20 . 2009-04-07 15:32 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP1000.bat
2009-03-29 15:31 . 2009-03-29 15:31 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP999.bat
2009-03-29 15:30 . 2009-03-29 15:30 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP998.bat
2009-03-29 15:30 . 2009-03-29 15:30 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP997.bat
2009-03-29 15:29 . 2009-03-29 15:29 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP996.bat
2009-03-29 15:29 . 2009-03-29 15:29 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP995.bat
2009-03-29 15:29 . 2009-03-29 15:29 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP994.bat
2009-03-29 15:28 . 2009-03-29 15:28 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP993.bat
2009-03-29 15:28 . 2009-03-29 15:28 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP992.bat
2009-03-29 15:27 . 2009-03-29 15:27 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP991.bat
2009-03-29 15:27 . 2009-03-29 15:27 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP990.bat
2009-03-29 15:27 . 2009-03-29 15:27 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP989.bat
2009-03-29 15:26 . 2009-03-29 15:26 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP988.bat
2009-03-29 15:26 . 2009-03-29 15:26 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP987.bat
2009-03-29 15:25 . 2009-03-29 15:25 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP986.bat
2009-03-29 15:25 . 2009-03-29 15:25 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP985.bat
2009-03-29 15:24 . 2009-03-29 15:24 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP984.bat
2009-03-29 15:24 . 2009-03-29 15:24 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP983.bat
2009-03-29 15:24 . 2009-03-29 15:24 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP982.bat
2009-03-29 15:23 . 2009-03-29 15:23 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP981.bat
2009-03-29 15:23 . 2009-03-29 15:23 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP980.bat
2009-03-29 15:22 . 2009-03-29 15:22 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP979.bat
2009-03-29 15:22 . 2009-03-29 15:22 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP978.bat
2009-03-29 15:21 . 2009-03-29 15:21 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP977.bat
2009-03-29 15:21 . 2009-03-29 15:21 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP976.bat
2009-03-29 15:21 . 2009-03-29 15:21 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP975.bat
2009-03-29 15:20 . 2009-03-29 15:20 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP974.bat
2009-03-29 15:20 . 2009-03-29 15:20 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP973.bat
2009-03-29 15:19 . 2009-03-29 15:19 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP972.bat
2009-03-29 15:19 . 2009-03-29 15:19 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP971.bat
2009-03-29 15:19 . 2009-03-29 15:19 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP970.bat
2009-03-29 15:18 . 2009-03-29 15:18 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP969.bat
2009-03-29 15:18 . 2009-03-29 15:18 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP968.bat
2009-03-29 15:17 . 2009-03-29 15:17 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP967.bat
2009-03-29 15:17 . 2009-03-29 15:17 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP966.bat
2009-03-29 15:16 . 2009-03-29 15:16 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP965.bat
2009-03-29 15:16 . 2009-03-29 15:16 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP964.bat
2009-03-29 15:16 . 2009-03-29 15:16 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP963.bat
2009-03-29 15:15 . 2009-03-29 15:15 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP962.bat
2009-03-29 15:15 . 2009-03-29 15:15 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP961.bat
2009-03-29 15:14 . 2009-03-29 15:14 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP960.bat
2009-03-29 15:14 . 2009-03-29 15:14 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP959.bat
2009-03-29 15:13 . 2009-03-29 15:13 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP958.bat
2009-03-29 15:13 . 2009-03-29 15:13 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP957.bat
2009-03-29 15:13 . 2009-03-29 15:13 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP956.bat
2009-03-29 15:12 . 2009-03-29 15:12 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP955.bat
2009-03-29 15:12 . 2009-03-29 15:12 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP954.bat
2009-03-29 15:11 . 2009-03-29 15:11 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP953.bat
2009-03-29 15:11 . 2009-03-29 15:11 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP952.bat
2009-03-29 15:11 . 2009-03-29 15:11 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP951.bat
2009-03-29 15:10 . 2009-03-29 15:10 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP950.bat
2009-03-29 15:10 . 2009-03-29 15:10 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP949.bat
2009-03-29 15:09 . 2009-03-29 15:09 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP948.bat
2009-03-29 15:09 . 2009-03-29 15:09 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP947.bat
2009-03-29 15:08 . 2009-03-29 15:08 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP946.bat
2009-03-29 15:08 . 2009-03-29 15:08 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP945.bat
2009-03-29 15:08 . 2009-03-29 15:08 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP944.bat
2009-03-29 15:07 . 2009-03-29 15:07 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP943.bat
2009-03-29 15:07 . 2009-03-29 15:07 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP942.bat
2009-03-29 15:06 . 2009-03-29 15:06 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP941.bat
2009-03-29 15:06 . 2009-03-29 15:06 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP940.bat
2009-03-29 15:06 . 2009-03-29 15:06 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP939.bat
2009-03-29 15:05 . 2009-03-29 15:05 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP938.bat
2009-03-29 15:05 . 2009-03-29 15:05 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP937.bat
2009-03-29 15:04 . 2009-03-29 15:04 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP936.bat
2009-03-29 15:04 . 2009-03-29 15:04 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP935.bat
2009-03-29 15:03 . 2009-03-29 15:03 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP934.bat
2009-03-29 15:03 . 2009-03-29 15:03 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP933.bat
2009-03-29 15:03 . 2009-03-29 15:03 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP932.bat
2009-03-29 15:02 . 2009-03-29 15:02 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP931.bat
2009-03-29 15:02 . 2009-03-29 15:02 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP930.bat
2009-03-29 15:01 . 2009-03-29 15:01 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP929.bat
2009-03-29 15:01 . 2009-03-29 15:01 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP928.bat
2009-03-29 15:00 . 2009-03-29 15:00 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP927.bat
2009-03-29 15:00 . 2009-03-29 15:00 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP926.bat
2009-03-29 15:00 . 2009-03-29 15:00 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP925.bat
2009-03-29 14:59 . 2009-03-29 14:59 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP924.bat
2009-03-29 14:59 . 2009-03-29 14:59 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP923.bat
2009-03-29 14:58 . 2009-03-29 14:58 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP922.bat
2009-03-29 14:58 . 2009-03-29 14:58 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP921.bat
2009-03-29 14:58 . 2009-03-29 14:58 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP920.bat
2009-03-29 14:57 . 2009-03-29 14:57 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP919.bat
2009-03-29 14:57 . 2009-03-29 14:57 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP918.bat
2009-03-29 14:56 . 2009-03-29 14:56 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP917.bat
2009-03-29 14:56 . 2009-03-29 14:56 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP916.bat
2009-03-29 14:55 . 2009-03-29 14:55 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP915.bat
2009-03-29 14:55 . 2009-03-29 14:55 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP914.bat
2009-03-29 14:55 . 2009-03-29 14:55 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP913.bat
2009-03-29 14:54 . 2009-03-29 14:54 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP912.bat
2009-03-29 14:54 . 2009-03-29 14:54 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP911.bat
2005-07-29 22:58 . 2005-07-29 22:58 56 --sha-r- c:\windows\system32\8E7057D447.sys
2007-06-05 15:50 . 2007-06-05 15:50 8 --sha-r- c:\windows\system32\D7A35688D9.sys
2006-05-03 09:06 . 2008-11-11 21:44 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-06-05 15:54 . 2007-06-05 15:50 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2008-11-11 21:44 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2008-11-11 21:44 216064 --sha-r- c:\windows\system32\nbDX.dll
.
------- Sigcheck -------
[7] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2005-05-25 19:41 339968 228B0385BBFCA24332FA22DB45A8B684 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2002-08-28 23:58 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB893066_0$\tcpip.sys
[7] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2004-08-04 06:14 359040 1745B00FC1141404B28F4B94F69A8871 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 11:51 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 11:51 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando"="c:\program files\Pando Networks\Pando\pando.exe" [2009-02-19 3913032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-10 4628480]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"amoumain"="c:\windows\amoumain.exe" [2009-05-31 281600]
"servicelayer"="c:\windows\servicelayer.exe" [2009-05-31 281600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-05-28 54888]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk
backup=c:\windows\pss\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\L4D2\\left4dead.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nSvcAppFlt.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6500:UDP"= 6500:UDP:game1
"27900:UDP"= 27900:UDP:27900
"27901:UDP"= 27901:UDP:27901
"28910:TCP"= 28910:TCP:28910
"29900:TCP"= 29900:TCP:29900
"29901:TCP"= 29901:TCP:29901
"29910:UDP"= 29910:UDP:29910
"29920:TCP"= 29920:TCP:29920
"6112:UDP"= 6112:UDP:6112
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/05/2009 17:36 64160]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [31/05/2009 13:29 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21/06/2008 04:54 66600]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [31/05/2009 13:29 65576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 921936]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 07:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 07:24 1365288]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [21/08/2005 12:06 379456]
.
Contenu du dossier 'Tâches planifiées'
2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{5FABAEFE-3C05-6581-F97A-05946655DA37} - (no file)
BHO-{eac16819-0a02-42b9-8427-a561618467d5} - c:\windows\system32\muhodogu.dll
HKCU-Run-yiteyemidi - c:\windows\system32\pugohawu.dll
HKLM-Run-yiteyemidi - c:\windows\system32\pugohawu.dll
HKLM-Run-17503904 - c:\documents and settings\All Users\Application Data\17503904\17503904.exe
HKLM-Run-97513896 - c:\documents and settings\All Users\Application Data\97513896\97513896.exe
HKLM-Run-CPM7b5acc02 - c:\windows\system32\kezuroha.dll
HKU-Default-Run-yiteyemidi - c:\windows\system32\pugohawu.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kezuroha.dll
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Seb\Application Data\Mozilla\Firefox\Profiles\z4a98i4u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 22:12
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1220945662-1677128483-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ea,82,c2,2d,5b,40,2f,d7,19,16,3e,43,d7,93,57,8a,6c,b4,9d,5f,94,82,90,
c2,ab,4b,73,8c,ea,51,b5,29,38,d8,37,ca,48,df,04,f0,20,29,8a,9c,cd,18,ad,b2,\
"??"=hex:4e,5b,94,3c,fd,7c,e9,4e,cd,39,69,eb,e3,76,76,ba
[HKEY_USERS\S-1-5-21-1220945662-1677128483-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,c7,8b,ec,31,bb,b3,94,f6,06,14,cc,56,df,fb,a9,a6,a0,ed,e7,46,
bf,b2,c5,aa,ad,ed,49,32,1e,31,e6,08,02,68,8d,8c,fe,ba,49,e9,ef,1a,3a,19,1f,\
"rkeysecu"=hex:a9,99,9e,c5,a1,49,0b,49,f2,f9,50,b9,23,28,c2,a8
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,1d,b3,6c,17,10,
fa,9a,fb,e2,63,26,f1,3f,c8,ff,68,ac,cb,8d,a9,68,ae,3f,0f,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,35,4c,39,8e,bf,
d6,89,ef,6a,9c,d6,61,af,45,84,18,44,42,8d,1a,bc,36,50,4a,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,d3,f8,d1,2e,18,
94,bd,0b,ff,7c,85,e0,43,d4,0e,fe,c5,04,fc,0c,a1,e9,07,66,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,a8,31,32,e7,7e,
69,97,74,86,8c,21,01,be,91,eb,e7,a8,d9,8f,c2,a0,d5,d2,b8,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,f5,cb,dd,c1,3d,
df,2f,26,f5,1d,4d,73,a8,13,5c,05,71,2f,f6,ee,08,ef,51,d0,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,48,16,17,c4,f7,
2b,04,25,df,20,58,62,78,6b,cf,c8,ee,f2,b2,37,02,41,e0,e6,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,94,e1,00,d1,34,
94,31,1c,fb,a7,78,e6,12,2f,9a,ea,f7,e6,27,a9,65,65,71,9a,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,c0,02,25,38,26,
7c,b3,22,01,3a,48,fc,e8,04,4a,f1,4f,29,02,1d,fe,47,f8,df,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,ac,63,52,cc,07,
db,f1,5d,f6,0f,4e,58,98,5b,89,c9,95,1e,67,0d,96,e6,26,38,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,94,98,e7,68,9b,
17,7c,26,3d,ce,ea,26,2d,45,aa,78,4d,39,56,a2,5e,01,2c,92,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,1f,eb,94,c2,16,
d9,10,98,2a,b7,cc,b5,b9,7f,41,e7,06,6e,cc,40,d2,ad,5e,23,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,a0,4e,cf,89,77,
8f,27,a6,6c,43,2d,1e,aa,22,2f,9c,25,ce,49,b4,66,a7,fe,fe,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3652)
c:\windows\system32\msi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-06-01 22:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-01 20:18
Avant-CF: 1 503 154 176 octets libres
Après-CF: 1 372 028 928 octets libres
430
ComboFix 09-05-31.06 - Seb 01/06/2009 21:56.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1535.1071 [GMT 2:00]
Lancé depuis: c:\documents and settings\Seb\Bureau\ComboFix.exe
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\windows\system32\getaviwi.dll
c:\windows\system32\kezuroha.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\17503904
c:\documents and settings\All Users\Application Data\17503904\17503904.exe
c:\documents and settings\All Users\Application Data\17503904\17503904.glu
c:\documents and settings\All Users\Application Data\17503904\pc17503904cnf
c:\documents and settings\All Users\Application Data\17503904\pc17503904ins
c:\documents and settings\All Users\Application Data\97513896
c:\documents and settings\All Users\Application Data\97513896\97513896.exe
c:\documents and settings\Seb\Application Data\.#
c:\documents and settings\Seb\Application Data\.#\MBX@B24@3741A8.###
c:\documents and settings\Seb\Application Data\.#\MBX@B24@3741D8.###
c:\documents and settings\Seb\Application Data\.#\MBX@B24@374208.###
c:\windows\ctfmon.exe
c:\windows\lsass.exe
c:\windows\system32\akedikut.ini
c:\windows\system32\aleboyid.ini
c:\windows\system32\anevenoy.ini
c:\windows\system32\asiteres.ini
c:\windows\system32\dimoburi.dll
c:\windows\system32\drivers\msqpdxcyrrmwbh.sys
c:\windows\system32\drivers\msqpdxituedbbr.sys
c:\windows\system32\drivers\msqpdxqbnmpfqx.sys
c:\windows\system32\ebalupez.ini
c:\windows\system32\ebitokud.ini
c:\windows\system32\eralokuk.ini
c:\windows\system32\ewagurom.ini
c:\windows\system32\eyapagev.ini
c:\windows\system32\fibikavi.dll
c:\windows\system32\gukowema.dll
c:\windows\system32\igidobum.ini
c:\windows\system32\ikayibon.ini
c:\windows\system32\isebihos.ini
c:\windows\system32\isehofed.ini
c:\windows\system32\itiwedil.ini
c:\windows\system32\ivakibif.ini
c:\windows\system32\iyemahes.ini
c:\windows\system32\jefiyuna.dll
c:\windows\system32\kadidika.dll
c:\windows\system32\msqpdxxrbfamwq.dll
c:\windows\system32\muhodogu.dll
c:\windows\system32\muzupera.dll
c:\windows\system32\ntos.exe
c:\windows\system32\ofeyahij.ini
c:\windows\system32\ohuhitim.ini
c:\windows\system32\oketifif.ini
c:\windows\system32\olodekar.ini
c:\windows\system32\onolavoy.ini
c:\windows\system32\otoliyef.ini
c:\windows\system32\owemavod.ini
c:\windows\system32\pasagami.dll
c:\windows\system32\pugohawu.dll
c:\windows\system32\rnaph.dll
c:\windows\system32\upelifen.ini
c:\windows\system32\urelizud.ini
c:\windows\system32\utofopor.ini
c:\windows\system32\utuvayen.ini
c:\windows\system32\uyejehag.ini
c:\windows\system32\uzohavat.ini
c:\windows\system32\veyetidi.dll
c:\windows\system32\wsnpoem
c:\windows\system32\wsnpoem\audio.dll
c:\windows\system32\wsnpoem\video.dll
c:\windows\system32\yagejani.dll
c:\windows\system32\yivozizi.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_msqpdxserv.sys
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-01 au 2009-06-01 ))))))))))))))))))))))))))))))))))))
.
2009-06-01 19:28 . 2009-06-01 19:30 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-05-31 14:52 . 2009-06-01 19:13 -------- d-----w- C:\UsbFix
2009-05-31 14:10 . 2009-05-31 14:19 -------- d-----w- c:\program files\trend micro
2009-05-31 14:10 . 2009-05-31 14:10 -------- d-----w- C:\rsit
2009-05-31 11:29 . 2008-10-31 05:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2009-05-31 11:29 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2009-05-31 11:29 . 2009-05-31 11:29 -------- d-----w- c:\program files\Sunbelt Software
2009-05-31 03:28 . 2009-05-31 03:28 281600 ----a-w- c:\windows\servicelayer.exe
2009-05-31 03:28 . 2009-05-31 03:28 281600 ----a-w- c:\windows\amoumain.exe
2009-05-31 03:27 . 2009-05-31 04:07 109 --sha-w- c:\windows\system32\2020212529.dat
2009-05-31 03:27 . 2009-05-31 03:27 41984 --sha-r- c:\windows\system32\8E7057D447z.exe
2009-05-19 16:20 . 2009-05-19 16:20 81924 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\doheyesi.dll
2009-05-19 16:20 . 2009-05-19 16:20 78852 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\kukolare.dll
2009-05-19 16:20 . 2009-05-19 16:20 49668 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\surujesu.dll
2009-05-19 16:20 . 2009-05-19 16:20 49668 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\rigebevu.dll
2009-05-19 16:20 . 2009-05-19 16:20 49668 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\lepopoka.dll
2009-05-19 16:20 . 2009-05-19 16:20 469508 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\ThreatWork\Submit\uninstall.exe
2009-05-18 16:25 . 2009-01-18 21:35 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-18 15:36 . 2009-01-18 21:30 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-18 15:35 . 2009-05-18 15:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-18 15:35 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-05-07 12:41 . 2009-05-07 12:41 -------- d-----w- c:\documents and settings\LocalService\Bureau
2009-05-07 12:35 . 2009-05-18 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 03:54 . 1601-01-01 00:12 80896 ----a-w- c:\windows\system32\kezuroha.dll.vir
2009-05-26 18:25 . 2007-11-20 08:22 -------- d-----w- c:\documents and settings\Seb\Application Data\OpenOffice.org2
2009-05-26 18:16 . 2007-11-20 08:23 1 ----a-w- c:\documents and settings\Seb\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-20 16:47 . 2001-08-28 10:00 75506 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-20 16:47 . 2001-08-28 10:00 468490 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-18 15:35 . 2007-06-21 11:45 -------- d-----w- c:\program files\Lavasoft
2009-05-16 10:08 . 2007-11-18 23:14 -------- d-----w- c:\documents and settings\Seb\Application Data\dvdcss
2009-05-13 14:46 . 2007-06-15 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-05-07 12:26 . 2006-08-02 20:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-07 12:26 . 2006-08-02 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-07 16:20 . 2009-04-07 15:32 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP1000.bat
2009-03-29 15:31 . 2009-03-29 15:31 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP999.bat
2009-03-29 15:30 . 2009-03-29 15:30 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP998.bat
2009-03-29 15:30 . 2009-03-29 15:30 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP997.bat
2009-03-29 15:29 . 2009-03-29 15:29 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP996.bat
2009-03-29 15:29 . 2009-03-29 15:29 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP995.bat
2009-03-29 15:29 . 2009-03-29 15:29 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP994.bat
2009-03-29 15:28 . 2009-03-29 15:28 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP993.bat
2009-03-29 15:28 . 2009-03-29 15:28 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP992.bat
2009-03-29 15:27 . 2009-03-29 15:27 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP991.bat
2009-03-29 15:27 . 2009-03-29 15:27 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP990.bat
2009-03-29 15:27 . 2009-03-29 15:27 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP989.bat
2009-03-29 15:26 . 2009-03-29 15:26 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP988.bat
2009-03-29 15:26 . 2009-03-29 15:26 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP987.bat
2009-03-29 15:25 . 2009-03-29 15:25 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP986.bat
2009-03-29 15:25 . 2009-03-29 15:25 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP985.bat
2009-03-29 15:24 . 2009-03-29 15:24 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP984.bat
2009-03-29 15:24 . 2009-03-29 15:24 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP983.bat
2009-03-29 15:24 . 2009-03-29 15:24 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP982.bat
2009-03-29 15:23 . 2009-03-29 15:23 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP981.bat
2009-03-29 15:23 . 2009-03-29 15:23 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP980.bat
2009-03-29 15:22 . 2009-03-29 15:22 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP979.bat
2009-03-29 15:22 . 2009-03-29 15:22 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP978.bat
2009-03-29 15:21 . 2009-03-29 15:21 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP977.bat
2009-03-29 15:21 . 2009-03-29 15:21 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP976.bat
2009-03-29 15:21 . 2009-03-29 15:21 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP975.bat
2009-03-29 15:20 . 2009-03-29 15:20 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP974.bat
2009-03-29 15:20 . 2009-03-29 15:20 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP973.bat
2009-03-29 15:19 . 2009-03-29 15:19 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP972.bat
2009-03-29 15:19 . 2009-03-29 15:19 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP971.bat
2009-03-29 15:19 . 2009-03-29 15:19 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP970.bat
2009-03-29 15:18 . 2009-03-29 15:18 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP969.bat
2009-03-29 15:18 . 2009-03-29 15:18 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP968.bat
2009-03-29 15:17 . 2009-03-29 15:17 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP967.bat
2009-03-29 15:17 . 2009-03-29 15:17 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP966.bat
2009-03-29 15:16 . 2009-03-29 15:16 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP965.bat
2009-03-29 15:16 . 2009-03-29 15:16 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP964.bat
2009-03-29 15:16 . 2009-03-29 15:16 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP963.bat
2009-03-29 15:15 . 2009-03-29 15:15 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP962.bat
2009-03-29 15:15 . 2009-03-29 15:15 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP961.bat
2009-03-29 15:14 . 2009-03-29 15:14 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP960.bat
2009-03-29 15:14 . 2009-03-29 15:14 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP959.bat
2009-03-29 15:13 . 2009-03-29 15:13 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP958.bat
2009-03-29 15:13 . 2009-03-29 15:13 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP957.bat
2009-03-29 15:13 . 2009-03-29 15:13 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP956.bat
2009-03-29 15:12 . 2009-03-29 15:12 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP955.bat
2009-03-29 15:12 . 2009-03-29 15:12 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP954.bat
2009-03-29 15:11 . 2009-03-29 15:11 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP953.bat
2009-03-29 15:11 . 2009-03-29 15:11 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP952.bat
2009-03-29 15:11 . 2009-03-29 15:11 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP951.bat
2009-03-29 15:10 . 2009-03-29 15:10 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP950.bat
2009-03-29 15:10 . 2009-03-29 15:10 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP949.bat
2009-03-29 15:09 . 2009-03-29 15:09 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP948.bat
2009-03-29 15:09 . 2009-03-29 15:09 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP947.bat
2009-03-29 15:08 . 2009-03-29 15:08 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP946.bat
2009-03-29 15:08 . 2009-03-29 15:08 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP945.bat
2009-03-29 15:08 . 2009-03-29 15:08 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP944.bat
2009-03-29 15:07 . 2009-03-29 15:07 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP943.bat
2009-03-29 15:07 . 2009-03-29 15:07 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP942.bat
2009-03-29 15:06 . 2009-03-29 15:06 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP941.bat
2009-03-29 15:06 . 2009-03-29 15:06 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP940.bat
2009-03-29 15:06 . 2009-03-29 15:06 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP939.bat
2009-03-29 15:05 . 2009-03-29 15:05 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP938.bat
2009-03-29 15:05 . 2009-03-29 15:05 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP937.bat
2009-03-29 15:04 . 2009-03-29 15:04 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP936.bat
2009-03-29 15:04 . 2009-03-29 15:04 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP935.bat
2009-03-29 15:03 . 2009-03-29 15:03 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP934.bat
2009-03-29 15:03 . 2009-03-29 15:03 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP933.bat
2009-03-29 15:03 . 2009-03-29 15:03 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP932.bat
2009-03-29 15:02 . 2009-03-29 15:02 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP931.bat
2009-03-29 15:02 . 2009-03-29 15:02 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP930.bat
2009-03-29 15:01 . 2009-03-29 15:01 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP929.bat
2009-03-29 15:01 . 2009-03-29 15:01 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP928.bat
2009-03-29 15:00 . 2009-03-29 15:00 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP927.bat
2009-03-29 15:00 . 2009-03-29 15:00 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP926.bat
2009-03-29 15:00 . 2009-03-29 15:00 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP925.bat
2009-03-29 14:59 . 2009-03-29 14:59 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP924.bat
2009-03-29 14:59 . 2009-03-29 14:59 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP923.bat
2009-03-29 14:58 . 2009-03-29 14:58 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP922.bat
2009-03-29 14:58 . 2009-03-29 14:58 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP921.bat
2009-03-29 14:58 . 2009-03-29 14:58 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP920.bat
2009-03-29 14:57 . 2009-03-29 14:57 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP919.bat
2009-03-29 14:57 . 2009-03-29 14:57 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP918.bat
2009-03-29 14:56 . 2009-03-29 14:56 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP917.bat
2009-03-29 14:56 . 2009-03-29 14:56 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP916.bat
2009-03-29 14:55 . 2009-03-29 14:55 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP915.bat
2009-03-29 14:55 . 2009-03-29 14:55 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP914.bat
2009-03-29 14:55 . 2009-03-29 14:55 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP913.bat
2009-03-29 14:54 . 2009-03-29 14:54 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP912.bat
2009-03-29 14:54 . 2009-03-29 14:54 117504 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP911.bat
2005-07-29 22:58 . 2005-07-29 22:58 56 --sha-r- c:\windows\system32\8E7057D447.sys
2007-06-05 15:50 . 2007-06-05 15:50 8 --sha-r- c:\windows\system32\D7A35688D9.sys
2006-05-03 09:06 . 2008-11-11 21:44 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-06-05 15:54 . 2007-06-05 15:50 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2008-11-11 21:44 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2008-11-11 21:44 216064 --sha-r- c:\windows\system32\nbDX.dll
.
------- Sigcheck -------
[7] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2005-05-25 19:41 339968 228B0385BBFCA24332FA22DB45A8B684 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2002-08-28 23:58 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB893066_0$\tcpip.sys
[7] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2004-08-04 06:14 359040 1745B00FC1141404B28F4B94F69A8871 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 11:51 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 11:51 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando"="c:\program files\Pando Networks\Pando\pando.exe" [2009-02-19 3913032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-10 4628480]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"amoumain"="c:\windows\amoumain.exe" [2009-05-31 281600]
"servicelayer"="c:\windows\servicelayer.exe" [2009-05-31 281600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-05-28 54888]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk
backup=c:\windows\pss\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\L4D2\\left4dead.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nSvcAppFlt.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6500:UDP"= 6500:UDP:game1
"27900:UDP"= 27900:UDP:27900
"27901:UDP"= 27901:UDP:27901
"28910:TCP"= 28910:TCP:28910
"29900:TCP"= 29900:TCP:29900
"29901:TCP"= 29901:TCP:29901
"29910:UDP"= 29910:UDP:29910
"29920:TCP"= 29920:TCP:29920
"6112:UDP"= 6112:UDP:6112
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18/05/2009 17:36 64160]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [31/05/2009 13:29 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21/06/2008 04:54 66600]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [31/05/2009 13:29 65576]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 23:34 921936]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 07:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 07:24 1365288]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [21/08/2005 12:06 379456]
.
Contenu du dossier 'Tâches planifiées'
2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{5FABAEFE-3C05-6581-F97A-05946655DA37} - (no file)
BHO-{eac16819-0a02-42b9-8427-a561618467d5} - c:\windows\system32\muhodogu.dll
HKCU-Run-yiteyemidi - c:\windows\system32\pugohawu.dll
HKLM-Run-yiteyemidi - c:\windows\system32\pugohawu.dll
HKLM-Run-17503904 - c:\documents and settings\All Users\Application Data\17503904\17503904.exe
HKLM-Run-97513896 - c:\documents and settings\All Users\Application Data\97513896\97513896.exe
HKLM-Run-CPM7b5acc02 - c:\windows\system32\kezuroha.dll
HKU-Default-Run-yiteyemidi - c:\windows\system32\pugohawu.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kezuroha.dll
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Seb\Application Data\Mozilla\Firefox\Profiles\z4a98i4u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 22:12
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1220945662-1677128483-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ea,82,c2,2d,5b,40,2f,d7,19,16,3e,43,d7,93,57,8a,6c,b4,9d,5f,94,82,90,
c2,ab,4b,73,8c,ea,51,b5,29,38,d8,37,ca,48,df,04,f0,20,29,8a,9c,cd,18,ad,b2,\
"??"=hex:4e,5b,94,3c,fd,7c,e9,4e,cd,39,69,eb,e3,76,76,ba
[HKEY_USERS\S-1-5-21-1220945662-1677128483-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,c7,8b,ec,31,bb,b3,94,f6,06,14,cc,56,df,fb,a9,a6,a0,ed,e7,46,
bf,b2,c5,aa,ad,ed,49,32,1e,31,e6,08,02,68,8d,8c,fe,ba,49,e9,ef,1a,3a,19,1f,\
"rkeysecu"=hex:a9,99,9e,c5,a1,49,0b,49,f2,f9,50,b9,23,28,c2,a8
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,1d,b3,6c,17,10,
fa,9a,fb,e2,63,26,f1,3f,c8,ff,68,ac,cb,8d,a9,68,ae,3f,0f,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,35,4c,39,8e,bf,
d6,89,ef,6a,9c,d6,61,af,45,84,18,44,42,8d,1a,bc,36,50,4a,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,d3,f8,d1,2e,18,
94,bd,0b,ff,7c,85,e0,43,d4,0e,fe,c5,04,fc,0c,a1,e9,07,66,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,a8,31,32,e7,7e,
69,97,74,86,8c,21,01,be,91,eb,e7,a8,d9,8f,c2,a0,d5,d2,b8,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,f5,cb,dd,c1,3d,
df,2f,26,f5,1d,4d,73,a8,13,5c,05,71,2f,f6,ee,08,ef,51,d0,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,48,16,17,c4,f7,
2b,04,25,df,20,58,62,78,6b,cf,c8,ee,f2,b2,37,02,41,e0,e6,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,94,e1,00,d1,34,
94,31,1c,fb,a7,78,e6,12,2f,9a,ea,f7,e6,27,a9,65,65,71,9a,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,c0,02,25,38,26,
7c,b3,22,01,3a,48,fc,e8,04,4a,f1,4f,29,02,1d,fe,47,f8,df,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,ac,63,52,cc,07,
db,f1,5d,f6,0f,4e,58,98,5b,89,c9,95,1e,67,0d,96,e6,26,38,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,94,98,e7,68,9b,
17,7c,26,3d,ce,ea,26,2d,45,aa,78,4d,39,56,a2,5e,01,2c,92,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,1f,eb,94,c2,16,
d9,10,98,2a,b7,cc,b5,b9,7f,41,e7,06,6e,cc,40,d2,ad,5e,23,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,a0,4e,cf,89,77,
8f,27,a6,6c,43,2d,1e,aa,22,2f,9c,25,ce,49,b4,66,a7,fe,fe,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3652)
c:\windows\system32\msi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-06-01 22:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-01 20:18
Avant-CF: 1 503 154 176 octets libres
Après-CF: 1 372 028 928 octets libres
430
NoNaMe_
Messages postés
13
Date d'inscription
dimanche 31 mai 2009
Statut
Membre
Dernière intervention
8 juin 2009
2 juin 2009 à 19:19
2 juin 2009 à 19:19
Hop!
Est ce que j'ai d autres démarches a faire?
Merci :)
Est ce que j'ai d autres démarches a faire?
Merci :)
NoNaMe_
Messages postés
13
Date d'inscription
dimanche 31 mai 2009
Statut
Membre
Dernière intervention
8 juin 2009
3 juin 2009 à 15:19
3 juin 2009 à 15:19
Si qqun peut jeter un coup d oeil aux rapport c est cool d avance merki :--)
loloetseb
Messages postés
5508
Date d'inscription
dimanche 14 décembre 2008
Statut
Membre
Dernière intervention
22 avril 2012
174
4 juin 2009 à 22:22
4 juin 2009 à 22:22
Retour de deplacement,j'analyse le rapport et te donne la procedure
loloetseb
Messages postés
5508
Date d'inscription
dimanche 14 décembre 2008
Statut
Membre
Dernière intervention
22 avril 2012
174
4 juin 2009 à 22:40
4 juin 2009 à 22:40
_______________________________________________________________________________________________
|======>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=========|
|======>il est fort déconseillé de le transposer sur un autre ordinateur !<==========|
-----------------------------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
File::
c:\windows\system32\getaviwi.dll
c:\windows\system32\kezuroha.dll
C:\32788R22FWJFW.0.tmp
c:\windows\servicelayer.exe
c:\windows\amoumain.exe
c:\windows\system32\2020212529.dat
c:\windows\system32\8E7057D447z.exe
c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
c:\windows\system32\kezuroha.dll.vir
c:\windows\system32\8E7057D447.sys
c:\windows\system32\D7A35688D9.sys
Driver::
procexp90
------------------------------------------------------------------
• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
• Quitte le Bloc Notes
• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
NoNaMe_
Messages postés
13
Date d'inscription
dimanche 31 mai 2009
Statut
Membre
Dernière intervention
8 juin 2009
7 juin 2009 à 15:28
7 juin 2009 à 15:28
Voici le rapport:
ComboFix 09-05-31.06 - Seb 07/06/2009 15:05.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1535.998 [GMT 2:00]
Lancé depuis: c:\documents and settings\Seb\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Seb\Bureau\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
"C:\32788R22FWJFW.0.tmp"
"c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}"
"c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe"
"c:\windows\amoumain.exe"
"c:\windows\servicelayer.exe"
"c:\windows\system32\2020212529.dat"
"c:\windows\system32\8E7057D447.sys"
"c:\windows\system32\8E7057D447z.exe"
"c:\windows\system32\D7A35688D9.sys"
"c:\windows\system32\getaviwi.dll"
"c:\windows\system32\kezuroha.dll"
"c:\windows\system32\kezuroha.dll.vir"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\2020212529.dat
c:\windows\system32\8E7057D447.sys
c:\windows\system32\D7A35688D9.sys
c:\windows\system32\getaviwi.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PROCEXP90
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-07 au 2009-06-07 ))))))))))))))))))))))))))))))))))))
.
2009-06-04 18:46 . 2009-06-04 18:57 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-04 18:42 . 2009-06-04 18:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-04 18:42 . 2009-06-04 18:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-04 18:41 . 2009-06-04 18:41 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-04 18:41 . 2009-06-04 18:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-04 18:41 . 2009-06-07 08:46 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-04 18:41 . 2009-06-06 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-04 18:41 . 2009-06-04 18:41 -------- d-----w- c:\program files\AVG
2009-06-01 19:28 . 2009-06-01 19:30 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-05-31 14:52 . 2009-06-01 19:13 -------- d-----w- C:\UsbFix
2009-05-31 14:10 . 2009-05-31 14:19 -------- d-----w- c:\program files\trend micro
2009-05-31 14:10 . 2009-05-31 14:10 -------- d-----w- C:\rsit
2009-05-31 11:29 . 2008-10-31 05:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2009-05-31 11:29 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2009-05-31 11:29 . 2009-05-31 11:29 -------- d-----w- c:\program files\Sunbelt Software
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 20:21 . 2009-05-07 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-01 20:21 . 2007-06-21 11:45 -------- d-----w- c:\program files\Lavasoft
2009-05-26 18:25 . 2007-11-20 08:22 -------- d-----w- c:\documents and settings\Seb\Application Data\OpenOffice.org2
2009-05-26 18:16 . 2007-11-20 08:23 1 ----a-w- c:\documents and settings\Seb\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-20 16:47 . 2001-08-28 10:00 75506 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-20 16:47 . 2001-08-28 10:00 468490 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-16 10:08 . 2007-11-18 23:14 -------- d-----w- c:\documents and settings\Seb\Application Data\dvdcss
2009-05-13 14:46 . 2007-06-15 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-05-07 12:26 . 2006-08-02 20:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-07 12:26 . 2006-08-02 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-20 10:37 . 2005-06-25 16:48 22040 ----a-w- c:\documents and settings\Seb\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 09:06 . 2008-11-11 21:44 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-06-05 15:54 . 2007-06-05 15:50 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2008-11-11 21:44 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2008-11-11 21:44 216064 --sha-r- c:\windows\system32\nbDX.dll
.
------- Sigcheck -------
[7] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2005-05-25 19:41 339968 228B0385BBFCA24332FA22DB45A8B684 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2002-08-28 23:58 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB893066_0$\tcpip.sys
[7] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2004-08-04 06:14 359040 1745B00FC1141404B28F4B94F69A8871 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 11:51 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 11:51 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-10 4628480]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-04 1947928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-05-28 54888]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-04 18:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk
backup=c:\windows\pss\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\L4D2\\left4dead.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nSvcAppFlt.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6500:UDP"= 6500:UDP:game1
"27900:UDP"= 27900:UDP:27900
"27901:UDP"= 27901:UDP:27901
"28910:TCP"= 28910:TCP:28910
"29900:TCP"= 29900:TCP:29900
"29901:TCP"= 29901:TCP:29901
"29910:UDP"= 29910:UDP:29910
"29920:TCP"= 29920:TCP:29920
"6112:UDP"= 6112:UDP:6112
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/06/2009 20:41 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/06/2009 20:42 108552]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [31/05/2009 13:29 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21/06/2008 04:54 66600]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/06/2009 20:41 298776]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [31/05/2009 13:29 65576]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 07:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 07:24 1365288]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [21/08/2005 12:06 379456]
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Seb\Application Data\Mozilla\Firefox\Profiles\z4a98i4u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 15:13
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1220945662-1677128483-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ea,82,c2,2d,5b,40,2f,d7,19,16,3e,43,d7,93,57,8a,6c,b4,9d,5f,94,82,90,
c2,ab,4b,73,8c,ea,51,b5,29,38,d8,37,ca,48,df,04,f0,20,29,8a,9c,cd,18,ad,b2,\
"??"=hex:4e,5b,94,3c,fd,7c,e9,4e,cd,39,69,eb,e3,76,76,ba
[HKEY_USERS\S-1-5-21-1220945662-1677128483-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,c7,8b,ec,31,bb,b3,94,f6,06,14,cc,56,df,fb,a9,a6,a0,ed,e7,46,
bf,b2,c5,aa,ad,ed,49,32,1e,31,e6,08,02,68,8d,8c,fe,ba,49,e9,ef,1a,3a,19,1f,\
"rkeysecu"=hex:a9,99,9e,c5,a1,49,0b,49,f2,f9,50,b9,23,28,c2,a8
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,1d,b3,6c,17,10,
fa,9a,fb,e2,63,26,f1,3f,c8,ff,68,ac,cb,8d,a9,68,ae,3f,0f,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,35,4c,39,8e,bf,
d6,89,ef,6a,9c,d6,61,af,45,84,18,44,42,8d,1a,bc,36,50,4a,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,d3,f8,d1,2e,18,
94,bd,0b,ff,7c,85,e0,43,d4,0e,fe,c5,04,fc,0c,a1,e9,07,66,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,a8,31,32,e7,7e,
69,97,74,86,8c,21,01,be,91,eb,e7,a8,d9,8f,c2,a0,d5,d2,b8,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,f5,cb,dd,c1,3d,
df,2f,26,f5,1d,4d,73,a8,13,5c,05,71,2f,f6,ee,08,ef,51,d0,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,48,16,17,c4,f7,
2b,04,25,df,20,58,62,78,6b,cf,c8,ee,f2,b2,37,02,41,e0,e6,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,94,e1,00,d1,34,
94,31,1c,fb,a7,78,e6,12,2f,9a,ea,f7,e6,27,a9,65,65,71,9a,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,c0,02,25,38,26,
7c,b3,22,01,3a,48,fc,e8,04,4a,f1,4f,29,02,1d,fe,47,f8,df,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,ac,63,52,cc,07,
db,f1,5d,f6,0f,4e,58,98,5b,89,c9,95,1e,67,0d,96,e6,26,38,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,94,98,e7,68,9b,
17,7c,26,3d,ce,ea,26,2d,45,aa,78,4d,39,56,a2,5e,01,2c,92,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,1f,eb,94,c2,16,
d9,10,98,2a,b7,cc,b5,b9,7f,41,e7,06,6e,cc,40,d2,ad,5e,23,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,a0,4e,cf,89,77,
8f,27,a6,6c,43,2d,1e,aa,22,2f,9c,25,ce,49,b4,66,a7,fe,fe,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(784)
c:\windows\system32\msi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Heure de fin: 2009-06-07 15:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-07 13:18
ComboFix2.txt 2009-06-01 20:18
Avant-CF: 932 577 280 octets libres
Après-CF: 915 435 520 octets libres
276
Encore merci!
ComboFix 09-05-31.06 - Seb 07/06/2009 15:05.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1535.998 [GMT 2:00]
Lancé depuis: c:\documents and settings\Seb\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Seb\Bureau\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
FILE ::
"C:\32788R22FWJFW.0.tmp"
"c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}"
"c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe"
"c:\windows\amoumain.exe"
"c:\windows\servicelayer.exe"
"c:\windows\system32\2020212529.dat"
"c:\windows\system32\8E7057D447.sys"
"c:\windows\system32\8E7057D447z.exe"
"c:\windows\system32\D7A35688D9.sys"
"c:\windows\system32\getaviwi.dll"
"c:\windows\system32\kezuroha.dll"
"c:\windows\system32\kezuroha.dll.vir"
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\2020212529.dat
c:\windows\system32\8E7057D447.sys
c:\windows\system32\D7A35688D9.sys
c:\windows\system32\getaviwi.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PROCEXP90
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-07 au 2009-06-07 ))))))))))))))))))))))))))))))))))))
.
2009-06-04 18:46 . 2009-06-04 18:57 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-04 18:42 . 2009-06-04 18:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-04 18:42 . 2009-06-04 18:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-04 18:41 . 2009-06-04 18:41 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-04 18:41 . 2009-06-04 18:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-04 18:41 . 2009-06-07 08:46 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-04 18:41 . 2009-06-06 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-04 18:41 . 2009-06-04 18:41 -------- d-----w- c:\program files\AVG
2009-06-01 19:28 . 2009-06-01 19:30 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-05-31 14:52 . 2009-06-01 19:13 -------- d-----w- C:\UsbFix
2009-05-31 14:10 . 2009-05-31 14:19 -------- d-----w- c:\program files\trend micro
2009-05-31 14:10 . 2009-05-31 14:10 -------- d-----w- C:\rsit
2009-05-31 11:29 . 2008-10-31 05:09 270888 ----a-r- c:\windows\system32\drivers\SbFw.sys
2009-05-31 11:29 . 2008-06-21 02:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2009-05-31 11:29 . 2009-05-31 11:29 -------- d-----w- c:\program files\Sunbelt Software
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 20:21 . 2009-05-07 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-01 20:21 . 2007-06-21 11:45 -------- d-----w- c:\program files\Lavasoft
2009-05-26 18:25 . 2007-11-20 08:22 -------- d-----w- c:\documents and settings\Seb\Application Data\OpenOffice.org2
2009-05-26 18:16 . 2007-11-20 08:23 1 ----a-w- c:\documents and settings\Seb\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-05-20 16:47 . 2001-08-28 10:00 75506 ----a-w- c:\windows\system32\perfc00C.dat
2009-05-20 16:47 . 2001-08-28 10:00 468490 ----a-w- c:\windows\system32\perfh00C.dat
2009-05-16 10:08 . 2007-11-18 23:14 -------- d-----w- c:\documents and settings\Seb\Application Data\dvdcss
2009-05-13 14:46 . 2007-06-15 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-05-07 12:26 . 2006-08-02 20:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-07 12:26 . 2006-08-02 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-20 10:37 . 2005-06-25 16:48 22040 ----a-w- c:\documents and settings\Seb\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-05-03 09:06 . 2008-11-11 21:44 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-06-05 15:54 . 2007-06-05 15:50 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 . 2008-11-11 21:44 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2008-11-11 21:44 216064 --sha-r- c:\windows\system32\nbDX.dll
.
------- Sigcheck -------
[7] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[7] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2005-05-25 19:41 339968 228B0385BBFCA24332FA22DB45A8B684 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2002-08-28 23:58 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB893066_0$\tcpip.sys
[7] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2004-08-04 06:14 359040 1745B00FC1141404B28F4B94F69A8871 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 11:51 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\dllcache\tcpip.sys
[-] 2006-04-20 11:51 359808 021415AD071EF3944C27DC9597ED2214 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-01-10 4628480]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-04 1947928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-05-28 54888]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-04 18:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk
backup=c:\windows\pss\Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\L4D2\\left4dead.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nSvcAppFlt.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6500:UDP"= 6500:UDP:game1
"27900:UDP"= 27900:UDP:27900
"27901:UDP"= 27901:UDP:27901
"28910:TCP"= 28910:TCP:28910
"29900:TCP"= 29900:TCP:29900
"29901:TCP"= 29901:TCP:29901
"29910:UDP"= 29910:UDP:29910
"29920:TCP"= 29920:TCP:29920
"6112:UDP"= 6112:UDP:6112
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/06/2009 20:41 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/06/2009 20:42 108552]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [31/05/2009 13:29 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21/06/2008 04:54 66600]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/06/2009 20:41 298776]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [31/05/2009 13:29 65576]
S2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 07:24 95528]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 07:24 1365288]
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFTVFM\WFIOCTL.SYS --> c:\program files\WinFast\WFTVFM\WFIOCTL.SYS [?]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [21/08/2005 12:06 379456]
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Seb\Application Data\Mozilla\Firefox\Profiles\z4a98i4u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 15:13
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1220945662-1677128483-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ea,82,c2,2d,5b,40,2f,d7,19,16,3e,43,d7,93,57,8a,6c,b4,9d,5f,94,82,90,
c2,ab,4b,73,8c,ea,51,b5,29,38,d8,37,ca,48,df,04,f0,20,29,8a,9c,cd,18,ad,b2,\
"??"=hex:4e,5b,94,3c,fd,7c,e9,4e,cd,39,69,eb,e3,76,76,ba
[HKEY_USERS\S-1-5-21-1220945662-1677128483-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,c7,8b,ec,31,bb,b3,94,f6,06,14,cc,56,df,fb,a9,a6,a0,ed,e7,46,
bf,b2,c5,aa,ad,ed,49,32,1e,31,e6,08,02,68,8d,8c,fe,ba,49,e9,ef,1a,3a,19,1f,\
"rkeysecu"=hex:a9,99,9e,c5,a1,49,0b,49,f2,f9,50,b9,23,28,c2,a8
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,1d,b3,6c,17,10,
fa,9a,fb,e2,63,26,f1,3f,c8,ff,68,ac,cb,8d,a9,68,ae,3f,0f,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,35,4c,39,8e,bf,
d6,89,ef,6a,9c,d6,61,af,45,84,18,44,42,8d,1a,bc,36,50,4a,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,d3,f8,d1,2e,18,
94,bd,0b,ff,7c,85,e0,43,d4,0e,fe,c5,04,fc,0c,a1,e9,07,66,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,a8,31,32,e7,7e,
69,97,74,86,8c,21,01,be,91,eb,e7,a8,d9,8f,c2,a0,d5,d2,b8,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,f5,cb,dd,c1,3d,
df,2f,26,f5,1d,4d,73,a8,13,5c,05,71,2f,f6,ee,08,ef,51,d0,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,48,16,17,c4,f7,
2b,04,25,df,20,58,62,78,6b,cf,c8,ee,f2,b2,37,02,41,e0,e6,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,94,e1,00,d1,34,
94,31,1c,fb,a7,78,e6,12,2f,9a,ea,f7,e6,27,a9,65,65,71,9a,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,c0,02,25,38,26,
7c,b3,22,01,3a,48,fc,e8,04,4a,f1,4f,29,02,1d,fe,47,f8,df,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,ac,63,52,cc,07,
db,f1,5d,f6,0f,4e,58,98,5b,89,c9,95,1e,67,0d,96,e6,26,38,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,94,98,e7,68,9b,
17,7c,26,3d,ce,ea,26,2d,45,aa,78,4d,39,56,a2,5e,01,2c,92,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,1f,eb,94,c2,16,
d9,10,98,2a,b7,cc,b5,b9,7f,41,e7,06,6e,cc,40,d2,ad,5e,23,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,a0,4e,cf,89,77,
8f,27,a6,6c,43,2d,1e,aa,22,2f,9c,25,ce,49,b4,66,a7,fe,fe,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(784)
c:\windows\system32\msi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Heure de fin: 2009-06-07 15:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-07 13:18
ComboFix2.txt 2009-06-01 20:18
Avant-CF: 932 577 280 octets libres
Après-CF: 915 435 520 octets libres
276
Encore merci!
loloetseb
Messages postés
5508
Date d'inscription
dimanche 14 décembre 2008
Statut
Membre
Dernière intervention
22 avril 2012
174
7 juin 2009 à 19:39
7 juin 2009 à 19:39
Télécharge Superantispyware (SAS)
Choisis "enregistrer" et enregistre-le sur ton bureau.
Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.
Créé une icône sur le bureau.
Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.
- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
- Sous Configuration and Preferences, clique sur le bouton "Preferences"
- Clique sur l'onglet "Scanning Control "
- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
- Laisse les autres lignes décochées.
- Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.
- Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".
Dans la colonne de gauche, coche C:\Fixed Drive.
Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"
Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.
A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.
Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".
Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.
Pour recopier les informations sur le forum, fais ceci :
- après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
- Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.
- Le rapport va s'ouvrir dans ton éditeur de texte par défaut.
- Copie son contenu dans ta réponse.
Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.
Choisis "enregistrer" et enregistre-le sur ton bureau.
Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.
Créé une icône sur le bureau.
Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.
- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
- Sous Configuration and Preferences, clique sur le bouton "Preferences"
- Clique sur l'onglet "Scanning Control "
- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
- Laisse les autres lignes décochées.
- Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.
- Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".
Dans la colonne de gauche, coche C:\Fixed Drive.
Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"
Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.
A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.
Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".
Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.
Pour recopier les informations sur le forum, fais ceci :
- après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
- Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.
- Le rapport va s'ouvrir dans ton éditeur de texte par défaut.
- Copie son contenu dans ta réponse.
Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.
NoNaMe_
Messages postés
13
Date d'inscription
dimanche 31 mai 2009
Statut
Membre
Dernière intervention
8 juin 2009
8 juin 2009 à 16:32
8 juin 2009 à 16:32
Le rapport SAS:
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 06/07/2009 at 09:32 PM
Application Version : 4.26.1004
Core Rules Database Version : 3928
Trace Rules Database Version: 1871
Scan type : Complete Scan
Total Scan Time : 00:52:52
Memory items scanned : 440
Memory threats detected : 0
Registry items scanned : 5295
Registry threats detected : 2
File items scanned : 19936
File threats detected : 30
Trojan.DNSChanger-Codec
HKCR\videosoft
HKCR\videosoft\CLSID
Keylogger.Actual Spy
C:\windows\system\actualspystart.lnk
Trojan.Unknown Origin
C:\32788R22FWJFW.0.TMP\PEV.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000014.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP4\A0001399.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP4\A0001415.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP4\A0001497.EXE
C:\WINDOWS\PEV.EXE
Trojan.Agent/Gen-FraudLoad
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000024.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000025.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001267.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001268.EXE
Rogue.SystemSecurity
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000028.EXE
Adware.Vundo/Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000034.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000051.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000052.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000060.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000061.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000069.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000070.DLL
Adware.Vundo/Variant-81k
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000040.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000041.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000050.DLL
Adware.Vundo/Variant-MMIO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000049.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000068.DLL
Adware.Lop
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001279.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001281.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001282.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001283.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001284.EXE
Adware.Lop-Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001280.EXE
Merci pour l'aide!
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 06/07/2009 at 09:32 PM
Application Version : 4.26.1004
Core Rules Database Version : 3928
Trace Rules Database Version: 1871
Scan type : Complete Scan
Total Scan Time : 00:52:52
Memory items scanned : 440
Memory threats detected : 0
Registry items scanned : 5295
Registry threats detected : 2
File items scanned : 19936
File threats detected : 30
Trojan.DNSChanger-Codec
HKCR\videosoft
HKCR\videosoft\CLSID
Keylogger.Actual Spy
C:\windows\system\actualspystart.lnk
Trojan.Unknown Origin
C:\32788R22FWJFW.0.TMP\PEV.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000014.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP4\A0001399.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP4\A0001415.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP4\A0001497.EXE
C:\WINDOWS\PEV.EXE
Trojan.Agent/Gen-FraudLoad
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000024.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000025.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001267.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001268.EXE
Rogue.SystemSecurity
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000028.EXE
Adware.Vundo/Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000034.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000051.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000052.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000060.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000061.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000069.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000070.DLL
Adware.Vundo/Variant-81k
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000040.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000041.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000050.DLL
Adware.Vundo/Variant-MMIO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000049.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP0\A0000068.DLL
Adware.Lop
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001279.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001281.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001282.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001283.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001284.EXE
Adware.Lop-Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAB2D8A0-F593-4330-9D28-BCD28313D1CA}\RP3\A0001280.EXE
Merci pour l'aide!
7 juin 2009 à 18:46
j ai posté le rapport ici:
http://www.commentcamarche.net/forum/affich 12676771 virus rapports
merci :--)
ps: deja le pc va bcp mieux lol